l medium
[ 1035.118708][T18974] bond5: (slave bridge2): making interface the new active one
[ 1035.143101][T18974] bridge2: entered promiscuous mode
[ 1035.165002][T18974] bond5: (slave bridge2): Enslaving as an active interface with an up link
02:35:35 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010008506eb9afc4cd8d06e754a0081c5", @ANYRES32=r3, @ANYBLOB="2377f292252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_ARPTABLES={0x5}, @IFLA_BR_STP_STATE={0x8}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x4c}}, 0x0)

[ 1035.326377][T18992] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1035.487050][T19001] netlink: 'syz-executor.3': attribute type 1 has an invalid length.
02:35:35 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{0x21, 0x0, 0x3e7}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:35 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)={0xf8, r1, 0x200, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0xcb, 0x2a, [@ht={0x2d, 0x1a, {0x2000, 0x1, 0x0, 0x0, {0x9, 0x0, 0x0, 0x3f, 0x0, 0x1, 0x1, 0x1, 0x1}, 0x8, 0x9, 0x1f}}, @tim={0x5, 0x6c, {0x7, 0xcb, 0xa, "05249938b495646fd68a063fee7fdd31784ac8f72e1b43212a3ef93e3195d30fa659426f7ee9585732816375c6d1e45a3c47ea9ddbd90f522de5c3c8cfce1667b6419c42649f1f1d212679f39afcfdafa9662a5070dda921920c46f93547d187be5bc1b9a283618cb4"}}, @challenge={0x10, 0x1, 0x66}, @sec_chan_ofs={0x3e, 0x1, 0x2}, @cf={0x4, 0x6, {0x7, 0x7f, 0x1ff, 0x67}}, @random_vendor={0xdd, 0x2d, "31b198debed8c27a2d1aa9f9e1a8868bc48cc39cd2141576b56e8560a119eaaea430b486d8bb767d70160001fe"}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x40}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000080211000001080211010000fdff0100000602020202e9baa87792968521aa510c125b71dd9b"], 0x36)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896)
sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000480)={0x90, r1, 0x300, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@fils_params=[@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x2}], @NL80211_ATTR_PREV_BSSID={0xa}, @NL80211_ATTR_WIPHY_FREQ_HINT={0x8, 0xc9, @random=0x28}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x10}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x400, 0x3, 0x4, 0x0, {0x400000000000000, 0x2, 0x0, 0xff, 0x0, 0x1, 0x0, 0x2}, 0x300, 0x7f, 0x6}}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0xc, 0x1, 0x1, 0x0, {0x85b, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1, 0x2, 0x1}, 0x8, 0x3ff, 0x8}}, @NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_PREV_BSSID={0xa, 0x4f, @random="e17c20a32b3a"}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000084}, 0x20000000)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0)
sendmsg$NL80211_CMD_DISASSOCIATE(r0, &(0x7f0000000640)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x90, r5, 0x300, 0x70bd28, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0x1c, 0x34, @random="96e2dc9e19c2f647c8429e49ff1ea629d57139a60e24f441"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_IE={0x18, 0x2a, [@ssid={0x0, 0x6, @default_ap_ssid}, @mesh_config={0x71, 0x7, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x41}}, @sec_chan_ofs={0x3e, 0x1, 0x1}]}, @NL80211_ATTR_IE={0x3c, 0x2a, [@ht={0x2d, 0x1a, {0x2, 0x0, 0x2, 0x0, {0x4, 0x6, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, 0x300, 0x3, 0xff}}, @ht={0x2d, 0x1a, {0x1000, 0x3, 0x6, 0x0, {0xffffffff, 0xd7f, 0x0, 0x81, 0x0, 0x0, 0x1}, 0x800, 0x1, 0xff}}]}]}, 0x90}, 0x1, 0x0, 0x0, 0xc000}, 0x40)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @val={0x6, 0x2, 0xb9}, @void, @void, @val={0x71, 0x7, {0x1, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x80, 0x8}}}, 0x43)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)={0xf8, r1, 0x200, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0xcb, 0x2a, [@ht={0x2d, 0x1a, {0x2000, 0x1, 0x0, 0x0, {0x9, 0x0, 0x0, 0x3f, 0x0, 0x1, 0x1, 0x1, 0x1}, 0x8, 0x9, 0x1f}}, @tim={0x5, 0x6c, {0x7, 0xcb, 0xa, "05249938b495646fd68a063fee7fdd31784ac8f72e1b43212a3ef93e3195d30fa659426f7ee9585732816375c6d1e45a3c47ea9ddbd90f522de5c3c8cfce1667b6419c42649f1f1d212679f39afcfdafa9662a5070dda921920c46f93547d187be5bc1b9a283618cb4"}}, @challenge={0x10, 0x1, 0x66}, @sec_chan_ofs={0x3e, 0x1, 0x2}, @cf={0x4, 0x6, {0x7, 0x7f, 0x1ff, 0x67}}, @random_vendor={0xdd, 0x2d, "31b198debed8c27a2d1aa9f9e1a8868bc48cc39cd2141576b56e8560a119eaaea430b486d8bb767d70160001fe"}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000080211000001080211010000fdff0100000602020202e9baa87792968521aa510c125b71dd9b"], 0x36) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (async)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b) (async)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0) (async)
sendfile(r3, r4, 0x0, 0x20000023896) (async)
sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000480)={0x90, r1, 0x300, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@fils_params=[@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x2}], @NL80211_ATTR_PREV_BSSID={0xa}, @NL80211_ATTR_WIPHY_FREQ_HINT={0x8, 0xc9, @random=0x28}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x10}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x400, 0x3, 0x4, 0x0, {0x400000000000000, 0x2, 0x0, 0xff, 0x0, 0x1, 0x0, 0x2}, 0x300, 0x7f, 0x6}}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0xc, 0x1, 0x1, 0x0, {0x85b, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1, 0x2, 0x1}, 0x8, 0x3ff, 0x8}}, @NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_PREV_BSSID={0xa, 0x4f, @random="e17c20a32b3a"}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000084}, 0x20000000) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0) (async)
sendmsg$NL80211_CMD_DISASSOCIATE(r0, &(0x7f0000000640)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x90, r5, 0x300, 0x70bd28, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0x1c, 0x34, @random="96e2dc9e19c2f647c8429e49ff1ea629d57139a60e24f441"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_IE={0x18, 0x2a, [@ssid={0x0, 0x6, @default_ap_ssid}, @mesh_config={0x71, 0x7, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x41}}, @sec_chan_ofs={0x3e, 0x1, 0x1}]}, @NL80211_ATTR_IE={0x3c, 0x2a, [@ht={0x2d, 0x1a, {0x2, 0x0, 0x2, 0x0, {0x4, 0x6, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, 0x300, 0x3, 0xff}}, @ht={0x2d, 0x1a, {0x1000, 0x3, 0x6, 0x0, {0xffffffff, 0xd7f, 0x0, 0x81, 0x0, 0x0, 0x1}, 0x800, 0x1, 0xff}}]}]}, 0x90}, 0x1, 0x0, 0x0, 0xc000}, 0x40) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @val={0x6, 0x2, 0xb9}, @void, @void, @val={0x71, 0x7, {0x1, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x80, 0x8}}}, 0x43) (async)

[ 1035.613385][T19001] bond6: entered promiscuous mode
[ 1035.661121][T19001] 8021q: adding VLAN 0 to HW filter on device bond6
[ 1035.784767][T19014] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1035.809973][T19015] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1035.810159][T19004] bond6: (slave bridge3): making interface the new active one
[ 1035.875549][T19014] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1035.918031][T19004] bridge3: entered promiscuous mode
[ 1035.944726][T19015] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1035.956676][T19004] bond6: (slave bridge3): Enslaving as an active interface with an up link
[ 1035.989313][T18998] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1035.995083][T19017] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:35 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newlink={0x5c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x24, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR_DATA={0x10, 0x5, 0x0, 0x1, [{0x4, 0x4, @remote}]}, @IFLA_MACVLAN_MACADDR_MODE={0x8}]}}}, @IFLA_LINK={0x8}]}, 0x5c}}, 0x0)

[ 1036.062141][T19003] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
02:35:35 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010008506eb9afc4cd8d06e754a0081c5", @ANYRES32=r3, @ANYBLOB="2377f292252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_ARPTABLES={0x5}, @IFLA_BR_STP_STATE={0x8}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x4c}}, 0x0)

[ 1036.244754][T19026] netlink: 'syz-executor.3': attribute type 1 has an invalid length.
[ 1036.281274][T19026] bond7: entered promiscuous mode
[ 1036.288450][T19026] 8021q: adding VLAN 0 to HW filter on device bond7
[ 1036.364786][T19028] bond7: (slave bridge4): making interface the new active one
[ 1036.376564][T19028] bridge4: entered promiscuous mode
[ 1036.384983][T19028] bond7: (slave bridge4): Enslaving as an active interface with an up link
02:35:40 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100)=@ccm_128={{0x304}, "62aa011dd60dd134", "42b7d411bb8325a0c2b9f9dba90b2375", "b469c3ad", "ff4fa1636500"}, 0x28)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000040)=@gcm_256={{0x304}, "c4f16b2cec63b2c9", "855654f144724ee269238f9c9a01b1445599729b9ab916e2c19247e7a5f79cd4", '\x00', "e1e09fc47baf4f1f"}, 0x38)

02:35:40 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010008506eb9afc4cd8d06e754a0081c5", @ANYRES32=r3, @ANYBLOB="2377f292252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_ARPTABLES={0x5}, @IFLA_BR_STP_STATE={0x8}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x4c}}, 0x0)

02:35:40 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)={0xf8, r1, 0x200, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0xcb, 0x2a, [@ht={0x2d, 0x1a, {0x2000, 0x1, 0x0, 0x0, {0x9, 0x0, 0x0, 0x3f, 0x0, 0x1, 0x1, 0x1, 0x1}, 0x8, 0x9, 0x1f}}, @tim={0x5, 0x6c, {0x7, 0xcb, 0xa, "05249938b495646fd68a063fee7fdd31784ac8f72e1b43212a3ef93e3195d30fa659426f7ee9585732816375c6d1e45a3c47ea9ddbd90f522de5c3c8cfce1667b6419c42649f1f1d212679f39afcfdafa9662a5070dda921920c46f93547d187be5bc1b9a283618cb4"}}, @challenge={0x10, 0x1, 0x66}, @sec_chan_ofs={0x3e, 0x1, 0x2}, @cf={0x4, 0x6, {0x7, 0x7f, 0x1ff, 0x67}}, @random_vendor={0xdd, 0x2d, "31b198debed8c27a2d1aa9f9e1a8868bc48cc39cd2141576b56e8560a119eaaea430b486d8bb767d70160001fe"}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000080211000001080211010000fdff0100000602020202e9baa87792968521aa510c125b71dd9b"], 0x36) (async, rerun: 32)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (rerun: 32)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b) (async)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896) (async)
sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000480)={0x90, r1, 0x300, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@fils_params=[@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x2}], @NL80211_ATTR_PREV_BSSID={0xa}, @NL80211_ATTR_WIPHY_FREQ_HINT={0x8, 0xc9, @random=0x28}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x10}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x400, 0x3, 0x4, 0x0, {0x400000000000000, 0x2, 0x0, 0xff, 0x0, 0x1, 0x0, 0x2}, 0x300, 0x7f, 0x6}}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0xc, 0x1, 0x1, 0x0, {0x85b, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1, 0x2, 0x1}, 0x8, 0x3ff, 0x8}}, @NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_PREV_BSSID={0xa, 0x4f, @random="e17c20a32b3a"}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000084}, 0x20000000) (async)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0)
sendmsg$NL80211_CMD_DISASSOCIATE(r0, &(0x7f0000000640)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x90, r5, 0x300, 0x70bd28, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0x1c, 0x34, @random="96e2dc9e19c2f647c8429e49ff1ea629d57139a60e24f441"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_IE={0x18, 0x2a, [@ssid={0x0, 0x6, @default_ap_ssid}, @mesh_config={0x71, 0x7, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x41}}, @sec_chan_ofs={0x3e, 0x1, 0x1}]}, @NL80211_ATTR_IE={0x3c, 0x2a, [@ht={0x2d, 0x1a, {0x2, 0x0, 0x2, 0x0, {0x4, 0x6, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, 0x300, 0x3, 0xff}}, @ht={0x2d, 0x1a, {0x1000, 0x3, 0x6, 0x0, {0xffffffff, 0xd7f, 0x0, 0x81, 0x0, 0x0, 0x1}, 0x800, 0x1, 0xff}}]}]}, 0x90}, 0x1, 0x0, 0x0, 0xc000}, 0x40) (async, rerun: 32)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async, rerun: 32)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @val={0x6, 0x2, 0xb9}, @void, @void, @val={0x71, 0x7, {0x1, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x80, 0x8}}}, 0x43)

02:35:40 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{0x21, 0x0, 0x500}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:40 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f00000036c0), 0x4, 0x200)
sendmsg$nl_route(r1, &(0x7f00000035c0)={&(0x7f0000003700)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000037c0)={&(0x7f0000003600)=@bridge_newvlan={0x54, 0x70, 0x200, 0x70bd2d, 0x25dfdbfd, {}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_RANGE={0x6, 0x2, 0xa}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_STATE={0x5, 0x3, 0x1}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x3}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_STATE={0x5, 0x3, 0x3}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x52, 0x3}}}]}, 0x54}}, 0xe010)
r2 = socket(0x10, 0x2, 0x0)
write(r2, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f00"/28, 0x32)
recvmmsg(r2, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000003a00)=@newlink={0x98, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x132}, [@IFLA_PROP_LIST={0x68, 0x34, 0x0, 0x1, [{0x14, 0x35, 'dummy0\x00'}, {0x14, 0x35, 'veth0_virt_wifi\x00'}, {0x14, 0x35, 'veth0_virt_wifi\x00'}, {0x14, 0x35, 'veth0_vlan\x00'}, {0x14, 0x35, 'veth0_to_bridge\x00'}]}, @IFLA_LINK={0x8}, @IFLA_MASTER={0x8}]}, 0x98}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000003800)={&(0x7f0000003680)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000003780)={&(0x7f0000003740)=@getqdisc={0x34, 0x26, 0x400, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x3, 0xd}, {0x0, 0xf}, {0xb, 0x7ff4}}, [{0x4}, {0x4}, {0x4}, {0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x48001}, 0x8000)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x34, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_GATEWAY={0x14, 0x6, @in6_addr=@remote}, @NHA_OIF={0x8, 0x5, r5}]}, 0x34}}, 0x0)
sendmsg$GTP_CMD_GETPDP(r1, &(0x7f0000003940)={&(0x7f0000003840)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000003900)={&(0x7f0000003880)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="774e2dbd7000fb70df25024b3fa6a6ee4ca920ecd000000008000100b5f2f3c49d21a5", @ANYRES32=0x0, @ANYBLOB="08000800030000000800020001000000080002000000000008000700", @ANYRES32=r1, @ANYBLOB="475e00016b", @ANYRES32=r5, @ANYBLOB="060006000400000008000400e0000002"], 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@ipv6_newrule={0x24, 0x18, 0x409, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x1e, 0x7}]}, 0x24}}, 0x0)
preadv(r0, &(0x7f0000003500)=[{&(0x7f0000000240)=""/210, 0xd2}, {&(0x7f0000000000)=""/30, 0x1e}, {&(0x7f0000000040)=""/96, 0x60}, {&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000000140)=""/169, 0xa9}, {&(0x7f0000001340)=""/47, 0x2f}, {&(0x7f0000001380)=""/4096, 0x1000}, {&(0x7f0000002380)=""/167, 0xa7}, {&(0x7f0000002440)=""/165, 0xa5}, {&(0x7f0000002500)=""/4096, 0x1000}], 0xa, 0x20, 0x8)
fsmount(r1, 0x0, 0x8)

02:35:40 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ea70e549b87d8e06a12057e8349c1e7d67b1b2d92a18fcf0dd38bf42333e2b9b7f5a03323ecb15fe43cf02f3fdc6bbd3", 0x30)

02:35:40 executing program 4:
mlock(&(0x7f0000bff000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000e95000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffc000/0x1000)=nil)
mremap(&(0x7f00005d9000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f0000ffc000/0x4000)=nil)
madvise(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x15)

02:35:40 executing program 2:
r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
preadv(r0, &(0x7f0000000540)=[{&(0x7f0000000080)=""/222, 0xde}], 0x1, 0x0, 0x0)

[ 1040.652417][T19075] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1040.666759][T19076] netlink: 'syz-executor.3': attribute type 1 has an invalid length.
02:35:40 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f00000006c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800040}, 0xc, &(0x7f00000002c0)={&(0x7f0000000600)={0x8c, r1, 0x10, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0x1d}}}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_4ADDR={0x5}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "b54a79c4d9eed68cdd92cd701fdf37eab15593c22dcf6161"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "e4ee031aa605957edef6e0949692eec06df1aeeb484477b4"}], @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x8c}, 0x1, 0x0, 0x0, 0x81}, 0x4)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f0000000380)={0x24c, r2, 0x1, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x8, 0x4f}}}}, [@NL80211_ATTR_FRAME={0x1fe, 0x33, @assoc_req={@with_ht={{{0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x5}, @device_a, @device_b, @initial, {0x1, 0x81}}, @ver_80211n={0x0, 0xff, 0x1, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0x41, 0x3, {0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x5, [{0x6, 0x1}, {0x12, 0x1}, {0xb, 0x1}, {0x4}, {0x30, 0x1}]}, @val={0x2d, 0x1a, {0x2000, 0x0, 0x2, 0x0, {0x6, 0x6, 0x0, 0xff, 0x0, 0x1, 0x0, 0x3, 0x1}, 0x300, 0xc8e, 0x20}}, [{0xdd, 0x77, "a6c4ccc54ea99321f562a82353e7ebb9b8cc85eeb897fb1e392c4f377104743d7e66d875d612ad3e89aa9954b99182bbbbb5cc650c279bc5a2c222570977d8239de6c78591941c239e1030f06048673dfa5c73ac34916c935fbcce790d6aa864c3599868e1d6b939d6583023a32ba12f787d9e7f7d8fb8"}, {0xdd, 0x16, "de90aad707554dec2c1ce48d86449f78341638f0c09b"}, {0xdd, 0x55, "87ad7e76b497f1f7665800047a7b7f50e8fb568a1b219834ec3bf9f1ae93d924eb75fd6a4b079fb7ec970ac216feb0ba8715f5d7d60b921d1918be8e9d31a56339fa6f42349a8ac709293741eb9ef746f5eaa52045"}, {0xdd, 0x24, "27d02ac3590e418e25f4b1fd7383444011c9ce1ee006ddbda81417e886387b32219d6442"}, {0xdd, 0x9f, "94cb0edd0fb7ad08bf150607d0eef09287f73cf02c1f97d31667392ccbbd815fadbc71313c22c443ad16e1ba83b60c746e8c2597875979b4ced79bd1283f26f9101bdf78fb4d53a7efca908224cd288ef9a5cb59cc8c975c2218d6dc45212f55ab133343c04a1133caf963c09d57dd3860f1aa098c6c84866ab5dd27dbdd116944f7c16f2f5feeefd6a14a189865ba222cd0cc693e3cdbca5d7a459e564d6c"}]}}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x120a}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x3b6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x141}]}, 0x24c}, 0x1, 0x0, 0x0, 0x20004040}, 0x4040)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000180)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0xfffffffffffffffe, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @val={0x72, 0x6}, @void}, 0x3e)

[ 1040.767573][T19087] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1040.772925][T19076] bond8: entered promiscuous mode
02:35:40 executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xb4}}, 0x0)

[ 1040.834844][T19087] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1040.850413][T19076] 8021q: adding VLAN 0 to HW filter on device bond8
02:35:40 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000dc0)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000000340)={0x78, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x5a, 0x33, @action={@wo_ht={{}, {}, @broadcast}, @mesh_hwmp_psel={0xd, 0x1, {@void, @val={0x83, 0x1f, @not_ext={{}, 0x0, 0x0, @device_a, 0x0, "", 0x0, 0x0, @device_b}}, @val={0x84, 0x2}, @val={0x7e, 0x15, {{}, 0x0, 0x0, @device_b}}}}}}]}, 0x78}}, 0x0)

[ 1040.964752][T19085] bond8: (slave bridge5): making interface the new active one
[ 1041.003232][T19085] bridge5: entered promiscuous mode
02:35:40 executing program 4:
r0 = socket$kcm(0xa, 0x6, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000007c0)='memory.events\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x4)

02:35:40 executing program 2:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
read$sequencer(r0, &(0x7f0000000000)=""/124, 0x7c)

[ 1041.013925][T19085] bond8: (slave bridge5): Enslaving as an active interface with an up link
[ 1041.044397][T19099] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1041.094222][T19093] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:40 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0x80)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000100000140000001d040020"})
read(r0, &(0x7f0000007a80)=""/102399, 0x18fff)
r1 = syz_open_pts(r0, 0x0)
signalfd(0xffffffffffffffff, 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$BTRFS_IOC_DEFRAG_RANGE(0xffffffffffffffff, 0x40309410, &(0x7f0000000080)={0xf5, 0x0, 0x2, 0x0, 0x3, [0x6, 0x0, 0x6, 0x7fff]})
ioctl$TCFLSH(r2, 0x540b, 0x0)

02:35:40 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="e4e32dd2b696733552eca3e954943a18709f72fbd259a936c67ebe806ab21823f4a0c47bff45323c2b30982dfc67b46cc9a5a07c33fc", 0xff6d}, {&(0x7f0000000100)="3a10bd003aba0c7026336b", 0xb}], 0x2, &(0x7f00000007c0)=ANY=[@ANYBLOB="300000000000000017e2ffff010000001800000045f43a1e02f4596a8034a9ab3e39597e422ffab456dd963a0000000018000000000000001701000004000000060200000000000018000000000000001701000003000000010000000000000089fd429aef16c6e3ecaa8a7924080d67c0aeac87448793609bd8299d6dfc465829b711ce28eb8f7d62fcca7ebd067fbe96bd1485f6aaa8486ecc079a82e301d85f88ecea0f2c9af2e09aebda6edd1c61f96a6d3f91c0f8c1ffbb85cfdd5b8b437a3720ba4cdfb681516c3a240207b69cdf337747cc9311886f5bcbfa68226644556e8117f9f9fc5be3b7095b2ab7c19b0c6fada03a7f9b9172f0cc968334638aa4676861bfd91c14d5af9918f80de82e3232edea82b9736d65309e0ad2922ecbb7cde9378e30cece41d114e83b37255d6b43b2928496e4f4cf3b23086021fe4e33d049de5318ef3803ceacc5c02734c97a9765666a9bf8d65791b04e014da4ea51a84fe8983627cb935888fc10f799377924d1ce9fde4c2cc56889a0e85c7205a587bd698467f60c7096fca502d854fd034919a77d884d16c2e1c288878ba36381c62416b87bc2d44b6c8944b40ac0339178309816f739c2be64e010fdbb53bdc38e988731a0fac6988d59875fc84cd949649b84bdab36d1"], 0x60}], 0x1, 0x8001)
recvmmsg(r1, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000400)=""/201, 0xc9}, {&(0x7f0000000740)=""/100, 0xf8c0}], 0x2}}], 0x1, 0x0, 0x0)

02:35:41 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{0x21, 0x0, 0x600}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:41 executing program 2:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
read$sequencer(r0, &(0x7f0000000000)=""/124, 0x7c)

02:35:41 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@ipv6_newroute={0x30, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_EXPIRES={0x8, 0x1e}, @RTA_MULTIPATH={0xc}]}, 0x30}}, 0x0)

02:35:41 executing program 3:
syz_open_dev$loop(0x0, 0x0, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000380)=0x1, 0x6)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0))
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r5, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400})
setsockopt$sock_int(r5, 0x1, 0x1d, &(0x7f0000000040)=0xfd87, 0x4)
sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0)

02:35:41 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="e4e32dd2b696733552eca3e954943a18709f72fbd259a936c67ebe806ab21823f4a0c47bff45323c2b30982dfc67b46cc9a5a07c33fc", 0xff6d}, {&(0x7f0000000100)="3a10bd003aba0c7026336b", 0xb}], 0x2, &(0x7f00000007c0)=ANY=[@ANYBLOB="300000000000000017e2ffff010000001800000045f43a1e02f4596a8034a9ab3e39597e422ffab456dd963a0000000018000000000000001701000004000000060200000000000018000000000000001701000003000000010000000000000089fd429aef16c6e3ecaa8a7924080d67c0aeac87448793609bd8299d6dfc465829b711ce28eb8f7d62fcca7ebd067fbe96bd1485f6aaa8486ecc079a82e301d85f88ecea0f2c9af2e09aebda6edd1c61f96a6d3f91c0f8c1ffbb85cfdd5b8b437a3720ba4cdfb681516c3a240207b69cdf337747cc9311886f5bcbfa68226644556e8117f9f9fc5be3b7095b2ab7c19b0c6fada03a7f9b9172f0cc968334638aa4676861bfd91c14d5af9918f80de82e3232edea82b9736d65309e0ad2922ecbb7cde9378e30cece41d114e83b37255d6b43b2928496e4f4cf3b23086021fe4e33d049de5318ef3803ceacc5c02734c97a9765666a9bf8d65791b04e014da4ea51a84fe8983627cb935888fc10f799377924d1ce9fde4c2cc56889a0e85c7205a587bd698467f60c7096fca502d854fd034919a77d884d16c2e1c288878ba36381c62416b87bc2d44b6c8944b40ac0339178309816f739c2be64e010fdbb53bdc38e988731a0fac6988d59875fc84cd949649b84bdab36d1"], 0x60}], 0x1, 0x8001)
recvmmsg(r1, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000400)=""/201, 0xc9}, {&(0x7f0000000740)=""/100, 0xf8c0}], 0x2}}], 0x1, 0x0, 0x0)

02:35:41 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f00000006c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800040}, 0xc, &(0x7f00000002c0)={&(0x7f0000000600)={0x8c, r1, 0x10, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0x1d}}}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_4ADDR={0x5}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "b54a79c4d9eed68cdd92cd701fdf37eab15593c22dcf6161"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "e4ee031aa605957edef6e0949692eec06df1aeeb484477b4"}], @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x8c}, 0x1, 0x0, 0x0, 0x81}, 0x4)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f0000000380)={0x24c, r2, 0x1, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x8, 0x4f}}}}, [@NL80211_ATTR_FRAME={0x1fe, 0x33, @assoc_req={@with_ht={{{0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x5}, @device_a, @device_b, @initial, {0x1, 0x81}}, @ver_80211n={0x0, 0xff, 0x1, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0x41, 0x3, {0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x5, [{0x6, 0x1}, {0x12, 0x1}, {0xb, 0x1}, {0x4}, {0x30, 0x1}]}, @val={0x2d, 0x1a, {0x2000, 0x0, 0x2, 0x0, {0x6, 0x6, 0x0, 0xff, 0x0, 0x1, 0x0, 0x3, 0x1}, 0x300, 0xc8e, 0x20}}, [{0xdd, 0x77, "a6c4ccc54ea99321f562a82353e7ebb9b8cc85eeb897fb1e392c4f377104743d7e66d875d612ad3e89aa9954b99182bbbbb5cc650c279bc5a2c222570977d8239de6c78591941c239e1030f06048673dfa5c73ac34916c935fbcce790d6aa864c3599868e1d6b939d6583023a32ba12f787d9e7f7d8fb8"}, {0xdd, 0x16, "de90aad707554dec2c1ce48d86449f78341638f0c09b"}, {0xdd, 0x55, "87ad7e76b497f1f7665800047a7b7f50e8fb568a1b219834ec3bf9f1ae93d924eb75fd6a4b079fb7ec970ac216feb0ba8715f5d7d60b921d1918be8e9d31a56339fa6f42349a8ac709293741eb9ef746f5eaa52045"}, {0xdd, 0x24, "27d02ac3590e418e25f4b1fd7383444011c9ce1ee006ddbda81417e886387b32219d6442"}, {0xdd, 0x9f, "94cb0edd0fb7ad08bf150607d0eef09287f73cf02c1f97d31667392ccbbd815fadbc71313c22c443ad16e1ba83b60c746e8c2597875979b4ced79bd1283f26f9101bdf78fb4d53a7efca908224cd288ef9a5cb59cc8c975c2218d6dc45212f55ab133343c04a1133caf963c09d57dd3860f1aa098c6c84866ab5dd27dbdd116944f7c16f2f5feeefd6a14a189865ba222cd0cc693e3cdbca5d7a459e564d6c"}]}}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x120a}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x3b6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x141}]}, 0x24c}, 0x1, 0x0, 0x0, 0x20004040}, 0x4040)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000180)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0xfffffffffffffffe, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @val={0x72, 0x6}, @void}, 0x3e)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f00000006c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800040}, 0xc, &(0x7f00000002c0)={&(0x7f0000000600)={0x8c, r1, 0x10, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0x1d}}}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_4ADDR={0x5}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "b54a79c4d9eed68cdd92cd701fdf37eab15593c22dcf6161"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "e4ee031aa605957edef6e0949692eec06df1aeeb484477b4"}], @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x8c}, 0x1, 0x0, 0x0, 0x81}, 0x4) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f0000000380)={0x24c, r2, 0x1, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x8, 0x4f}}}}, [@NL80211_ATTR_FRAME={0x1fe, 0x33, @assoc_req={@with_ht={{{0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x5}, @device_a, @device_b, @initial, {0x1, 0x81}}, @ver_80211n={0x0, 0xff, 0x1, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0x41, 0x3, {0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x5, [{0x6, 0x1}, {0x12, 0x1}, {0xb, 0x1}, {0x4}, {0x30, 0x1}]}, @val={0x2d, 0x1a, {0x2000, 0x0, 0x2, 0x0, {0x6, 0x6, 0x0, 0xff, 0x0, 0x1, 0x0, 0x3, 0x1}, 0x300, 0xc8e, 0x20}}, [{0xdd, 0x77, "a6c4ccc54ea99321f562a82353e7ebb9b8cc85eeb897fb1e392c4f377104743d7e66d875d612ad3e89aa9954b99182bbbbb5cc650c279bc5a2c222570977d8239de6c78591941c239e1030f06048673dfa5c73ac34916c935fbcce790d6aa864c3599868e1d6b939d6583023a32ba12f787d9e7f7d8fb8"}, {0xdd, 0x16, "de90aad707554dec2c1ce48d86449f78341638f0c09b"}, {0xdd, 0x55, "87ad7e76b497f1f7665800047a7b7f50e8fb568a1b219834ec3bf9f1ae93d924eb75fd6a4b079fb7ec970ac216feb0ba8715f5d7d60b921d1918be8e9d31a56339fa6f42349a8ac709293741eb9ef746f5eaa52045"}, {0xdd, 0x24, "27d02ac3590e418e25f4b1fd7383444011c9ce1ee006ddbda81417e886387b32219d6442"}, {0xdd, 0x9f, "94cb0edd0fb7ad08bf150607d0eef09287f73cf02c1f97d31667392ccbbd815fadbc71313c22c443ad16e1ba83b60c746e8c2597875979b4ced79bd1283f26f9101bdf78fb4d53a7efca908224cd288ef9a5cb59cc8c975c2218d6dc45212f55ab133343c04a1133caf963c09d57dd3860f1aa098c6c84866ab5dd27dbdd116944f7c16f2f5feeefd6a14a189865ba222cd0cc693e3cdbca5d7a459e564d6c"}]}}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x120a}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x3b6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x141}]}, 0x24c}, 0x1, 0x0, 0x0, 0x20004040}, 0x4040) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000180)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0xfffffffffffffffe, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @val={0x72, 0x6}, @void}, 0x3e) (async)

02:35:41 executing program 5:
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000040), 0x1042, 0x0)
write$USERIO_CMD_REGISTER(r0, &(0x7f0000000080)={0x74}, 0x2)

02:35:41 executing program 2:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
read$sequencer(r0, &(0x7f0000000000)=""/124, 0x7c)

02:35:41 executing program 5:
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x103)
mount(&(0x7f0000000100)=ANY=[@ANYBLOB="2f2f09d1ebb8c5a2f276b7e3afddb1ab51b79a0955419e9162450680f306c1c29d18d4bba5d5c1f4997e193d8218ab19987da1142161112eca50d1a64d5516e8a8aeec6a9b33123f99ef20cffc650ed92f46776dc2cc3f3b4e2f78d7c0c67ca661a0b1aa97b34c4d836396132140bd1490affec62c5ceac1c15c75244dcf88e30f10cd2f5c"], &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='cifs\x00', 0x0, 0x0)

[ 1041.466989][T19116] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:41 executing program 2:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
read$sequencer(r0, &(0x7f0000000000)=""/124, 0x7c)

[ 1041.529160][T19116] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1041.583525][T19128] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:41 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="e4e32dd2b696733552eca3e954943a18709f72fbd259a936c67ebe806ab21823f4a0c47bff45323c2b30982dfc67b46cc9a5a07c33fc", 0xff6d}, {&(0x7f0000000100)="3a10bd003aba0c7026336b", 0xb}], 0x2, &(0x7f00000007c0)=ANY=[@ANYBLOB="300000000000000017e2ffff010000001800000045f43a1e02f4596a8034a9ab3e39597e422ffab456dd963a0000000018000000000000001701000004000000060200000000000018000000000000001701000003000000010000000000000089fd429aef16c6e3ecaa8a7924080d67c0aeac87448793609bd8299d6dfc465829b711ce28eb8f7d62fcca7ebd067fbe96bd1485f6aaa8486ecc079a82e301d85f88ecea0f2c9af2e09aebda6edd1c61f96a6d3f91c0f8c1ffbb85cfdd5b8b437a3720ba4cdfb681516c3a240207b69cdf337747cc9311886f5bcbfa68226644556e8117f9f9fc5be3b7095b2ab7c19b0c6fada03a7f9b9172f0cc968334638aa4676861bfd91c14d5af9918f80de82e3232edea82b9736d65309e0ad2922ecbb7cde9378e30cece41d114e83b37255d6b43b2928496e4f4cf3b23086021fe4e33d049de5318ef3803ceacc5c02734c97a9765666a9bf8d65791b04e014da4ea51a84fe8983627cb935888fc10f799377924d1ce9fde4c2cc56889a0e85c7205a587bd698467f60c7096fca502d854fd034919a77d884d16c2e1c288878ba36381c62416b87bc2d44b6c8944b40ac0339178309816f739c2be64e010fdbb53bdc38e988731a0fac6988d59875fc84cd949649b84bdab36d1"], 0x60}], 0x1, 0x8001)
recvmmsg(r1, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000400)=""/201, 0xc9}, {&(0x7f0000000740)=""/100, 0xf8c0}], 0x2}}], 0x1, 0x0, 0x0)

02:35:41 executing program 5:
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000007080)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000280)="a277d9f998d385738b85f4c79da8c52b70ed0cca592347d601498d268311a3caf2f5b1b8709d11f5d8ab4a0f3f74f94f865f1c1058f1acd5c54b29292f1428ecf86ec0e5e34a9409fa302366489db76c028ef935ca688c18b056b4743b3b8bb68104", 0x62}], 0x1}}], 0x1, 0x0)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0), 0x1, 0x0)
write$sndseq(r0, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33)

[ 1041.684599][T19128] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:41 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{0x21, 0x0, 0x700}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:41 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$int_out(0xffffffffffffffff, 0x0, 0x0)
r2 = eventfd(0x0)
socket(0x0, 0x0, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x0, 0x0, 0x0, r2, 0x6})

02:35:41 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="e4e32dd2b696733552eca3e954943a18709f72fbd259a936c67ebe806ab21823f4a0c47bff45323c2b30982dfc67b46cc9a5a07c33fc", 0xff6d}, {&(0x7f0000000100)="3a10bd003aba0c7026336b", 0xb}], 0x2, &(0x7f00000007c0)=ANY=[@ANYBLOB="300000000000000017e2ffff010000001800000045f43a1e02f4596a8034a9ab3e39597e422ffab456dd963a0000000018000000000000001701000004000000060200000000000018000000000000001701000003000000010000000000000089fd429aef16c6e3ecaa8a7924080d67c0aeac87448793609bd8299d6dfc465829b711ce28eb8f7d62fcca7ebd067fbe96bd1485f6aaa8486ecc079a82e301d85f88ecea0f2c9af2e09aebda6edd1c61f96a6d3f91c0f8c1ffbb85cfdd5b8b437a3720ba4cdfb681516c3a240207b69cdf337747cc9311886f5bcbfa68226644556e8117f9f9fc5be3b7095b2ab7c19b0c6fada03a7f9b9172f0cc968334638aa4676861bfd91c14d5af9918f80de82e3232edea82b9736d65309e0ad2922ecbb7cde9378e30cece41d114e83b37255d6b43b2928496e4f4cf3b23086021fe4e33d049de5318ef3803ceacc5c02734c97a9765666a9bf8d65791b04e014da4ea51a84fe8983627cb935888fc10f799377924d1ce9fde4c2cc56889a0e85c7205a587bd698467f60c7096fca502d854fd034919a77d884d16c2e1c288878ba36381c62416b87bc2d44b6c8944b40ac0339178309816f739c2be64e010fdbb53bdc38e988731a0fac6988d59875fc84cd949649b84bdab36d1"], 0x60}], 0x1, 0x8001)
recvmmsg(r1, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000400)=""/201, 0xc9}, {&(0x7f0000000740)=""/100, 0xf8c0}], 0x2}}], 0x1, 0x0, 0x0)

[ 1042.157388][T19154] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1042.219729][T19154] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:43 executing program 3:
syz_open_dev$loop(0x0, 0x0, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000380)=0x1, 0x6)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0))
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r5, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400})
setsockopt$sock_int(r5, 0x1, 0x1d, &(0x7f0000000040)=0xfd87, 0x4)
sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0)

02:35:43 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f00000006c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800040}, 0xc, &(0x7f00000002c0)={&(0x7f0000000600)={0x8c, r1, 0x10, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0x1d}}}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_4ADDR={0x5}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "b54a79c4d9eed68cdd92cd701fdf37eab15593c22dcf6161"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "e4ee031aa605957edef6e0949692eec06df1aeeb484477b4"}], @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x8c}, 0x1, 0x0, 0x0, 0x81}, 0x4) (async)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f0000000380)={0x24c, r2, 0x1, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x8, 0x4f}}}}, [@NL80211_ATTR_FRAME={0x1fe, 0x33, @assoc_req={@with_ht={{{0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x5}, @device_a, @device_b, @initial, {0x1, 0x81}}, @ver_80211n={0x0, 0xff, 0x1, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0x41, 0x3, {0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x5, [{0x6, 0x1}, {0x12, 0x1}, {0xb, 0x1}, {0x4}, {0x30, 0x1}]}, @val={0x2d, 0x1a, {0x2000, 0x0, 0x2, 0x0, {0x6, 0x6, 0x0, 0xff, 0x0, 0x1, 0x0, 0x3, 0x1}, 0x300, 0xc8e, 0x20}}, [{0xdd, 0x77, "a6c4ccc54ea99321f562a82353e7ebb9b8cc85eeb897fb1e392c4f377104743d7e66d875d612ad3e89aa9954b99182bbbbb5cc650c279bc5a2c222570977d8239de6c78591941c239e1030f06048673dfa5c73ac34916c935fbcce790d6aa864c3599868e1d6b939d6583023a32ba12f787d9e7f7d8fb8"}, {0xdd, 0x16, "de90aad707554dec2c1ce48d86449f78341638f0c09b"}, {0xdd, 0x55, "87ad7e76b497f1f7665800047a7b7f50e8fb568a1b219834ec3bf9f1ae93d924eb75fd6a4b079fb7ec970ac216feb0ba8715f5d7d60b921d1918be8e9d31a56339fa6f42349a8ac709293741eb9ef746f5eaa52045"}, {0xdd, 0x24, "27d02ac3590e418e25f4b1fd7383444011c9ce1ee006ddbda81417e886387b32219d6442"}, {0xdd, 0x9f, "94cb0edd0fb7ad08bf150607d0eef09287f73cf02c1f97d31667392ccbbd815fadbc71313c22c443ad16e1ba83b60c746e8c2597875979b4ced79bd1283f26f9101bdf78fb4d53a7efca908224cd288ef9a5cb59cc8c975c2218d6dc45212f55ab133343c04a1133caf963c09d57dd3860f1aa098c6c84866ab5dd27dbdd116944f7c16f2f5feeefd6a14a189865ba222cd0cc693e3cdbca5d7a459e564d6c"}]}}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x120a}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x3b6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x141}]}, 0x24c}, 0x1, 0x0, 0x0, 0x20004040}, 0x4040) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000180)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0xfffffffffffffffe, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @val={0x72, 0x6}, @void}, 0x3e)

02:35:43 executing program 5:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000ec0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f00000001c0)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000100)={0x0, 0x0, 0x0, &(0x7f0000000140)=""/69, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/237, &(0x7f0000000500)=""/73, &(0x7f00000002c0)=""/86})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000880)={0x1, 0x0, [{0x0, 0xc5, &(0x7f0000000600)=""/197}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0xffffffff)
futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, &(0x7f0000048000), 0x5000000)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x3af4701e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000e, 0x28012, 0xffffffffffffffff, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x9, &(0x7f0000000000)=@req3={0x7fffffff}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x8b}}, 0x0)

02:35:43 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x20002)
readv(r0, &(0x7f0000000400)=[{&(0x7f0000000040)=""/71, 0x47}], 0x1)
write$evdev(r0, &(0x7f000004d000)=[{{0x0, 0x2710}, 0x0, 0x1}], 0x79)

02:35:43 executing program 2:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
sendfile(r3, r0, &(0x7f00000000c0)=0x58, 0x7)

02:35:43 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{0x21, 0x0, 0x900}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:43 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x5, [@fwd={0x2}, @typedef={0x2}]}, {0x0, [0x0, 0x5f, 0x2e]}}, &(0x7f00000002c0)=""/169, 0x35, 0xa9, 0x1}, 0x20)
pipe2$watch_queue(&(0x7f0000000000), 0x80)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r3, @ANYBLOB="00000016010000001800120008000100736974000c00020008000300", @ANYRES32], 0x38}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x60, 0x10, 0x439, 0x70bd2c, 0xffffffea, {0x0, 0x0, 0xe403, r4, 0x3, 0x610c3}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @sit={{0x8}, {0x34, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r3}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e23}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e22}, @IFLA_IPTUN_PMTUDISC={0x5}, @IFLA_IPTUN_6RD_PREFIXLEN={0x6, 0xd, 0xe64b}]}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x4000040)

[ 1043.332303][T19162] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1043.386545][T19161] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1043.446550][T19161] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:43 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f0000000580), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000001800)={0x0, 0x0, 0x0, 0x0, 'syz0\x00'})

02:35:43 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000380)={&(0x7f0000000180), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, r3, 0x0, 0x70bd25, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x6}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x4}, @NL80211_ATTR_KEYS={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4000880)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f00000003c0)=ANY=[@ANYBLOB="8004000008021100000108020000080211000000000023cf00bdda589cb86400f0ffff0502020202020201088200000000000000001218240000"], 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="500000000850110000010802110000000802110000000000000000000000000064000100000602020202020c121824053e3854305903b1689c12f5065e888d9335afa362485b893d7a10d42acc7896a00292395b684c58a8b8532ce11f64e87ffefd8a024e"], 0x36)

02:35:43 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{0x21, 0x0, 0xc00}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:43 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f0000000580), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000001800)={0x0, 0x0, 0x0, 0x0, 'syz0\x00'})

[ 1043.848284][T19183] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1043.919144][T19183] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1044.052559][T19187] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:43 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f0000000580), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000001800)={0x0, 0x0, 0x0, 0x0, 'syz0\x00'})

02:35:45 executing program 3:
syz_open_dev$loop(0x0, 0x0, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000380)=0x1, 0x6)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0))
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r5, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400})
setsockopt$sock_int(r5, 0x1, 0x1d, &(0x7f0000000040)=0xfd87, 0x4)
sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0)

02:35:45 executing program 5:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000ec0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f00000001c0)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000100)={0x0, 0x0, 0x0, &(0x7f0000000140)=""/69, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/237, &(0x7f0000000500)=""/73, &(0x7f00000002c0)=""/86})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000880)={0x1, 0x0, [{0x0, 0xc5, &(0x7f0000000600)=""/197}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0xffffffff)
futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, &(0x7f0000048000), 0x5000000)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x3af4701e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000e, 0x28012, 0xffffffffffffffff, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x9, &(0x7f0000000000)=@req3={0x7fffffff}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x8b}}, 0x0)

02:35:45 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000380)={&(0x7f0000000180), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, r3, 0x0, 0x70bd25, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x6}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x4}, @NL80211_ATTR_KEYS={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4000880)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f00000003c0)=ANY=[@ANYBLOB="8004000008021100000108020000080211000000000023cf00bdda589cb86400f0ffff0502020202020201088200000000000000001218240000"], 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="500000000850110000010802110000000802110000000000000000000000000064000100000602020202020c121824053e3854305903b1689c12f5065e888d9335afa362485b893d7a10d42acc7896a00292395b684c58a8b8532ce11f64e87ffefd8a024e"], 0x36)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0) (async)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000380)={&(0x7f0000000180), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, r3, 0x0, 0x70bd25, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x6}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x4}, @NL80211_ATTR_KEYS={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4000880) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f00000003c0)=ANY=[@ANYBLOB="8004000008021100000108020000080211000000000023cf00bdda589cb86400f0ffff0502020202020201088200000000000000001218240000"], 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="500000000850110000010802110000000802110000000000000000000000000064000100000602020202020c121824053e3854305903b1689c12f5065e888d9335afa362485b893d7a10d42acc7896a00292395b684c58a8b8532ce11f64e87ffefd8a024e"], 0x36) (async)

02:35:45 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f0000000580), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000001800)={0x0, 0x0, 0x0, 0x0, 'syz0\x00'})

02:35:45 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{0x21, 0x0, 0xd00}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:45 executing program 2:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
sendfile(r3, r0, &(0x7f00000000c0)=0x58, 0x7)

02:35:45 executing program 4:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = dup3(r0, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000080))
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r5 = dup3(r3, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000080))

[ 1045.472064][T19199] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1045.504282][T19202] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1045.548752][T19202] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1045.641802][T19202] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1045.670605][T19216] binder: BINDER_SET_CONTEXT_MGR already set
[ 1045.703503][T19216] binder: 19210:19216 ioctl 4018620d 20000080 returned -16
02:35:45 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000480)=ANY=[@ANYBLOB="b702000000008000bfa30000000000001703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100036a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d1106fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328506aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528d46362ea0d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb343073cb7a61f888ee737f1d6c7a72a4116c8c0c8162f88e6caf8450b6fe63f3c4eeeaf7396fbe8de017804c296c4f3ba2db4e094fdad7db97ffbbae5d2f6a5bbf70aabc0add6be7747b5dd429387ea1cc49cf6cf9e373993b6ae194de1cef2d8e72d341a49eab890158180b79c46a3b9b0b79968de8311f70fa0bb82066d04b42608a30a92134e8497346ffb1f3c742132a1e7741c0ba169a1c001bd2762080dc819c70a0b113c0bb9b04a117f54ec0959c0351c0868bd1f07ba16030cf7"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19}, 0x42)

02:35:45 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000380)={&(0x7f0000000180), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, r3, 0x0, 0x70bd25, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x6}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x4}, @NL80211_ATTR_KEYS={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4000880)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f00000003c0)=ANY=[@ANYBLOB="8004000008021100000108020000080211000000000023cf00bdda589cb86400f0ffff0502020202020201088200000000000000001218240000"], 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="500000000850110000010802110000000802110000000000000000000000000064000100000602020202020c121824053e3854305903b1689c12f5065e888d9335afa362485b893d7a10d42acc7896a00292395b684c58a8b8532ce11f64e87ffefd8a024e"], 0x36)

02:35:45 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{0x21, 0x0, 0xe00}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1045.877474][T19220] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1045.983844][T19224] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1046.045250][T19224] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:45 executing program 4:
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2000, 0x0, 0x0, 0x0)

02:35:46 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1046.477501][T19231] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1047.255745][T19239] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1047.307956][T19239] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1047.322522][T19242] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1047.393181][T19242] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:46 executing program 5:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000ec0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f00000001c0)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000100)={0x0, 0x0, 0x0, &(0x7f0000000140)=""/69, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/237, &(0x7f0000000500)=""/73, &(0x7f00000002c0)=""/86})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000880)={0x1, 0x0, [{0x0, 0xc5, &(0x7f0000000600)=""/197}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0xffffffff)
futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, &(0x7f0000048000), 0x5000000)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x3af4701e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000e, 0x28012, 0xffffffffffffffff, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x9, &(0x7f0000000000)=@req3={0x7fffffff}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x8b}}, 0x0)

02:35:46 executing program 4:
r0 = openat$rdma_cm(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000700)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={<r1=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @dev, 0x8}, {0xa, 0x0, 0x0, @dev}, r1}}, 0x48)

02:35:46 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{0x21, 0x0, 0xf00}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:46 executing program 3:
syz_open_dev$loop(0x0, 0x0, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000380)=0x1, 0x6)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0))
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r5, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400})
setsockopt$sock_int(r5, 0x1, 0x1d, &(0x7f0000000040)=0xfd87, 0x4)
sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0)

02:35:46 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan0\x00'}) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async)

02:35:48 executing program 2:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
sendfile(r3, r0, &(0x7f00000000c0)=0x58, 0x7)

02:35:48 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='sessionid\x00')
read$ptp(r0, 0x0, 0x0)

02:35:48 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:48 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{0x21, 0x0, 0x1170}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:48 executing program 5:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000ec0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f00000001c0)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000100)={0x0, 0x0, 0x0, &(0x7f0000000140)=""/69, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/237, &(0x7f0000000500)=""/73, &(0x7f00000002c0)=""/86})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000880)={0x1, 0x0, [{0x0, 0xc5, &(0x7f0000000600)=""/197}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0xffffffff)
futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, &(0x7f0000048000), 0x5000000)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x3af4701e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000e, 0x28012, 0xffffffffffffffff, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x9, &(0x7f0000000000)=@req3={0x7fffffff}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x8b}}, 0x0)

02:35:48 executing program 4:
r0 = openat$sndseq(0xffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000002200)={0x20})

[ 1048.390708][T19259] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1048.393325][T19261] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1048.449187][T19259] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:48 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x18, 0xa, 0xa, 0x201, 0x0, 0x0, {}, [@generic="b9"]}, 0x18}}, 0x0)

02:35:48 executing program 4:
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$PTP_PEROUT_REQUEST2(r0, 0x40383d0c, &(0x7f0000000280))

[ 1048.675409][T19274] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
02:35:48 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{0x21, 0x0, 0x1f00}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:48 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="05000000825373dbed8dde9e88cc954a278025b55ca577e02ee0cb1edddd8df5d1aa3eeb183b6839acc61604d04118bc888f0d8a6a409e8ce0883b51e8c3c65c97c9bf75a00b3bd686a3f3ed5a52c4c2c22cd234ebce2c82a1b9b9cde3368d73563222173eb9229fa14f254cfb21fa1eced2d7fdae74b1741414f2b63cfb8757b31fa6f165f34a7ea1aae24b14bd24f9633134ba42e878dce140a29becf6eb182c9e6d106133337e7b8cafe16662ee973a3bd43fa844", @ANYRES32=r2, @ANYBLOB="0800050002000000"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
syz_80211_inject_frame(&(0x7f0000000000)=@device_b, &(0x7f0000000280)=@ctrl_frame=@ba={{}, {0xd1f}, @broadcast, @device_b, @multi={{0x0, 0x1, 0x1, 0x0, 0x2}, [{0x0, 0xb, {0x8}, "859758a75718d0e6"}, {0x0, 0x1, {0x0, 0x5}, "635223c41c7943d6"}], {0x0, 0x5, {0x1, 0xbd}, "c3ba266f1568e2a3"}}}, 0x36)

[ 1048.918165][T19280] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1048.932092][T19278] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1049.031248][T19280] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1049.045105][T19278] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:49 executing program 5:
io_setup(0x9, &(0x7f0000000080)=<r0=>0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x3)
io_submit(r0, 0x1, &(0x7f0000001940)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, r1, 0x0}])

02:35:49 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="05000000825373dbed8dde9e88cc954a278025b55ca577e02ee0cb1edddd8df5d1aa3eeb183b6839acc61604d04118bc888f0d8a6a409e8ce0883b51e8c3c65c97c9bf75a00b3bd686a3f3ed5a52c4c2c22cd234ebce2c82a1b9b9cde3368d73563222173eb9229fa14f254cfb21fa1eced2d7fdae74b1741414f2b63cfb8757b31fa6f165f34a7ea1aae24b14bd24f9633134ba42e878dce140a29becf6eb182c9e6d106133337e7b8cafe16662ee973a3bd43fa844", @ANYRES32=r2, @ANYBLOB="0800050002000000"], 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async)
syz_80211_inject_frame(&(0x7f0000000000)=@device_b, &(0x7f0000000280)=@ctrl_frame=@ba={{}, {0xd1f}, @broadcast, @device_b, @multi={{0x0, 0x1, 0x1, 0x0, 0x2}, [{0x0, 0xb, {0x8}, "859758a75718d0e6"}, {0x0, 0x1, {0x0, 0x5}, "635223c41c7943d6"}], {0x0, 0x5, {0x1, 0xbd}, "c3ba266f1568e2a3"}}}, 0x36)

[ 1050.251337][T19288] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1050.288987][T19286] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:50 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000009c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000b00)={0x64, r2, 0x121, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_FRAME={0x42, 0x33, @assoc_resp={@with_ht={{{}, {}, @device_b, @broadcast, @random="96ef429affe5"}}, 0x0, 0x0, @random, @void, @val={0x2d, 0x1a}}}]}, 0x64}}, 0x0)

02:35:50 executing program 2:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
sendfile(r3, r0, &(0x7f00000000c0)=0x58, 0x7)

02:35:50 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x22701, 0x0)
write$binfmt_aout(r0, &(0x7f0000000040)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140))
r1 = syz_open_pts(r0, 0x0)
ioctl$TCFLSH(r1, 0x540b, 0x0)
r2 = dup3(r1, r0, 0x0)
readv(r2, &(0x7f0000003680)=[{&(0x7f0000001e80)=""/4075, 0xfeb}], 0x1)

02:35:50 executing program 5:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = dup3(r1, r0, 0x0)
getsockopt$inet_sctp_SCTP_STATUS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, @in={{0x2, 0x0, @remote}}}}, &(0x7f0000000280)=0xb0)

02:35:50 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{0x21, 0x0, 0x2400}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:50 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="05000000825373dbed8dde9e88cc954a278025b55ca577e02ee0cb1edddd8df5d1aa3eeb183b6839acc61604d04118bc888f0d8a6a409e8ce0883b51e8c3c65c97c9bf75a00b3bd686a3f3ed5a52c4c2c22cd234ebce2c82a1b9b9cde3368d73563222173eb9229fa14f254cfb21fa1eced2d7fdae74b1741414f2b63cfb8757b31fa6f165f34a7ea1aae24b14bd24f9633134ba42e878dce140a29becf6eb182c9e6d106133337e7b8cafe16662ee973a3bd43fa844", @ANYRES32=r2, @ANYBLOB="0800050002000000"], 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
syz_80211_inject_frame(&(0x7f0000000000)=@device_b, &(0x7f0000000280)=@ctrl_frame=@ba={{}, {0xd1f}, @broadcast, @device_b, @multi={{0x0, 0x1, 0x1, 0x0, 0x2}, [{0x0, 0xb, {0x8}, "859758a75718d0e6"}, {0x0, 0x1, {0x0, 0x5}, "635223c41c7943d6"}], {0x0, 0x5, {0x1, 0xbd}, "c3ba266f1568e2a3"}}}, 0x36)

[ 1050.960030][T19297] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:50 executing program 5:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = dup3(r1, r0, 0x0)
getsockopt$inet_sctp_SCTP_STATUS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, @in={{0x2, 0x0, @remote}}}}, &(0x7f0000000280)=0xb0)

02:35:50 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='net_prio.prioidx\x00', 0x275a, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x74, 0x0)
mmap(&(0x7f00005a2000/0x9000)=nil, 0x9000, 0x0, 0x28011, r1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0)

[ 1051.006555][T19301] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:50 executing program 5:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = dup3(r1, r0, 0x0)
getsockopt$inet_sctp_SCTP_STATUS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, @in={{0x2, 0x0, @remote}}}}, &(0x7f0000000280)=0xb0)

02:35:50 executing program 0:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x38, r0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0x1, 0xfd}}]}, 0x38}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
syz_80211_inject_frame(&(0x7f0000000000), &(0x7f0000000140)=@mgmt_frame=@disassoc={@with_ht={{{0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x5}, @device_a, @device_b, @initial, {0x4, 0x5}}, @ver_80211n={0x0, 0x5, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x3b, @void}, 0x1e)

[ 1051.100574][T19301] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:51 executing program 5:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = dup3(r1, r0, 0x0)
getsockopt$inet_sctp_SCTP_STATUS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, @in={{0x2, 0x0, @remote}}}}, &(0x7f0000000280)=0xb0)

[ 1051.247591][T19314] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:51 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='net_prio.prioidx\x00', 0x275a, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x74, 0x0)
mmap(&(0x7f00005a2000/0x9000)=nil, 0x9000, 0x0, 0x28011, r1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0)

[ 1051.321564][T19314] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:51 executing program 5:
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
recvmmsg(r0, &(0x7f0000003e40)=[{{&(0x7f0000000100)=@phonet, 0x80, 0x0, 0x0, &(0x7f00000024c0)=""/4096, 0x1000}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000035c0)=""/241, 0xf1}}, {{&(0x7f00000036c0)=@un=@abs, 0x80, 0x0, 0x0, &(0x7f00000037c0)=""/236, 0xec}}, {{&(0x7f00000038c0)=@l2tp6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000003bc0)=[{0x0, 0x40000}, {&(0x7f0000003a00)=""/190, 0xbe}, {&(0x7f0000003ac0)=""/131, 0x83}, {0x0}], 0x4}}, {{&(0x7f0000003c80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, 0x0, 0x0, &(0x7f0000003e00)=""/48, 0x30}}], 0x5, 0xd87f, 0x0)

[ 1051.380341][T19316] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:52 executing program 5:
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000214000/0x1000)=nil, &(0x7f0000779000/0x1000)=nil, 0x1000, 0x0, 0x2})
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000140)={{&(0x7f00003f5000/0x1000)=nil, 0x1000}, 0x1})

02:35:52 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='net_prio.prioidx\x00', 0x275a, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x74, 0x0)
mmap(&(0x7f00005a2000/0x9000)=nil, 0x9000, 0x0, 0x28011, r1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0)

02:35:52 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{0x21, 0x0, 0x3f00}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:52 executing program 0:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async, rerun: 32)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x38, r0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0x1, 0xfd}}]}, 0x38}}, 0x0) (async, rerun: 32)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
syz_80211_inject_frame(&(0x7f0000000000), &(0x7f0000000140)=@mgmt_frame=@disassoc={@with_ht={{{0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x5}, @device_a, @device_b, @initial, {0x4, 0x5}}, @ver_80211n={0x0, 0x5, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x3b, @void}, 0x1e)

02:35:52 executing program 2:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ppoll(&(0x7f00000007c0)=[{r0}], 0x1, 0x0, 0x0, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})

02:35:52 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x22701, 0x0)
write$binfmt_aout(r0, &(0x7f0000000040)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140))
r1 = syz_open_pts(r0, 0x0)
ioctl$TCFLSH(r1, 0x540b, 0x0)
r2 = dup3(r1, r0, 0x0)
readv(r2, &(0x7f0000003680)=[{&(0x7f0000001e80)=""/4075, 0xfeb}], 0x1)

02:35:52 executing program 5:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000200)={0x0, 0x1dbb43be9cebf2b8}, 0x4)

[ 1052.969389][T19331] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1053.004398][T19327] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1053.022261][T19331] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1053.034709][T19335] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:52 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='net_prio.prioidx\x00', 0x275a, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x74, 0x0)
mmap(&(0x7f00005a2000/0x9000)=nil, 0x9000, 0x0, 0x28011, r1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0)

02:35:52 executing program 0:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x38, r0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0x1, 0xfd}}]}, 0x38}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
syz_80211_inject_frame(&(0x7f0000000000), &(0x7f0000000140)=@mgmt_frame=@disassoc={@with_ht={{{0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x5}, @device_a, @device_b, @initial, {0x4, 0x5}}, @ver_80211n={0x0, 0x5, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x3b, @void}, 0x1e)

02:35:52 executing program 5:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize}]}})

02:35:53 executing program 4:
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
recvmmsg(r0, &(0x7f0000003e40)=[{{&(0x7f0000000100)=@phonet, 0x80, 0x0, 0x0, &(0x7f00000024c0)=""/4096, 0x1000}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000035c0)=""/241, 0xf1}}, {{&(0x7f00000036c0)=@un=@abs, 0x80, &(0x7f0000003780), 0x0, &(0x7f00000037c0)=""/236, 0xec}}, {{&(0x7f00000038c0)=@l2tp6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000003bc0)=[{0x0}, {&(0x7f0000003a00)=""/182, 0xb6}, {&(0x7f0000003ac0)=""/131, 0x83}, {0x0, 0xff5a}], 0x4, &(0x7f0000003c00)=""/73, 0x49}}, {{&(0x7f0000003c80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, 0x0, 0x0, &(0x7f0000003e00)=""/48, 0x30}}], 0x5, 0x9f7e, 0x0)

[ 1053.239483][T19348] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1053.249775][T19350] fuse: blksize only supported for fuseblk
02:35:53 executing program 5:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize}]}})

[ 1053.293498][T19349] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1053.328615][T19351] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:53 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{0x21, 0x0, 0x4000}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1053.423791][T19355] fuse: blksize only supported for fuseblk
02:35:53 executing program 5:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize}]}})

[ 1053.509920][T19358] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:53 executing program 5:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize}]}})

[ 1053.568227][T19358] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1053.599916][T19361] fuse: blksize only supported for fuseblk
02:35:53 executing program 0:
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, &(0x7f00000001c0)={0x4, {0x7, 0x6, 0xd0af, 0x7, 0x24, 0x8}})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r1, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xc}]}, 0x1c}}, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), r0)
sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000380)={0x12c, r5, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x40, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x3a}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'syzkaller1\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xff}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}, @IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x80}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x6}]}, @IPVS_CMD_ATTR_SERVICE={0x50, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x77}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x10, 0x21}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x56}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x21}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}]}, @IPVS_CMD_ATTR_DEST={0x44, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xfffffff9}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8f}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x2}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}]}]}, 0x12c}, 0x1, 0x0, 0x0, 0x8000}, 0xf10d359ca08ab1bf)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
mmap$snddsp_control(&(0x7f0000ff9000/0x4000)=nil, 0x1000, 0x1000004, 0x80010, r4, 0x83000000)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000280)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x1, @default, 0x9, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @val={0x6, 0x2, 0xbe09}, @void, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0x0, 0x1, 0xffffffffffffffff, 0x2, 0x23, 0x60}}}, 0x43)

[ 1053.715669][T19363] fuse: blksize only supported for fuseblk
[ 1053.886976][T19366] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:53 executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0xf}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x58}}, 0x0)

02:35:53 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_SYNIC2(r2, 0x4008ae89, &(0x7f00000000c0)={0x94, 0x0, 0x400000ff})

02:35:53 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x22701, 0x0)
write$binfmt_aout(r0, &(0x7f0000000040)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140))
r1 = syz_open_pts(r0, 0x0)
ioctl$TCFLSH(r1, 0x540b, 0x0)
r2 = dup3(r1, r0, 0x0)
readv(r2, &(0x7f0000003680)=[{&(0x7f0000001e80)=""/4075, 0xfeb}], 0x1)

02:35:53 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{0x21, 0x0, 0x6000}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1053.932623][T19366] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1054.020041][T19369] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:53 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000ec0), 0x2, 0x0)
preadv(r0, &(0x7f0000000480)=[{&(0x7f00000000c0)=""/6, 0x6}], 0x1, 0x0, 0x0)

[ 1054.131811][T19369] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:54 executing program 2:
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f0000000080)={0xa})

02:35:54 executing program 4:
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
recvmmsg(r0, &(0x7f0000003e40)=[{{&(0x7f0000000100)=@phonet, 0x80, 0x0, 0x0, &(0x7f00000024c0)=""/4096, 0x1000}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000035c0)=""/241, 0xf1}}, {{&(0x7f00000036c0)=@un=@abs, 0x80, &(0x7f0000003780), 0x0, &(0x7f00000037c0)=""/236, 0xec}}, {{&(0x7f00000038c0)=@l2tp6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000003bc0)=[{0x0}, {&(0x7f0000003a00)=""/182, 0xb6}, {&(0x7f0000003ac0)=""/131, 0x83}, {0x0, 0xff5a}], 0x4, &(0x7f0000003c00)=""/73, 0x49}}, {{&(0x7f0000003c80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, 0x0, 0x0, &(0x7f0000003e00)=""/48, 0x30}}], 0x5, 0x9f7e, 0x0)

02:35:54 executing program 0:
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, &(0x7f00000001c0)={0x4, {0x7, 0x6, 0xd0af, 0x7, 0x24, 0x8}}) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r1, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xc}]}, 0x1c}}, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b) (async)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896) (async)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), r0)
sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000380)={0x12c, r5, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x40, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x3a}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'syzkaller1\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xff}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}, @IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x80}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x6}]}, @IPVS_CMD_ATTR_SERVICE={0x50, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x77}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x10, 0x21}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x56}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x21}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}]}, @IPVS_CMD_ATTR_DEST={0x44, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xfffffff9}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8f}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x2}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}]}]}, 0x12c}, 0x1, 0x0, 0x0, 0x8000}, 0xf10d359ca08ab1bf) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
mmap$snddsp_control(&(0x7f0000ff9000/0x4000)=nil, 0x1000, 0x1000004, 0x80010, r4, 0x83000000)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000280)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x1, @default, 0x9, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @val={0x6, 0x2, 0xbe09}, @void, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0x0, 0x1, 0xffffffffffffffff, 0x2, 0x23, 0x60}}}, 0x43)

02:35:54 executing program 5:
rt_sigqueueinfo(0x0, 0x0, &(0x7f0000000600)={0x0, 0x0, 0xfffffff8})

02:35:54 executing program 2:
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f0000000080)={0xa})

02:35:54 executing program 2:
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f0000000080)={0xa})

02:35:54 executing program 5:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000ec0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f00000001c0)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000c00))
ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000080)={0x0, r1})
dup2(r1, r0)

02:35:54 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{0x21, 0x0, 0x7011}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:54 executing program 0:
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, &(0x7f00000001c0)={0x4, {0x7, 0x6, 0xd0af, 0x7, 0x24, 0x8}}) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r1, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xc}]}, 0x1c}}, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b) (async)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896) (async)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), r0)
sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000380)={0x12c, r5, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x40, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x3a}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'syzkaller1\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xff}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}, @IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x80}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x6}]}, @IPVS_CMD_ATTR_SERVICE={0x50, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x77}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x10, 0x21}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x56}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x21}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}]}, @IPVS_CMD_ATTR_DEST={0x44, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xfffffff9}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8f}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x2}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}]}]}, 0x12c}, 0x1, 0x0, 0x0, 0x8000}, 0xf10d359ca08ab1bf)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async, rerun: 32)
mmap$snddsp_control(&(0x7f0000ff9000/0x4000)=nil, 0x1000, 0x1000004, 0x80010, r4, 0x83000000) (async, rerun: 32)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000280)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x1, @default, 0x9, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @val={0x6, 0x2, 0xbe09}, @void, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0x0, 0x1, 0xffffffffffffffff, 0x2, 0x23, 0x60}}}, 0x43)

[ 1054.640162][T19406] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1054.655093][T19404] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1054.687690][T19406] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1054.713420][ T1232] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.719900][ T1232] ieee802154 phy1 wpan1: encryption failed: -22
02:35:54 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x22701, 0x0)
write$binfmt_aout(r0, &(0x7f0000000040)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140))
r1 = syz_open_pts(r0, 0x0)
ioctl$TCFLSH(r1, 0x540b, 0x0)
r2 = dup3(r1, r0, 0x0)
readv(r2, &(0x7f0000003680)=[{&(0x7f0000001e80)=""/4075, 0xfeb}], 0x1)

02:35:54 executing program 2:
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f0000000080)={0xa})

02:35:54 executing program 5:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000ec0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f00000001c0)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000c00))
ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000080)={0x0, r1})
dup2(r1, r0)

02:35:54 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r7, &(0x7f0000000600)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010008506eb9afc4cd8d06e754a0081c5", @ANYRES32=r8, @ANYBLOB="2377f292252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_ARPTABLES={0x5}, @IFLA_BR_STP_STATE={0x8}]}}}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x4c}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'ip6gre0\x00', &(0x7f0000000100)={'ip6gre0\x00', <r9=>0x0, 0x12, 0xf9, 0xfd, 0x40, 0x2, @mcast2, @private1, 0x7800, 0x80, 0xbbaf, 0xfffff800}})
sendmsg$nl_route(r4, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=@ipv4_getnetconf={0x3c, 0x52, 0x2, 0x70bd29, 0x25dfdbfd, {}, [@NETCONFA_IFINDEX={0x8, 0x1, r8}, @NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x3ff}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8, 0x1, r9}, @NETCONFA_RP_FILTER={0x8}]}, 0x3c}}, 0x4080)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1055.060565][T19410] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[ 1055.140697][T19410] bond1: entered promiscuous mode
[ 1055.147740][T19410] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1055.168334][T19418] bond1: (slave bridge1): making interface the new active one
[ 1055.176166][T19418] bridge1: entered promiscuous mode
[ 1055.191413][T19410] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1055.204866][T19418] bond1: (slave bridge1): Enslaving as an active interface with an up link
[ 1055.215437][T19410] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:55 executing program 4:
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
recvmmsg(r0, &(0x7f0000003e40)=[{{&(0x7f0000000100)=@phonet, 0x80, 0x0, 0x0, &(0x7f00000024c0)=""/4096, 0x1000}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000035c0)=""/241, 0xf1}}, {{&(0x7f00000036c0)=@un=@abs, 0x80, &(0x7f0000003780), 0x0, &(0x7f00000037c0)=""/236, 0xec}}, {{&(0x7f00000038c0)=@l2tp6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000003bc0)=[{0x0}, {&(0x7f0000003a00)=""/182, 0xb6}, {&(0x7f0000003ac0)=""/131, 0x83}, {0x0, 0xff5a}], 0x4, &(0x7f0000003c00)=""/73, 0x49}}, {{&(0x7f0000003c80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, 0x0, 0x0, &(0x7f0000003e00)=""/48, 0x30}}], 0x5, 0x9f7e, 0x0)

02:35:55 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{0x21, 0x0, 0xe703}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:55 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x208000, 0x1, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x6, r0}, 0x38)

02:35:55 executing program 5:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000ec0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f00000001c0)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000c00))
ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000080)={0x0, r1})
dup2(r1, r0)

02:35:55 executing program 5:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000ec0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f00000001c0)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000c00))
ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000080)={0x0, r1})
dup2(r1, r0)

[ 1055.328550][T19428] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1055.366561][T19428] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:55 executing program 5:
r0 = syz_open_dev$I2C(&(0x7f0000000140), 0x0, 0x0)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000340)={&(0x7f0000000140)=[{0x0, 0x0, 0x2, 0x0}], 0x1})

02:35:55 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async, rerun: 32)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (rerun: 32)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b) (async)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896)
r5 = socket$netlink(0x10, 0x3, 0x0) (async)
r6 = socket$netlink(0x10, 0x3, 0x0) (async)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r7, &(0x7f0000000600)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010008506eb9afc4cd8d06e754a0081c5", @ANYRES32=r8, @ANYBLOB="2377f292252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_ARPTABLES={0x5}, @IFLA_BR_STP_STATE={0x8}]}}}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x4c}}, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'ip6gre0\x00', &(0x7f0000000100)={'ip6gre0\x00', <r9=>0x0, 0x12, 0xf9, 0xfd, 0x40, 0x2, @mcast2, @private1, 0x7800, 0x80, 0xbbaf, 0xfffff800}})
sendmsg$nl_route(r4, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=@ipv4_getnetconf={0x3c, 0x52, 0x2, 0x70bd29, 0x25dfdbfd, {}, [@NETCONFA_IFINDEX={0x8, 0x1, r8}, @NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x3ff}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8, 0x1, r9}, @NETCONFA_RP_FILTER={0x8}]}, 0x3c}}, 0x4080) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:55 executing program 2:
unshare(0x40000400)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
unshare(0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f00000001c0)={'raw\x00'}, &(0x7f0000000280)=0x54)

02:35:55 executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0) (async)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896)
r5 = socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0) (async)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r7, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) (async)
getsockname$packet(r7, &(0x7f0000000600)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010008506eb9afc4cd8d06e754a0081c5", @ANYRES32=r8, @ANYBLOB="2377f292252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_ARPTABLES={0x5}, @IFLA_BR_STP_STATE={0x8}]}}}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x4c}}, 0x0) (async)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_ARPTABLES={0x5}, @IFLA_BR_STP_STATE={0x8}]}}}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x4c}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'ip6gre0\x00', &(0x7f0000000100)={'ip6gre0\x00', 0x0, 0x12, 0xf9, 0xfd, 0x40, 0x2, @mcast2, @private1, 0x7800, 0x80, 0xbbaf, 0xfffff800}}) (async)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'ip6gre0\x00', &(0x7f0000000100)={'ip6gre0\x00', <r9=>0x0, 0x12, 0xf9, 0xfd, 0x40, 0x2, @mcast2, @private1, 0x7800, 0x80, 0xbbaf, 0xfffff800}})
sendmsg$nl_route(r4, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=@ipv4_getnetconf={0x3c, 0x52, 0x2, 0x70bd29, 0x25dfdbfd, {}, [@NETCONFA_IFINDEX={0x8, 0x1, r8}, @NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x3ff}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8, 0x1, r9}, @NETCONFA_RP_FILTER={0x8}]}, 0x3c}}, 0x4080)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:55 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0x1c, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0x19}, @IFLA_XDP_FD={0x8}, @IFLA_XDP_EXPECTED_FD={0x8, 0x8, r1}]}, @IFLA_GROUP={0x8}]}, 0x44}}, 0x0)

02:35:55 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x3, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:55 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'adiantum(xchacha20-simd,anubis-generic,nhpoly1305-sse2)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000003cc0)=[{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)="86ba8994d56cb6c5", 0x8}, {&(0x7f0000000200)="6fe8af7802a9cee3d7", 0x9}], 0x2}], 0x1, 0x0)
recvmsg$qrtr(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f0000000400)=""/239, 0x28}], 0x1}, 0x38, 0x0)
sendmsg$qrtr(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000100)='`', 0x1}], 0x1, &(0x7f00000007c0)=ANY=[@ANYBLOB="4000000000000000050000000700000015aa87447962bba40f07aedd53cabe7114d535246c66907e3fc959d45dd96d8351fc1faf5740b3575f9460f1d7002ed478"], 0xb8}, 0x38)

[ 1056.169250][T19446] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1056.249918][T19453] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1056.284675][T19451] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[ 1056.301491][T19449] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:56 executing program 4:
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
recvmmsg(r0, &(0x7f0000003e40)=[{{&(0x7f0000000100)=@phonet, 0x80, 0x0, 0x0, &(0x7f00000024c0)=""/4096, 0x1000}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000035c0)=""/241, 0xf1}}, {{&(0x7f00000036c0)=@un=@abs, 0x80, &(0x7f0000003780), 0x0, &(0x7f00000037c0)=""/236, 0xec}}, {{&(0x7f00000038c0)=@l2tp6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000003bc0)=[{0x0}, {&(0x7f0000003a00)=""/182, 0xb6}, {&(0x7f0000003ac0)=""/131, 0x83}, {0x0, 0xff5a}], 0x4, &(0x7f0000003c00)=""/73, 0x49}}, {{&(0x7f0000003c80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, 0x0, 0x0, &(0x7f0000003e00)=""/48, 0x30}}], 0x5, 0x9f7e, 0x0)

02:35:56 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000380)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20008004, 0x0, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@private0, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x6c}, 0x0, @in=@private, 0x0, 0x4}}, 0xe8)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)

[ 1056.346293][T19451] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[ 1056.382560][T19449] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:56 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, r1, 0x7562f43b63fde81f, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x2a, 0x33, @action={@wo_ht={{}, {}, @device_b, @device_b, @from_mac=@device_b}, @ext_ch_sw={0x4, 0x4, {{}, @val={0x76, 0x6}}}}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x4}]}, 0x4c}}, 0x0)

02:35:56 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000f00)={<r0=>0xffffffffffffffff})
getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000540))

02:35:56 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt(r0, 0xff, 0x0, 0x0, 0x0)

02:35:56 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = openat$zero(0xffffff9c, &(0x7f0000000000), 0x2001, 0x0)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000600)={0x14, r4, 0x319}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000140)={0xbc, r4, 0x202, 0x70bd2a, 0x25dfdbfb, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @handle=@pci={{0x8}, {0x11}}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @handle=@pci={{0x8}, {0x11}}]}, 0xbc}, 0x1, 0x0, 0x0, 0x20008051}, 0x8080)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000400)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @val={0x3, 0x1, 0x64}, @void, @val={0x6, 0x2, 0x1}, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x300, 0x2, 0x7, 0x0, {0x5, 0x1, 0x0, 0x1f, 0x0, 0x0, 0x1, 0x1}, 0x300, 0x35}}, @void, @void, @void}, 0x59)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:56 executing program 5:
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x7, 0x20, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}}}]}}]}}, 0x0)

[ 1056.790592][T19473] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1056.869124][T19473] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:56 executing program 2:
unshare(0x40000400)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
unshare(0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f00000001c0)={'raw\x00'}, &(0x7f0000000280)=0x54)

02:35:56 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt(r0, 0xff, 0x0, 0x0, 0x0)

02:35:56 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x5, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:56 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt(r0, 0xff, 0x0, 0x0, 0x0)

[ 1057.090636][T19481] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[ 1057.124952][T19481] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1057.137891][ T5115] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[ 1057.162454][T19481] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:57 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async, rerun: 64)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0}) (rerun: 64)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
r3 = openat$zero(0xffffff9c, &(0x7f0000000000), 0x2001, 0x0)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000600)={0x14, r4, 0x319}, 0x14}}, 0x0) (async)
sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000140)={0xbc, r4, 0x202, 0x70bd2a, 0x25dfdbfb, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @handle=@pci={{0x8}, {0x11}}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @handle=@pci={{0x8}, {0x11}}]}, 0xbc}, 0x1, 0x0, 0x0, 0x20008051}, 0x8080) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000400)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @val={0x3, 0x1, 0x64}, @void, @val={0x6, 0x2, 0x1}, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x300, 0x2, 0x7, 0x0, {0x5, 0x1, 0x0, 0x1f, 0x0, 0x0, 0x1, 0x1}, 0x300, 0x35}}, @void, @void, @void}, 0x59) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1057.383205][ T5115] usb 6-1: Using ep0 maxpacket: 32
02:35:57 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt(r0, 0xff, 0x0, 0x0, 0x0)

02:35:57 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async, rerun: 64)
r3 = openat$zero(0xffffff9c, &(0x7f0000000000), 0x2001, 0x0) (async, rerun: 64)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000600)={0x14, r4, 0x319}, 0x14}}, 0x0) (async, rerun: 64)
sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000140)={0xbc, r4, 0x202, 0x70bd2a, 0x25dfdbfb, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @handle=@pci={{0x8}, {0x11}}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @handle=@pci={{0x8}, {0x11}}]}, 0xbc}, 0x1, 0x0, 0x0, 0x20008051}, 0x8080) (async, rerun: 64)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000400)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @val={0x3, 0x1, 0x64}, @void, @val={0x6, 0x2, 0x1}, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x300, 0x2, 0x7, 0x0, {0x5, 0x1, 0x0, 0x1f, 0x0, 0x0, 0x1, 0x1}, 0x300, 0x35}}, @void, @void, @void}, 0x59)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:57 executing program 4:
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x1})
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, &(0x7f0000000140)={0x0, 0x0, 0xffffffffffffffff, 0x8000000000000000})

02:35:57 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x6, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:57 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x38, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "7e4e9a095c01d8f4b841ab566727b7c9a3ba94a6de2fe431"}]]}, 0x38}}, 0x0)

[ 1057.520330][ T5115] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
02:35:57 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000013000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000040)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f000f011c268ee0", 0x3e}], 0x1, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000))
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x3}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2004c7], 0x0, 0xe02})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1057.643689][ T5115] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1057.683611][ T5115] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1057.713265][ T5115] usb 6-1: SerialNumber: syz
[ 1057.718737][T19502] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[ 1057.743923][T19502] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1057.797061][T19502] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1057.814108][ T5115] cdc_acm 6-1:1.0: Control and data interfaces are not separated!
[ 1057.821999][ T5115] cdc_acm 6-1:1.0: This needs exactly 3 endpoints
[ 1057.853217][T19507] kvm: pic: non byte read
[ 1057.858067][ T5115] cdc_acm: probe of 6-1:1.0 failed with error -22
[ 1057.878429][T19507] kvm: pic: level sensitive irq not supported
[ 1057.878642][T19507] kvm: pic: non byte read
[ 1058.033698][ T5115] usb 6-1: USB disconnect, device number 38
02:35:58 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x9, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:58 executing program 4:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000050cb5320450c10108e492940a84409021b00090000000009040002010035040009058dff86"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, &(0x7f0000000040)='0', 0x1)
write$char_usb(r1, &(0x7f0000000080)="8a", 0x1)
read$char_usb(r1, 0x0, 0x0)
syz_usb_disconnect(r0)

02:35:58 executing program 2:
unshare(0x40000400)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
unshare(0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f00000001c0)={'raw\x00'}, &(0x7f0000000280)=0x54)

02:35:58 executing program 3:
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
fcntl$setlease(r0, 0x400, 0x1)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
close(r0)

02:35:58 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000380)=ANY=[@ANYBLOB="8000000008021100000108021100000008021100000000000000000000000000640001000006020202020202010882848b960c121824f09e6f897ecc1f8df3ff8b75899657620f429e84f915905540ce32aa67bfcfa18fb748ca2487267b191ae48a04eb4ce3c38c9b7fd1126d6facaf5e10b6f0cb6517ca49d9b57e0bbbb04497439e1e37c660b51270ea54ed3a2a0990e025c8fb3da2bff4d907aa5e502df558bc000181e0cd119eda9ce16b8a23134e164177bda0da736bdc56cb344574deaf2c37fc444cff4720f28600ef9d44f46ee5894f609f83df02722dce99f2c4192b3988cc5743cc3618e71a445ce6b38aced0520bbf18f714b1adb5e95ce32d02ffac57a86554d145328b68a6db42a96c612504279761ed96b79658503e2f"], 0x36)
r3 = openat$zero(0xffffff9c, &(0x7f0000000000), 0x800, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r4, 0x20, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x14, 0x19, {0x7be3, 0x2, 0x3ff, 0x4}}}, [""]}, 0x30}, 0x1, 0x0, 0x0, 0x8881}, 0x90)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
nanosleep(&(0x7f0000000280)={0x0, 0x3938700}, &(0x7f00000002c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:58 executing program 5:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0x3)

[ 1058.653479][T19521] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[ 1058.665437][T19522] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:35:58 executing program 3:
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
fcntl$setlease(r0, 0x400, 0x1)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
close(r0)

[ 1058.707764][T19526] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1058.718191][T19521] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'.
02:35:58 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c000000120005ff"], 0x2c}}, 0x0)
recvmmsg(r0, &(0x7f0000007700)=[{{0x0, 0x0, &(0x7f0000003b40)=[{&(0x7f00000018c0)=""/223, 0xe08}, {0x0, 0x58}, {&(0x7f0000002a80)=""/4090, 0xae4}], 0x3, 0x0, 0x500000000000000}}], 0x2f3, 0x10000, 0x0)

[ 1058.787046][T19526] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1058.799569][T19528] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1058.893092][ T7594] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[ 1058.907335][T19534] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1058.944046][T19534] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1058.966698][T19534] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
02:35:58 executing program 3:
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
fcntl$setlease(r0, 0x400, 0x1)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
close(r0)

[ 1058.994651][T19534] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1059.051763][T19534] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1059.089608][T19534] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1059.105947][T19534] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1059.131381][T19534] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1059.153182][ T7594] usb 5-1: Using ep0 maxpacket: 32
02:35:58 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000380)=ANY=[@ANYBLOB="8000000008021100000108021100000008021100000000000000000000000000640001000006020202020202010882848b960c121824f09e6f897ecc1f8df3ff8b75899657620f429e84f915905540ce32aa67bfcfa18fb748ca2487267b191ae48a04eb4ce3c38c9b7fd1126d6facaf5e10b6f0cb6517ca49d9b57e0bbbb04497439e1e37c660b51270ea54ed3a2a0990e025c8fb3da2bff4d907aa5e502df558bc000181e0cd119eda9ce16b8a23134e164177bda0da736bdc56cb344574deaf2c37fc444cff4720f28600ef9d44f46ee5894f609f83df02722dce99f2c4192b3988cc5743cc3618e71a445ce6b38aced0520bbf18f714b1adb5e95ce32d02ffac57a86554d145328b68a6db42a96c612504279761ed96b79658503e2f"], 0x36) (async)
r3 = openat$zero(0xffffff9c, &(0x7f0000000000), 0x800, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r4, 0x20, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x14, 0x19, {0x7be3, 0x2, 0x3ff, 0x4}}}, [""]}, 0x30}, 0x1, 0x0, 0x0, 0x8881}, 0x90) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
nanosleep(&(0x7f0000000280)={0x0, 0x3938700}, &(0x7f00000002c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:58 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xa, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:35:58 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c000000120005ff"], 0x2c}}, 0x0)
recvmmsg(r0, &(0x7f0000007700)=[{{0x0, 0x0, &(0x7f0000003b40)=[{&(0x7f00000018c0)=""/223, 0xe08}, {0x0, 0x58}, {&(0x7f0000002a80)=""/4090, 0xae4}], 0x3, 0x0, 0x500000000000000}}], 0x2f3, 0x10000, 0x0)

[ 1059.205220][ T7594] usb 5-1: too many configurations: 68, using maximum allowed: 8
02:35:59 executing program 3:
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
fcntl$setlease(r0, 0x400, 0x1)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
close(r0)

[ 1059.248396][T19543] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[ 1059.261112][T19543] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1059.278915][T19543] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1059.333499][ T7594] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1059.342490][ T7594] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1059.415179][ T7594] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1059.419807][T19549] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1059.514660][ T7594] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1059.551163][ T7594] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1059.594675][ T7594] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1059.713291][ T7594] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1059.722260][ T7594] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1059.773243][ T7594] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1059.863425][ T7594] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1059.887564][ T7594] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1059.943516][ T7594] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1060.053362][ T7594] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1060.062314][ T7594] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1060.113028][ T7594] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1060.203272][ T7594] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1060.212308][ T7594] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1060.254665][ T7594] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1060.333133][ T7594] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1060.342078][ T7594] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1060.383818][ T7594] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1060.465796][ T7594] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1060.476849][ T7594] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1060.523106][ T7594] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1060.683549][ T7594] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1060.692878][ T7594] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1060.715272][ T7594] usb 5-1: Product: syz
[ 1060.719502][ T7594] usb 5-1: Manufacturer: syz
[ 1060.738649][ T7594] usb 5-1: SerialNumber: syz
[ 1060.763694][ T7594] usb 5-1: config 0 descriptor??
[ 1060.822318][ T7594] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0
[ 1061.198967][ T5110] usb 5-1: USB disconnect, device number 31
[ 1061.213120][    C0] usb 5-1: yurex_control_callback - control failed: -71
[ 1061.251872][ T5110] yurex 5-1:0.0: USB YUREX #0 now disconnected
02:36:01 executing program 4:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000050cb5320450c10108e492940a84409021b00090000000009040002010035040009058dff86"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, &(0x7f0000000040)='0', 0x1)
write$char_usb(r1, &(0x7f0000000080)="8a", 0x1)
read$char_usb(r1, 0x0, 0x0)
syz_usb_disconnect(r0)

02:36:01 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c000000120005ff"], 0x2c}}, 0x0)
recvmmsg(r0, &(0x7f0000007700)=[{{0x0, 0x0, &(0x7f0000003b40)=[{&(0x7f00000018c0)=""/223, 0xe08}, {0x0, 0x58}, {&(0x7f0000002a80)=""/4090, 0xae4}], 0x3, 0x0, 0x500000000000000}}], 0x2f3, 0x10000, 0x0)

02:36:01 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000380)=ANY=[@ANYBLOB="8000000008021100000108021100000008021100000000000000000000000000640001000006020202020202010882848b960c121824f09e6f897ecc1f8df3ff8b75899657620f429e84f915905540ce32aa67bfcfa18fb748ca2487267b191ae48a04eb4ce3c38c9b7fd1126d6facaf5e10b6f0cb6517ca49d9b57e0bbbb04497439e1e37c660b51270ea54ed3a2a0990e025c8fb3da2bff4d907aa5e502df558bc000181e0cd119eda9ce16b8a23134e164177bda0da736bdc56cb344574deaf2c37fc444cff4720f28600ef9d44f46ee5894f609f83df02722dce99f2c4192b3988cc5743cc3618e71a445ce6b38aced0520bbf18f714b1adb5e95ce32d02ffac57a86554d145328b68a6db42a96c612504279761ed96b79658503e2f"], 0x36)
r3 = openat$zero(0xffffff9c, &(0x7f0000000000), 0x800, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r4, 0x20, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x14, 0x19, {0x7be3, 0x2, 0x3ff, 0x4}}}, [""]}, 0x30}, 0x1, 0x0, 0x0, 0x8881}, 0x90)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
nanosleep(&(0x7f0000000280)={0x0, 0x3938700}, &(0x7f00000002c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000380)=ANY=[@ANYBLOB="8000000008021100000108021100000008021100000000000000000000000000640001000006020202020202010882848b960c121824f09e6f897ecc1f8df3ff8b75899657620f429e84f915905540ce32aa67bfcfa18fb748ca2487267b191ae48a04eb4ce3c38c9b7fd1126d6facaf5e10b6f0cb6517ca49d9b57e0bbbb04497439e1e37c660b51270ea54ed3a2a0990e025c8fb3da2bff4d907aa5e502df558bc000181e0cd119eda9ce16b8a23134e164177bda0da736bdc56cb344574deaf2c37fc444cff4720f28600ef9d44f46ee5894f609f83df02722dce99f2c4192b3988cc5743cc3618e71a445ce6b38aced0520bbf18f714b1adb5e95ce32d02ffac57a86554d145328b68a6db42a96c612504279761ed96b79658503e2f"], 0x36) (async)
openat$zero(0xffffff9c, &(0x7f0000000000), 0x800, 0x0) (async)
syz_genetlink_get_family_id$tipc(&(0x7f0000000100), 0xffffffffffffffff) (async)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r4, 0x20, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x14, 0x19, {0x7be3, 0x2, 0x3ff, 0x4}}}, [""]}, 0x30}, 0x1, 0x0, 0x0, 0x8881}, 0x90) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
nanosleep(&(0x7f0000000280)={0x0, 0x3938700}, &(0x7f00000002c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async)

02:36:01 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4}, 0x10)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=@getstats={0x1c, 0x5e, 0x1, 0x0, 0x0, {0x0, 0x0, 0x2}}, 0x1c}}, 0x0)

02:36:01 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xb, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:01 executing program 2:
unshare(0x40000400)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
unshare(0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f00000001c0)={'raw\x00'}, &(0x7f0000000280)=0x54)

02:36:01 executing program 3:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000050cb5320450c10108e492940a84409021b00090000000009040002010035040009058dff86"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, &(0x7f0000000040)='0', 0x1)
write$char_usb(r1, &(0x7f0000000080)="8a", 0x1)
read$char_usb(r1, 0x0, 0x0)
syz_usb_disconnect(r0)

[ 1061.973491][T19567] __nla_validate_parse: 45 callbacks suppressed
[ 1061.973513][T19567] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1061.983379][T19563] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1062.015083][T19570] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[ 1062.057632][T19570] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1062.081794][T19567] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1062.098582][T19574] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1062.156433][T19573] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1062.175932][T19577] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1062.207237][T19570] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1062.219454][T19577] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:02 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ibss_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000380)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_a, @device_a, @random="e3448ad9c5c1"}, 0x0, @random=0xdb, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @val={0x5, 0xb7, {0x9, 0xd4, 0x6, "707c46b62639fb54710d63e404beacbd57126c3f85fe74ab8790a0fed473098e738c5803944b29be423621cb13b26ba5b512b410d33ef56f8f9dc2f014e004fd429819bdf4cc301166bce9e5530419e90357f6ccade96fb7a82bafa942c94c3ea0804db6aa64837069a23e21c21e8934be3fc88f4d9991c2b230a82feaba15bcadf7bda0d38a4cebc114129b21eb0557047ea6401835ef85f6ba07722c302cccfc47a1e7cb94b4b6c607cfa1b6ebaa0b2bd6a716"}}, @void, @void, @void, @void, @val={0x72, 0x6}, @void, @val={0x76, 0x6, {0x0, 0x53, 0x2f, 0x8}}}, 0xff)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1062.260675][T19573] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1062.312186][T19573] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1062.322053][T13285] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[ 1062.367880][T19573] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1062.391584][T19573] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1062.421356][T19583] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1062.431783][T19573] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1062.433318][ T5115] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[ 1062.457537][T19573] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1062.474641][T19583] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:02 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xe, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1062.573240][T13285] usb 5-1: Using ep0 maxpacket: 32
02:36:02 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c000000120005ff"], 0x2c}}, 0x0)
recvmmsg(r0, &(0x7f0000007700)=[{{0x0, 0x0, &(0x7f0000003b40)=[{&(0x7f00000018c0)=""/223, 0xe08}, {0x0, 0x58}, {&(0x7f0000002a80)=""/4090, 0xae4}], 0x3, 0x0, 0x500000000000000}}], 0x2f3, 0x10000, 0x0)

[ 1062.613416][T13285] usb 5-1: too many configurations: 68, using maximum allowed: 8
[ 1062.702635][T19588] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[ 1062.703487][T13285] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1062.727784][T13285] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1062.743139][ T5115] usb 4-1: Using ep0 maxpacket: 32
02:36:02 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ibss_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000380)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_a, @device_a, @random="e3448ad9c5c1"}, 0x0, @random=0xdb, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @val={0x5, 0xb7, {0x9, 0xd4, 0x6, "707c46b62639fb54710d63e404beacbd57126c3f85fe74ab8790a0fed473098e738c5803944b29be423621cb13b26ba5b512b410d33ef56f8f9dc2f014e004fd429819bdf4cc301166bce9e5530419e90357f6ccade96fb7a82bafa942c94c3ea0804db6aa64837069a23e21c21e8934be3fc88f4d9991c2b230a82feaba15bcadf7bda0d38a4cebc114129b21eb0557047ea6401835ef85f6ba07722c302cccfc47a1e7cb94b4b6c607cfa1b6ebaa0b2bd6a716"}}, @void, @void, @void, @void, @val={0x72, 0x6}, @void, @val={0x76, 0x6, {0x0, 0x53, 0x2f, 0x8}}}, 0xff)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ibss_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000380)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_a, @device_a, @random="e3448ad9c5c1"}, 0x0, @random=0xdb, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @val={0x5, 0xb7, {0x9, 0xd4, 0x6, "707c46b62639fb54710d63e404beacbd57126c3f85fe74ab8790a0fed473098e738c5803944b29be423621cb13b26ba5b512b410d33ef56f8f9dc2f014e004fd429819bdf4cc301166bce9e5530419e90357f6ccade96fb7a82bafa942c94c3ea0804db6aa64837069a23e21c21e8934be3fc88f4d9991c2b230a82feaba15bcadf7bda0d38a4cebc114129b21eb0557047ea6401835ef85f6ba07722c302cccfc47a1e7cb94b4b6c607cfa1b6ebaa0b2bd6a716"}}, @void, @void, @void, @void, @val={0x72, 0x6}, @void, @val={0x76, 0x6, {0x0, 0x53, 0x2f, 0x8}}}, 0xff) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async)

[ 1062.747907][T13285] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1062.772536][T19589] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1062.784014][ T5115] usb 4-1: too many configurations: 68, using maximum allowed: 8
02:36:02 executing program 5:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000050cb5320450c10108e492940a84409021b00090000000009040002010035040009058dff86"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, &(0x7f0000000040)='0', 0x1)
write$char_usb(r1, &(0x7f0000000080)="8a", 0x1)
read$char_usb(r1, 0x0, 0x0)
syz_usb_disconnect(r0)

[ 1062.833398][T13285] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1062.863857][T13285] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1062.883774][ T5115] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1062.902356][ T5115] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1062.906142][T13285] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1062.955710][T19594] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1062.969770][ T5115] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1063.016152][T13285] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1063.033451][T13285] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1063.073521][ T5115] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1063.080110][T13285] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1063.083924][ T5115] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1063.109142][T19595] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1063.139493][ T5115] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1063.193249][T18340] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[ 1063.203447][T13285] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1063.217039][T13285] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1063.271785][T13285] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1063.293687][ T5115] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1063.308221][ T5115] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1063.356711][ T5115] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1063.373478][T13285] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1063.392591][T13285] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1063.442508][T13285] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1063.453193][T18340] usb 6-1: Using ep0 maxpacket: 32
[ 1063.483939][ T5115] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1063.493647][T18340] usb 6-1: too many configurations: 68, using maximum allowed: 8
[ 1063.501783][ T5115] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1063.533113][ T5115] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1063.553346][T13285] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1063.572223][T13285] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1063.593606][T18340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1063.606003][T18340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1063.640398][T13285] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1063.652957][T18340] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1063.653509][ T5115] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1063.661471][ T5115] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1063.705791][ T5115] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1063.753357][T13285] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1063.770175][T13285] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1063.781945][T18340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1063.803314][T18340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1063.823636][ T5115] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1063.830475][T13285] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1063.836444][ T5115] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1063.845438][T18340] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1063.886367][ T5115] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1063.943552][T13285] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1063.953726][T18340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1063.962737][T18340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1063.978928][T13285] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1063.993398][ T5115] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1064.002343][ T5115] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1064.011052][T18340] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1064.022822][T13285] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1064.043357][ T5115] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1064.113530][T18340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1064.130799][T18340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1064.143553][ T5115] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1064.160602][ T5115] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1064.160776][T18340] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1064.187204][ T5115] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1064.224860][T13285] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1064.251436][T13285] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1064.273484][T13285] usb 5-1: Product: syz
[ 1064.277713][T13285] usb 5-1: Manufacturer: syz
[ 1064.282344][T13285] usb 5-1: SerialNumber: syz
[ 1064.311240][T13285] usb 5-1: config 0 descriptor??
[ 1064.333321][T18340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1064.342278][T18340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1064.372022][T18340] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1064.385603][T13285] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0
[ 1064.403499][ T5115] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1064.425395][ T5115] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1064.444434][ T5115] usb 4-1: Product: syz
[ 1064.459079][ T5115] usb 4-1: Manufacturer: syz
[ 1064.470048][ T5115] usb 4-1: SerialNumber: syz
[ 1064.483398][T18340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1064.484903][ T5115] usb 4-1: config 0 descriptor??
[ 1064.492323][T18340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1064.492361][T18340] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1064.566209][ T5115] yurex 4-1:0.0: USB YUREX device now attached to Yurex #1
[ 1064.643423][T18340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1064.652370][T18340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1064.686227][T18340] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1064.763325][T18340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1064.772294][T18340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1064.831973][T18340] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1064.873674][ T5115] usb 5-1: USB disconnect, device number 32
[ 1064.883226][    C1] usb 5-1: yurex_control_callback - control failed: -71
[ 1064.893816][ T5115] yurex 5-1:0.0: USB YUREX #0 now disconnected
[ 1064.910532][T13285] usb 4-1: USB disconnect, device number 32
[ 1064.956372][T13285] yurex 4-1:0.0: USB YUREX #1 now disconnected
[ 1065.003440][T18340] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1065.022870][T18340] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1065.035512][T18340] usb 6-1: Product: syz
[ 1065.039871][T18340] usb 6-1: Manufacturer: syz
[ 1065.044731][T18340] usb 6-1: SerialNumber: syz
[ 1065.055560][T18340] usb 6-1: config 0 descriptor??
[ 1065.098541][T18340] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0
[ 1065.521444][ T7594] usb 6-1: USB disconnect, device number 39
[ 1065.533121][    C1] usb 6-1: yurex_control_callback - control failed: -71
02:36:05 executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000050cb5320450c10108e492940a84409021b00090000000009040002010035040009058dff86"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, &(0x7f0000000040)='0', 0x1)
write$char_usb(r1, &(0x7f0000000080)="8a", 0x1)
read$char_usb(r1, 0x0, 0x0)
syz_usb_disconnect(r0)

02:36:05 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xf, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ibss_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000380)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_a, @device_a, @random="e3448ad9c5c1"}, 0x0, @random=0xdb, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @val={0x5, 0xb7, {0x9, 0xd4, 0x6, "707c46b62639fb54710d63e404beacbd57126c3f85fe74ab8790a0fed473098e738c5803944b29be423621cb13b26ba5b512b410d33ef56f8f9dc2f014e004fd429819bdf4cc301166bce9e5530419e90357f6ccade96fb7a82bafa942c94c3ea0804db6aa64837069a23e21c21e8934be3fc88f4d9991c2b230a82feaba15bcadf7bda0d38a4cebc114129b21eb0557047ea6401835ef85f6ba07722c302cccfc47a1e7cb94b4b6c607cfa1b6ebaa0b2bd6a716"}}, @void, @void, @void, @void, @val={0x72, 0x6}, @void, @val={0x76, 0x6, {0x0, 0x53, 0x2f, 0x8}}}, 0xff)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:05 executing program 4:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000050cb5320450c10108e492940a84409021b00090000000009040002010035040009058dff86"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, &(0x7f0000000040)='0', 0x1)
write$char_usb(r1, &(0x7f0000000080)="8a", 0x1)
read$char_usb(r1, 0x0, 0x0)
syz_usb_disconnect(r0)

[ 1065.567695][ T7594] yurex 6-1:0.0: USB YUREX #0 now disconnected
02:36:05 executing program 3:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000050cb5320450c10108e492940a84409021b00090000000009040002010035040009058dff86"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, &(0x7f0000000040)='0', 0x1)
write$char_usb(r1, &(0x7f0000000080)="8a", 0x1)
read$char_usb(r1, 0x0, 0x0)
syz_usb_disconnect(r0)

[ 1065.684455][T19609] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[ 1065.707587][T19607] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1065.765004][T19609] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1065.765989][T19616] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1065.797046][T19609] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1065.973289][ T5115] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[ 1066.013188][T13285] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[ 1066.013315][  T917] usb 4-1: new high-speed USB device number 33 using dummy_hcd
02:36:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x24, r1, 0x400, 0x0, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}, 0x1, 0x0, 0x0, 0x200000d4}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=ANY=[@ANYBLOB="50000000080211000001080211000000080211000000000000000000000000006400010000060202020202f3000882848b960c121824"], 0x36)

02:36:05 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x10, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1066.175248][T19618] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[ 1066.202130][T19618] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1066.233138][ T5115] usb 3-1: Using ep0 maxpacket: 32
02:36:06 executing program 5:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000050cb5320450c10108e492940a84409021b00090000000009040002010035040009058dff86"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, &(0x7f0000000040)='0', 0x1)
write$char_usb(r1, &(0x7f0000000080)="8a", 0x1)
read$char_usb(r1, 0x0, 0x0)
syz_usb_disconnect(r0)

[ 1066.254925][T19618] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1066.257803][T19620] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1066.283108][T13285] usb 5-1: Using ep0 maxpacket: 32
[ 1066.283350][ T5115] usb 3-1: too many configurations: 68, using maximum allowed: 8
[ 1066.296210][  T917] usb 4-1: Using ep0 maxpacket: 32
[ 1066.323496][T13285] usb 5-1: too many configurations: 68, using maximum allowed: 8
[ 1066.343743][  T917] usb 4-1: too many configurations: 68, using maximum allowed: 8
[ 1066.403324][T13285] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1066.413501][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1066.418006][T19620] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1066.428795][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1066.435699][T13285] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1066.443848][  T917] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1066.491233][  T917] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1066.503769][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1066.504979][T13285] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1066.529627][  T917] usb 4-1: config 0 interface 0 has no altsetting 0
02:36:06 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x11, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1066.593321][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1066.608338][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1066.623424][T13285] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1066.643095][T18340] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[ 1066.643352][  T917] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1066.656711][T13285] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1066.668307][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1066.689730][  T917] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1066.720899][T13285] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1066.723278][  T917] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1066.747297][T19625] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[ 1066.770163][T19625] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x24, r1, 0x400, 0x0, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}, 0x1, 0x0, 0x0, 0x200000d4}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=ANY=[@ANYBLOB="50000000080211000001080211000000080211000000000000000000000000006400010000060202020202f3000882848b960c121824"], 0x36)

[ 1066.803503][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1066.809100][T19625] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1066.823425][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1066.833446][T13285] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1066.852927][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1066.860689][  T917] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1066.875161][  T917] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1066.878615][T13285] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1066.902341][  T917] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1066.903084][T18340] usb 6-1: Using ep0 maxpacket: 32
[ 1066.964015][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1066.969294][T13285] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1066.980038][T18340] usb 6-1: too many configurations: 68, using maximum allowed: 8
[ 1066.982037][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1067.001821][T19628] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x24, r1, 0x400, 0x0, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}, 0x1, 0x0, 0x0, 0x200000d4}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=ANY=[@ANYBLOB="50000000080211000001080211000000080211000000000000000000000000006400010000060202020202f3000882848b960c121824"], 0x36)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x24, r1, 0x400, 0x0, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}, 0x1, 0x0, 0x0, 0x200000d4}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=ANY=[@ANYBLOB="50000000080211000001080211000000080211000000000000000000000000006400010000060202020202f3000882848b960c121824"], 0x36) (async)

[ 1067.013340][  T917] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1067.033022][  T917] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1067.063608][T18340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1067.074323][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1067.075365][T18340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1067.083778][  T917] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1067.098644][T13285] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1067.098690][T13285] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1067.098721][T13285] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1067.163272][T18340] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1067.172790][T19632] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1067.183157][T13285] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1067.183506][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1067.196630][T13285] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
02:36:07 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x13, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1067.230784][T19632] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1067.241349][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1067.259275][T13285] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1067.286460][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1067.313287][T18340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1067.325159][T19638] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[ 1067.340049][T18340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1067.363422][T13285] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1067.373420][  T917] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1067.384894][T19638] __nla_validate_parse: 47 callbacks suppressed
[ 1067.386642][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1067.387422][T13285] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1067.393992][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1067.402888][T19638] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1067.414008][T18340] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1067.429880][T13285] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1067.442297][  T917] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1067.453213][T19638] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1067.491204][  T917] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1067.503422][T18340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1067.519250][T18340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1067.524820][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1067.556364][T18340] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1067.573228][T13285] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1067.574614][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1067.582186][T13285] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1067.582220][T13285] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1067.613679][  T917] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1067.622641][  T917] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1067.660166][  T917] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1067.693447][T18340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1067.710340][T18340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1067.724363][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1067.739668][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1067.743281][T13285] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1067.772373][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1067.775742][T18340] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1067.794952][T13285] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1067.803310][  T917] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1067.824977][  T917] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1067.860972][T13285] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1067.861221][  T917] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1067.893776][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1067.902722][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1067.923497][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1067.923492][T18340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1067.966129][T18340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1067.997748][T18340] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1068.014644][  T917] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1068.031797][  T917] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1068.053366][T13285] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1068.068810][T13285] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1068.075040][  T917] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1068.084447][T18340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1068.084503][T18340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1068.084536][T18340] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1068.113372][ T5115] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1068.118235][T13285] usb 5-1: Product: syz
[ 1068.133576][ T5115] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1068.142668][T13285] usb 5-1: Manufacturer: syz
[ 1068.158237][ T5115] usb 3-1: Product: syz
[ 1068.168165][ T5115] usb 3-1: Manufacturer: syz
[ 1068.176010][T13285] usb 5-1: SerialNumber: syz
[ 1068.178964][ T5115] usb 3-1: SerialNumber: syz
[ 1068.208591][ T5115] usb 3-1: config 0 descriptor??
[ 1068.208615][T13285] usb 5-1: config 0 descriptor??
[ 1068.223157][T18340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1068.232101][T18340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1068.262280][T18340] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1068.290798][ T5115] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0
[ 1068.298888][T13285] yurex 5-1:0.0: USB YUREX device now attached to Yurex #1
[ 1068.353691][  T917] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1068.363415][T18340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1068.370351][  T917] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1068.372318][T18340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1068.372353][T18340] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1068.400661][  T917] usb 4-1: Product: syz
[ 1068.413350][  T917] usb 4-1: Manufacturer: syz
[ 1068.426417][  T917] usb 4-1: SerialNumber: syz
[ 1068.447007][  T917] usb 4-1: config 0 descriptor??
[ 1068.495853][  T917] yurex 4-1:0.0: USB YUREX device now attached to Yurex #2
[ 1068.573444][T18340] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1068.587349][T18340] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1068.596843][T18340] usb 6-1: Product: syz
[ 1068.601236][T18340] usb 6-1: Manufacturer: syz
[ 1068.606789][T18340] usb 6-1: SerialNumber: syz
[ 1068.617319][T18340] usb 6-1: config 0 descriptor??
[ 1068.638772][  T917] usb 5-1: USB disconnect, device number 33
[ 1068.743064][    C0] usb 3-1: yurex_control_callback - control failed: -71
[ 1068.753396][ T7594] usb 3-1: USB disconnect, device number 32
[ 1068.761341][  T917] yurex 5-1:0.0: USB YUREX #1 now disconnected
[ 1068.768271][T18340] yurex 6-1:0.0: USB YUREX device now attached to Yurex #1
[ 1068.776223][T19614] yurex_open - error, can't find device for minor 0
[ 1068.777611][ T7594] yurex 3-1:0.0: USB YUREX #0 now disconnected
[ 1068.778912][T18850] usb 4-1: USB disconnect, device number 33
[ 1068.838570][T18850] yurex 4-1:0.0: USB YUREX #2 now disconnected
[ 1068.937385][ T5115] usb 6-1: USB disconnect, device number 40
[ 1068.979575][ T5115] yurex 6-1:0.0: USB YUREX #1 now disconnected
02:36:09 executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000050cb5320450c10108e492940a84409021b00090000000009040002010035040009058dff86"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, &(0x7f0000000040)='0', 0x1)
write$char_usb(r1, &(0x7f0000000080)="8a", 0x1)
read$char_usb(r1, 0x0, 0x0)
syz_usb_disconnect(r0)

02:36:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0x1f}]}]}]}]}, 0x2c}}, 0x0)
sendmsg$NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x78, r6, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x4, 0x1e}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}, @NL80211_ATTR_IE={0x1c, 0x2a, [@mic={0x8c, 0x10, {0x41f, "9f16fc9b22dc", @short="7491d1ac8030c64f"}}, @ext_channel_switch={0x3c, 0x4, {0x1, 0x1, 0x84, 0x3}}]}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}]}, 0x78}, 0x1, 0x0, 0x0, 0x400d0}, 0x400c0d1)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:09 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x21, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:09 executing program 4:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000050cb5320450c10108e492940a84409021b00090000000009040002010035040009058dff86"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, &(0x7f0000000040)='0', 0x1)
write$char_usb(r1, &(0x7f0000000080)="8a", 0x1)
read$char_usb(r1, 0x0, 0x0)
syz_usb_disconnect(r0)

[ 1069.508411][T19650] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1069.521997][T19652] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
02:36:09 executing program 3:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000050cb5320450c10108e492940a84409021b00090000000009040002010035040009058dff86"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, &(0x7f0000000040)='0', 0x1)
write$char_usb(r1, &(0x7f0000000080)="8a", 0x1)
read$char_usb(r1, 0x0, 0x0)
syz_usb_disconnect(r0)

[ 1069.551989][T19652] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1069.562806][T19650] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1069.588449][T19655] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1069.616323][T19652] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:09 executing program 5:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000050cb5320450c10108e492940a84409021b00090000000009040002010035040009058dff86"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, &(0x7f0000000040)='0', 0x1)
write$char_usb(r1, &(0x7f0000000080)="8a", 0x1)
read$char_usb(r1, 0x0, 0x0)
syz_usb_disconnect(r0)

[ 1069.763095][T18850] usb 5-1: new high-speed USB device number 34 using dummy_hcd
02:36:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0x1f}]}]}]}]}, 0x2c}}, 0x0) (async)
sendmsg$NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x78, r6, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x4, 0x1e}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}, @NL80211_ATTR_IE={0x1c, 0x2a, [@mic={0x8c, 0x10, {0x41f, "9f16fc9b22dc", @short="7491d1ac8030c64f"}}, @ext_channel_switch={0x3c, 0x4, {0x1, 0x1, 0x84, 0x3}}]}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}]}, 0x78}, 0x1, 0x0, 0x0, 0x400d0}, 0x400c0d1) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1069.863430][T18340] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[ 1069.873047][ T5115] usb 3-1: new high-speed USB device number 33 using dummy_hcd
02:36:09 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x26, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1069.996429][T19662] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1070.006606][T18850] usb 5-1: Using ep0 maxpacket: 32
[ 1070.026052][T19664] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[ 1070.035064][ T5112] usb 6-1: new high-speed USB device number 41 using dummy_hcd
02:36:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0x1f}]}]}]}]}, 0x2c}}, 0x0)
sendmsg$NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x78, r6, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x4, 0x1e}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}, @NL80211_ATTR_IE={0x1c, 0x2a, [@mic={0x8c, 0x10, {0x41f, "9f16fc9b22dc", @short="7491d1ac8030c64f"}}, @ext_channel_switch={0x3c, 0x4, {0x1, 0x1, 0x84, 0x3}}]}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}]}, 0x78}, 0x1, 0x0, 0x0, 0x400d0}, 0x400c0d1)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (async)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b) (async)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0) (async)
sendfile(r3, r4, 0x0, 0x20000023896) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0x1f}]}]}]}]}, 0x2c}}, 0x0) (async)
sendmsg$NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x78, r6, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x4, 0x1e}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}, @NL80211_ATTR_IE={0x1c, 0x2a, [@mic={0x8c, 0x10, {0x41f, "9f16fc9b22dc", @short="7491d1ac8030c64f"}}, @ext_channel_switch={0x3c, 0x4, {0x1, 0x1, 0x84, 0x3}}]}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}]}, 0x78}, 0x1, 0x0, 0x0, 0x400d0}, 0x400c0d1) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async)

[ 1070.053362][T18850] usb 5-1: too many configurations: 68, using maximum allowed: 8
[ 1070.073230][T19664] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1070.101414][T19667] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1070.133169][T18340] usb 4-1: Using ep0 maxpacket: 32
[ 1070.143541][ T5115] usb 3-1: Using ep0 maxpacket: 32
[ 1070.143792][T18850] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1070.161755][T19669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1070.173546][T18340] usb 4-1: too many configurations: 68, using maximum allowed: 8
[ 1070.182766][T18850] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1070.203486][ T5115] usb 3-1: too many configurations: 68, using maximum allowed: 8
[ 1070.210158][T18850] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1070.217647][T19669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1070.253800][T18340] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1070.267384][T18340] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1070.279273][T19670] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1070.283341][ T5112] usb 6-1: Using ep0 maxpacket: 32
[ 1070.303438][T18850] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1070.303837][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1070.312355][T18850] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1070.312392][T18850] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1070.343058][T18340] usb 4-1: config 0 interface 0 has no altsetting 0
02:36:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0x1f}]}]}]}]}, 0x2c}}, 0x0)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000040)={&(0x7f0000000380)={0x18c, r4, 0x100, 0x70bd27, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x7c, 0x21}}}}, [@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x9202}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@cf_end={{}, {0x9}, @device_b, @random="65f4a455e0ba"}}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x86dd}, @NL80211_ATTR_FRAME={0x135, 0x33, @mgmt_frame=@probe_response={@with_ht={{{0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x6}, @device_b, @device_b, @random="d7555ebcd235", {0x1, 0x4}}, @ver_80211n={0x0, 0x5d8, 0x1, 0x1, 0x0, 0x3}}, 0xfffffffffffffffc, @random=0x4, 0xe5a2, @val={0x0, 0x6, @default_ap_ssid}, @void, @void, @val={0x4, 0x6, {0x7, 0x0, 0x200, 0x9}}, @void, @void, @val={0x72, 0x6}, @void, [{0xdd, 0xef, "7573ed8a15de1601247e497b389826ca2f7c51cdbbd2f2db4ca0043604b55c29fea60b0df859d37fcde3f31b81f2483a9e452968991f3ca111d0682947901766a98ea258297a3cc5e7de9c9fd8e9d841904dd1a83355758572ca12b404d44b79e4d99cd7918bbf2caec346ba30902e85e99d2b8b5b4d73f5a04d6f3e361ee3eca7f70803ded4f1cf69a91d16f221efd683326c82a5a05974fcdaabd828889387bf3243b38dd792295c68aaaf58d23678e0a55afddeed8473bf0577aa8f2dee25b597b0d89a1d9e7435ca79311834ad651bb95ddac88e6f99c122babc3f53b0d741c8ad9ca9297731b814aae09c933b"}]}}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}]}, 0x18c}, 0x1, 0x0, 0x0, 0x801}, 0x4000000)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="8000000008021100000108021100000008021100000000000000000000000003640001000006020202020202010882848b960c121824c4e281d7ce64f965440eeab5efd6c84f1889f9d03cd870d36c6c958aa52db7216dd25a590be0e868446fed8378e6490d860d38e6816a8fab012511c5ccff77a6b5f0178fb71a92b059db0691eb436b821a73e1d4af3616362a090fabfb1e7f4511092450"], 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1070.353442][ T5112] usb 6-1: too many configurations: 68, using maximum allowed: 8
[ 1070.357337][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1070.409156][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1070.443961][ T5112] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1070.449130][T19677] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1070.453327][T18340] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1070.472150][T18850] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1070.483579][T18850] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1070.498377][ T5112] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
02:36:10 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x28, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1070.509847][T19677] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1070.510254][T18340] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1070.533325][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1070.539674][T18850] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1070.551974][ T5112] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1070.558975][T18340] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1070.562852][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1070.601509][T19679] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[ 1070.613287][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1070.629832][T19679] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1070.633378][ T5112] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1070.648734][T18850] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1070.652469][T19679] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1070.659130][T18340] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1070.679756][T18850] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1070.698764][ T5112] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1070.712298][T18340] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1070.728248][T18850] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1070.732689][T19679] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1070.742705][ T5112] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1070.745950][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1070.764020][T18340] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1070.787150][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1070.812919][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1070.823730][T18850] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1070.840710][T18850] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1070.852458][ T5112] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
02:36:10 executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0x1f}]}]}]}]}, 0x2c}}, 0x0)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000040)={&(0x7f0000000380)={0x18c, r4, 0x100, 0x70bd27, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x7c, 0x21}}}}, [@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x9202}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@cf_end={{}, {0x9}, @device_b, @random="65f4a455e0ba"}}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x86dd}, @NL80211_ATTR_FRAME={0x135, 0x33, @mgmt_frame=@probe_response={@with_ht={{{0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x6}, @device_b, @device_b, @random="d7555ebcd235", {0x1, 0x4}}, @ver_80211n={0x0, 0x5d8, 0x1, 0x1, 0x0, 0x3}}, 0xfffffffffffffffc, @random=0x4, 0xe5a2, @val={0x0, 0x6, @default_ap_ssid}, @void, @void, @val={0x4, 0x6, {0x7, 0x0, 0x200, 0x9}}, @void, @void, @val={0x72, 0x6}, @void, [{0xdd, 0xef, "7573ed8a15de1601247e497b389826ca2f7c51cdbbd2f2db4ca0043604b55c29fea60b0df859d37fcde3f31b81f2483a9e452968991f3ca111d0682947901766a98ea258297a3cc5e7de9c9fd8e9d841904dd1a83355758572ca12b404d44b79e4d99cd7918bbf2caec346ba30902e85e99d2b8b5b4d73f5a04d6f3e361ee3eca7f70803ded4f1cf69a91d16f221efd683326c82a5a05974fcdaabd828889387bf3243b38dd792295c68aaaf58d23678e0a55afddeed8473bf0577aa8f2dee25b597b0d89a1d9e7435ca79311834ad651bb95ddac88e6f99c122babc3f53b0d741c8ad9ca9297731b814aae09c933b"}]}}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}]}, 0x18c}, 0x1, 0x0, 0x0, 0x801}, 0x4000000)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="8000000008021100000108021100000008021100000000000000000000000003640001000006020202020202010882848b960c121824c4e281d7ce64f965440eeab5efd6c84f1889f9d03cd870d36c6c958aa52db7216dd25a590be0e868446fed8378e6490d860d38e6816a8fab012511c5ccff77a6b5f0178fb71a92b059db0691eb436b821a73e1d4af3616362a090fabfb1e7f4511092450"], 0x36) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="8000000008021100000108021100000008021100000000000000000000000003640001000006020202020202010882848b960c121824c4e281d7ce64f965440eeab5efd6c84f1889f9d03cd870d36c6c958aa52db7216dd25a590be0e868446fed8378e6490d860d38e6816a8fab012511c5ccff77a6b5f0178fb71a92b059db0691eb436b821a73e1d4af3616362a090fabfb1e7f4511092450"], 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1070.861734][T18340] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1070.876764][ T5112] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1070.893361][T18340] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1070.906709][T18850] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1070.914056][ T5112] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1070.920729][T18340] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1070.923551][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1070.955312][T19683] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1070.961793][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1070.973697][T19682] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1071.003248][ T5112] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1071.009412][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1071.012423][T18850] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1071.028709][T18340] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1071.038083][ T5112] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1071.049581][T18340] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1071.064015][T18850] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1071.075420][ T5112] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1071.082216][T18340] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1071.099403][T18850] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1071.113712][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1071.133354][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1071.170495][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1071.173561][ T5112] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1071.193190][T18340] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1071.202329][T18850] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1071.218328][T18340] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1071.229938][T18850] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1071.241032][ T5112] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1071.252316][T18340] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1071.259986][T18850] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1071.263492][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1071.266813][ T5112] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1071.295783][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1071.332223][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1071.363523][T18340] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1071.372442][T18340] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1071.383576][T18850] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1071.394778][ T5112] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1071.413104][T18850] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1071.425039][ T5112] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1071.443051][T18340] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1071.443477][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1071.450363][ T5112] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1071.450443][T18850] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1071.474649][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1071.490648][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1071.523451][T18340] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1071.532432][ T5112] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1071.545652][ T5112] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1071.557941][T18340] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1071.583197][ T5112] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1071.589957][T18340] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1071.603474][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1071.613304][T18850] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1071.619017][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1071.622354][T18850] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1071.622382][T18850] usb 5-1: Product: syz
[ 1071.622400][T18850] usb 5-1: Manufacturer: syz
[ 1071.622418][T18850] usb 5-1: SerialNumber: syz
[ 1071.659618][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1071.682217][T18850] usb 5-1: config 0 descriptor??
[ 1071.693513][ T5112] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1071.706996][ T5112] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1071.731591][ T5112] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1071.749186][T18850] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0
[ 1071.793505][T18340] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1071.802600][T18340] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1071.832475][T18340] usb 4-1: Product: syz
[ 1071.841362][T18340] usb 4-1: Manufacturer: syz
[ 1071.851899][T18340] usb 4-1: SerialNumber: syz
[ 1071.864270][ T5115] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1071.879033][T18340] usb 4-1: config 0 descriptor??
[ 1071.883367][ T5115] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1071.894921][ T5115] usb 3-1: Product: syz
[ 1071.906391][ T5115] usb 3-1: Manufacturer: syz
[ 1071.919176][ T5115] usb 3-1: SerialNumber: syz
[ 1071.923368][ T5112] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1071.932890][ T5112] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1071.935855][ T5115] usb 3-1: config 0 descriptor??
[ 1071.954481][T18340] yurex 4-1:0.0: USB YUREX device now attached to Yurex #1
[ 1071.998609][ T5115] yurex 3-1:0.0: USB YUREX device now attached to Yurex #2
[ 1072.003210][ T5112] usb 6-1: Product: syz
[ 1072.012624][ T5112] usb 6-1: Manufacturer: syz
[ 1072.039191][ T5112] usb 6-1: SerialNumber: syz
[ 1072.068192][ T5112] usb 6-1: config 0 descriptor??
[ 1072.118666][ T5112] yurex 6-1:0.0: USB YUREX device now attached to Yurex #3
[ 1072.206415][ T5112] usb 5-1: USB disconnect, device number 34
[ 1072.223155][    C1] usb 5-1: yurex_control_callback - control failed: -71
[ 1072.231003][T19657] yurex_open - error, can't find device for minor 0
[ 1072.244916][ T5112] yurex 5-1:0.0: USB YUREX #0 now disconnected
[ 1072.263721][T18850] usb 4-1: USB disconnect, device number 34
[ 1072.278860][T18850] yurex 4-1:0.0: USB YUREX #1 now disconnected
[ 1072.291535][ T5115] usb 3-1: USB disconnect, device number 33
[ 1072.325897][ T5115] yurex 3-1:0.0: USB YUREX #2 now disconnected
[ 1072.350755][T18340] usb 6-1: USB disconnect, device number 41
[ 1072.389395][T18340] yurex 6-1:0.0: USB YUREX #3 now disconnected
02:36:12 executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000050cb5320450c10108e492940a84409021b00090000000009040002010035040009058dff86"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, &(0x7f0000000040)='0', 0x1)
write$char_usb(r1, &(0x7f0000000080)="8a", 0x1)
read$char_usb(r1, 0x0, 0x0)
syz_usb_disconnect(r0)

02:36:12 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x2c, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async, rerun: 32)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0x1f}]}]}]}]}, 0x2c}}, 0x0) (async)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000040)={&(0x7f0000000380)={0x18c, r4, 0x100, 0x70bd27, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x7c, 0x21}}}}, [@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x9202}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@cf_end={{}, {0x9}, @device_b, @random="65f4a455e0ba"}}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x86dd}, @NL80211_ATTR_FRAME={0x135, 0x33, @mgmt_frame=@probe_response={@with_ht={{{0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x6}, @device_b, @device_b, @random="d7555ebcd235", {0x1, 0x4}}, @ver_80211n={0x0, 0x5d8, 0x1, 0x1, 0x0, 0x3}}, 0xfffffffffffffffc, @random=0x4, 0xe5a2, @val={0x0, 0x6, @default_ap_ssid}, @void, @void, @val={0x4, 0x6, {0x7, 0x0, 0x200, 0x9}}, @void, @void, @val={0x72, 0x6}, @void, [{0xdd, 0xef, "7573ed8a15de1601247e497b389826ca2f7c51cdbbd2f2db4ca0043604b55c29fea60b0df859d37fcde3f31b81f2483a9e452968991f3ca111d0682947901766a98ea258297a3cc5e7de9c9fd8e9d841904dd1a83355758572ca12b404d44b79e4d99cd7918bbf2caec346ba30902e85e99d2b8b5b4d73f5a04d6f3e361ee3eca7f70803ded4f1cf69a91d16f221efd683326c82a5a05974fcdaabd828889387bf3243b38dd792295c68aaaf58d23678e0a55afddeed8473bf0577aa8f2dee25b597b0d89a1d9e7435ca79311834ad651bb95ddac88e6f99c122babc3f53b0d741c8ad9ca9297731b814aae09c933b"}]}}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}]}, 0x18c}, 0x1, 0x0, 0x0, 0x801}, 0x4000000)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="8000000008021100000108021100000008021100000000000000000000000003640001000006020202020202010882848b960c121824c4e281d7ce64f965440eeab5efd6c84f1889f9d03cd870d36c6c958aa52db7216dd25a590be0e868446fed8378e6490d860d38e6816a8fab012511c5ccff77a6b5f0178fb71a92b059db0691eb436b821a73e1d4af3616362a090fabfb1e7f4511092450"], 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:12 executing program 3:
syz_usb_connect$cdc_ncm(0x0, 0x73, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x61, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}, [@call_mgmt={0x5}]}}}}}]}}, 0x0)

02:36:12 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x404c880)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100))

02:36:12 executing program 5:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000140)='ns/mnt\x00')
ioctl$NS_GET_USERNS(r0, 0xb701, 0x0)

02:36:12 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)=@updpolicy={0xc0, 0x19, 0x15, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}}, [@XFRMA_IF_ID={0x8}]}, 0xc0}}, 0x0)

[ 1073.086763][T19692] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
02:36:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20018200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x4c, r3, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x36, 0x5b, "2d32c85ccdf6af0cd01e63a274e38608b124a7c8b97975415cf8e03fdba771c77ce7c545b63d76ba451c1cc29b9b9be3cbfc"}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000810}, 0x84)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x5c, r4, 0x10, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x3, 0x7e}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x4}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x18}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x18}], @NL80211_ATTR_WANT_1X_4WAY_HS={0x4}, @NL80211_ATTR_PREV_BSSID={0xa, 0x4f, @from_mac=@device_b}, @NL80211_ATTR_DISABLE_HT={0x4}]}, 0x5c}}, 0x10)

[ 1073.165687][T19701] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:13 executing program 5:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000140)='ns/mnt\x00')
ioctl$NS_GET_USERNS(r0, 0xb701, 0x0)

02:36:13 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @loopback}, r1}}, 0x30)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="0d000000246837f73199aee6fdb9291b3091ec1a2d41d227975ad8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3)

[ 1073.235065][T19706] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1073.253564][T19692] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:13 executing program 5:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000140)='ns/mnt\x00')
ioctl$NS_GET_USERNS(r0, 0xb701, 0x0)

02:36:13 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000100)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4000004, 0x11, r0, 0x0)
getsockopt$bt_hci(r1, 0x11c, 0x2, 0x0, &(0x7f0000000000))

[ 1073.322459][T19708] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1073.343155][T18850] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[ 1073.453413][ T5115] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[ 1073.583750][T18850] usb 4-1: Using ep0 maxpacket: 8
[ 1073.713452][T18850] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1073.723204][ T5115] usb 3-1: Using ep0 maxpacket: 32
[ 1073.733420][T18850] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1073.754458][T18850] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1073.764638][T18850] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[ 1073.774621][T18850] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1073.784875][T18850] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[ 1073.787314][ T5115] usb 3-1: too many configurations: 68, using maximum allowed: 8
[ 1073.893326][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1073.908118][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1073.920776][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1073.953458][T18850] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1073.982559][T18850] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1074.005530][T18850] usb 4-1: Product: syz
[ 1074.009829][T18850] usb 4-1: Manufacturer: syz
[ 1074.015380][T18850] usb 4-1: SerialNumber: syz
[ 1074.033089][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1074.042129][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1074.067108][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1074.173604][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1074.187414][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1074.218358][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1074.303571][T18850] cdc_ncm 4-1:1.0: bind() failure
[ 1074.321035][T18850] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[ 1074.323465][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1074.337098][T18850] cdc_ncm 4-1:1.1: bind() failure
[ 1074.352604][T18850] usb 4-1: USB disconnect, device number 35
[ 1074.355527][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1074.394627][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1074.483426][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1074.492799][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1074.534979][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1074.613600][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1074.622641][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1074.653139][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1074.754953][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1074.783138][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1074.803611][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1074.893343][ T5115] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1074.905545][ T5115] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1074.929570][ T5115] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1075.123312][ T5115] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1075.132426][ T5115] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1075.162099][ T5115] usb 3-1: Product: syz
[ 1075.174871][ T5115] usb 3-1: Manufacturer: syz
[ 1075.195440][ T5115] usb 3-1: SerialNumber: syz
[ 1075.215646][ T5115] usb 3-1: config 0 descriptor??
[ 1075.278480][ T5115] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0
[ 1075.713042][    C0] usb 3-1: yurex_control_callback - control failed: -71
[ 1075.721988][ T7594] usb 3-1: USB disconnect, device number 34
[ 1075.783226][ T7594] yurex 3-1:0.0: USB YUREX #0 now disconnected
02:36:16 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000001540)=""/264)

02:36:16 executing program 5:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000140)='ns/mnt\x00')
ioctl$NS_GET_USERNS(r0, 0xb701, 0x0)

02:36:16 executing program 4:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x8, &(0x7f0000001180)=ANY=[@ANYRESOCT=r3], 0x0, 0xa, 0x0, 0x0, 0x1f00, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0xfffffffc}, 0x10}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
socket(0x9, 0x0, 0x800)
socket$inet6(0xa, 0x3, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', <r8=>0x0})
setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000040)={r8, 0x1, 0x6, @broadcast}, 0x10)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000480)={&(0x7f0000000400)='./file0\x00', 0x0, 0xc}, 0x10)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000004c0)='blkio.bfq.io_service_time\x00', 0x0, 0x0)

02:36:16 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x33, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) (async)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20018200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x4c, r3, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x36, 0x5b, "2d32c85ccdf6af0cd01e63a274e38608b124a7c8b97975415cf8e03fdba771c77ce7c545b63d76ba451c1cc29b9b9be3cbfc"}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000810}, 0x84) (async)
sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20018200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x4c, r3, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x36, 0x5b, "2d32c85ccdf6af0cd01e63a274e38608b124a7c8b97975415cf8e03fdba771c77ce7c545b63d76ba451c1cc29b9b9be3cbfc"}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000810}, 0x84)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x5c, r4, 0x10, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x3, 0x7e}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x4}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x18}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x18}], @NL80211_ATTR_WANT_1X_4WAY_HS={0x4}, @NL80211_ATTR_PREV_BSSID={0xa, 0x4f, @from_mac=@device_b}, @NL80211_ATTR_DISABLE_HT={0x4}]}, 0x5c}}, 0x10) (async)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x5c, r4, 0x10, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x3, 0x7e}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x4}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x18}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x18}], @NL80211_ATTR_WANT_1X_4WAY_HS={0x4}, @NL80211_ATTR_PREV_BSSID={0xa, 0x4f, @from_mac=@device_b}, @NL80211_ATTR_DISABLE_HT={0x4}]}, 0x5c}}, 0x10)

02:36:16 executing program 2:
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='team_slave_0\x00')
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000072e1bc40820514009dbba5fac40109021f817a6cbb056256959d60682c5e890a967d"], 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYRES64=r1], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
pidfd_open(0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f00000003c0)=0x871, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x24003084, &(0x7f0000000200)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140), 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x6d)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000800)={0x0, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x88)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
recvmsg(r0, &(0x7f0000001500)={0x0, 0x1308, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0xb2c86da597010000, 0x2700}, 0x100)

02:36:16 executing program 3:
socket(0x15, 0x5, 0x3)

[ 1076.523943][T19730] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1076.553360][T19727] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:16 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@cgroup=r0}, 0x10)

[ 1076.593186][T19737] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1076.622471][T19727] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:16 executing program 3:
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r1=>0x0})
r2 = socket(0x1d, 0x2, 0x6)
bind$can_j1939(r2, &(0x7f0000000000)={0x1d, r1, 0x3}, 0x18)
r3 = dup(r2)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
sendmsg$can_bcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000380)=ANY=[], 0x80}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

[ 1076.651695][T19730] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:16 executing program 5:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000030c0), 0x0, 0x0)
ioctl$TCXONC(r0, 0x540a, 0x2)

[ 1076.879848][T19745] batadv_slave_1: entered promiscuous mode
02:36:16 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x50, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x4, 0x7, 0x0, 0x0}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x50}}, 0x0)

02:36:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20018200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x4c, r3, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x36, 0x5b, "2d32c85ccdf6af0cd01e63a274e38608b124a7c8b97975415cf8e03fdba771c77ce7c545b63d76ba451c1cc29b9b9be3cbfc"}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000810}, 0x84)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x5c, r4, 0x10, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x3, 0x7e}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x4}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x18}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x18}], @NL80211_ATTR_WANT_1X_4WAY_HS={0x4}, @NL80211_ATTR_PREV_BSSID={0xa, 0x4f, @from_mac=@device_b}, @NL80211_ATTR_DISABLE_HT={0x4}]}, 0x5c}}, 0x10)

02:36:16 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x3b, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:16 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x50, 0x2, 0x6, 0x185, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x50}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

[ 1077.088366][T19755] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1077.104079][ T5112] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[ 1077.137669][T19760] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1077.218346][T19763] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1077.279625][T19760] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1077.351884][T19725] batadv_slave_1: left promiscuous mode
[ 1077.463243][ T5112] usb 3-1: config index 0 descriptor too short (expected 33055, got 36)
[ 1077.478326][ T5112] usb 3-1: config 108 has too many interfaces: 122, using maximum allowed: 32
[ 1077.512341][ T5112] usb 3-1: config 108 has an invalid descriptor of length 86, skipping remainder of the config
[ 1077.544392][ T5112] usb 3-1: config 108 has 0 interfaces, different from the descriptor's value: 122
[ 1077.813225][ T5112] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1077.835287][ T5112] usb 3-1: New USB device strings: Mfr=165, Product=250, SerialNumber=196
[ 1077.868469][ T5112] usb 3-1: Product: syz
[ 1077.884491][ T5112] usb 3-1: Manufacturer: syz
[ 1077.903153][ T5112] usb 3-1: SerialNumber: syz
02:36:17 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_getrule={0x1c, 0x22, 0x308, 0x70bd25, 0x25dfdbfb, {0xa, 0x80, 0x20, 0x6, 0x74, 0x0, 0x0, 0x8, 0x1000a}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x24000844)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:17 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x50, 0x2, 0x6, 0x185, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x50}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

02:36:17 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x71, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1078.195604][T19744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1078.214515][T19744] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1078.237201][T19768] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1078.267013][T19768] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1078.329919][T19769] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1078.601248][T19769] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1078.633930][T19769] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:19 executing program 2:
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='team_slave_0\x00')
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000072e1bc40820514009dbba5fac40109021f817a6cbb056256959d60682c5e890a967d"], 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYRES64=r1], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
pidfd_open(0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f00000003c0)=0x871, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x24003084, &(0x7f0000000200)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140), 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x6d)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000800)={0x0, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x88)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
recvmsg(r0, &(0x7f0000001500)={0x0, 0x1308, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0xb2c86da597010000, 0x2700}, 0x100)

02:36:19 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x50, 0x2, 0x6, 0x185, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x50}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

02:36:19 executing program 4:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x8, &(0x7f0000001180)=ANY=[@ANYRESOCT=r3], 0x0, 0xa, 0x0, 0x0, 0x1f00, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0xfffffffc}, 0x10}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
socket(0x9, 0x0, 0x800)
socket$inet6(0xa, 0x3, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', <r8=>0x0})
setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000040)={r8, 0x1, 0x6, @broadcast}, 0x10)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000480)={&(0x7f0000000400)='./file0\x00', 0x0, 0xc}, 0x10)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000004c0)='blkio.bfq.io_service_time\x00', 0x0, 0x0)

02:36:19 executing program 3:
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r1=>0x0})
r2 = socket(0x1d, 0x2, 0x6)
bind$can_j1939(r2, &(0x7f0000000000)={0x1d, r1, 0x3}, 0x18)
r3 = dup(r2)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
sendmsg$can_bcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000380)=ANY=[], 0x80}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

02:36:19 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_getrule={0x1c, 0x22, 0x308, 0x70bd25, 0x25dfdbfb, {0xa, 0x80, 0x20, 0x6, 0x74, 0x0, 0x0, 0x8, 0x1000a}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x24000844)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_getrule={0x1c, 0x22, 0x308, 0x70bd25, 0x25dfdbfb, {0xa, 0x80, 0x20, 0x6, 0x74, 0x0, 0x0, 0x8, 0x1000a}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x24000844) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async)

02:36:19 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xd54, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1080.006882][ T5112] usb 3-1: USB disconnect, device number 35
[ 1080.045842][T19777] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:19 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x50, 0x2, 0x6, 0x185, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x50}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

[ 1080.075212][T19779] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1080.088338][T19779] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1080.104210][T19777] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1080.123879][T19779] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1080.162694][T19777] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:20 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_getrule={0x1c, 0x22, 0x308, 0x70bd25, 0x25dfdbfb, {0xa, 0x80, 0x20, 0x6, 0x74, 0x0, 0x0, 0x8, 0x1000a}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x24000844) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:20 executing program 5:
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='team_slave_0\x00')
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000072e1bc40820514009dbba5fac40109021f817a6cbb056256959d60682c5e890a967d"], 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYRES64=r1], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
pidfd_open(0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f00000003c0)=0x871, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x24003084, &(0x7f0000000200)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140), 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x6d)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000800)={0x0, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x88)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
recvmsg(r0, &(0x7f0000001500)={0x0, 0x1308, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0xb2c86da597010000, 0x2700}, 0x100)

[ 1080.374114][T19798] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1080.399165][T19791] batadv_slave_1: entered promiscuous mode
[ 1080.406739][T19798] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:20 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xd5c, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1080.604590][T19805] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1080.623195][ T5112] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[ 1080.645377][T19805] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1080.685327][T19805] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:20 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
r3 = openat$vcsa(0xffffff9c, &(0x7f0000000000), 0x40040, 0x0)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, r1, 0x300, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x6, 0x1a}}}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0xc, 0xcd, [0x5, 0x2, 0x3, 0x16]}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x1339}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x1302}]}, 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x8010)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1080.763143][T13285] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[ 1080.912539][T19807] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1080.953963][T19807] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:20 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xd64, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1081.073123][ T5112] usb 3-1: config index 0 descriptor too short (expected 33055, got 36)
[ 1081.088765][ T5112] usb 3-1: config 108 has too many interfaces: 122, using maximum allowed: 32
[ 1081.128112][T19809] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1081.141112][ T5112] usb 3-1: config 108 has an invalid descriptor of length 86, skipping remainder of the config
[ 1081.179360][ T5112] usb 3-1: config 108 has 0 interfaces, different from the descriptor's value: 122
[ 1081.191348][T19809] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1081.235302][T19809] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1081.236659][T19771] batadv_slave_1: left promiscuous mode
[ 1081.333581][T13285] usb 6-1: config index 0 descriptor too short (expected 33055, got 36)
[ 1081.349241][T13285] usb 6-1: config 108 has too many interfaces: 122, using maximum allowed: 32
[ 1081.373326][ T5112] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1081.391145][ T5112] usb 3-1: New USB device strings: Mfr=165, Product=250, SerialNumber=196
[ 1081.407869][T13285] usb 6-1: config 108 has an invalid descriptor of length 86, skipping remainder of the config
[ 1081.448685][ T5112] usb 3-1: Product: syz
[ 1081.462170][T13285] usb 6-1: config 108 has 0 interfaces, different from the descriptor's value: 122
[ 1081.477905][ T5112] usb 3-1: Manufacturer: syz
[ 1081.498069][ T5112] usb 3-1: SerialNumber: syz
[ 1081.763308][T13285] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1081.784760][T13285] usb 6-1: New USB device strings: Mfr=165, Product=250, SerialNumber=196
[ 1081.811737][T13285] usb 6-1: Product: syz
[ 1081.836441][T13285] usb 6-1: Manufacturer: syz
[ 1081.852906][T13285] usb 6-1: SerialNumber: syz
[ 1081.859921][T19793] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1081.899882][T19793] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1082.200153][T19802] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1082.214751][T19802] misc raw-gadget: fail, usb_gadget_register_driver returned -16
02:36:23 executing program 2:
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='team_slave_0\x00')
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000072e1bc40820514009dbba5fac40109021f817a6cbb056256959d60682c5e890a967d"], 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYRES64=r1], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
pidfd_open(0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f00000003c0)=0x871, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x24003084, &(0x7f0000000200)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140), 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x6d)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000800)={0x0, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x88)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
recvmsg(r0, &(0x7f0000001500)={0x0, 0x1308, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0xb2c86da597010000, 0x2700}, 0x100)

02:36:23 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async, rerun: 32)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async, rerun: 32)
r3 = openat$vcsa(0xffffff9c, &(0x7f0000000000), 0x40040, 0x0)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, r1, 0x300, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x6, 0x1a}}}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0xc, 0xcd, [0x5, 0x2, 0x3, 0x16]}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x1339}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x1302}]}, 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x8010)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:23 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xd6c, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:23 executing program 3:
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r1=>0x0})
r2 = socket(0x1d, 0x2, 0x6)
bind$can_j1939(r2, &(0x7f0000000000)={0x1d, r1, 0x3}, 0x18)
r3 = dup(r2)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
sendmsg$can_bcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000380)=ANY=[], 0x80}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

02:36:23 executing program 4:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x8, &(0x7f0000001180)=ANY=[@ANYRESOCT=r3], 0x0, 0xa, 0x0, 0x0, 0x1f00, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0xfffffffc}, 0x10}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
socket(0x9, 0x0, 0x800)
socket$inet6(0xa, 0x3, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', <r8=>0x0})
setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000040)={r8, 0x1, 0x6, @broadcast}, 0x10)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000480)={&(0x7f0000000400)='./file0\x00', 0x0, 0xc}, 0x10)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000004c0)='blkio.bfq.io_service_time\x00', 0x0, 0x0)

[ 1083.919966][ T5112] usb 3-1: USB disconnect, device number 36
[ 1083.973582][T19821] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1084.020629][T19821] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1084.068886][T19821] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1084.084519][T19823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:23 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
r3 = openat$vcsa(0xffffff9c, &(0x7f0000000000), 0x40040, 0x0)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, r1, 0x300, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x6, 0x1a}}}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0xc, 0xcd, [0x5, 0x2, 0x3, 0x16]}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x1339}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x1302}]}, 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x8010) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1084.290164][T19834] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1084.304987][T19830] batadv_slave_1: entered promiscuous mode
02:36:24 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xd74, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1084.503109][ T5112] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[ 1084.579056][T19838] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
02:36:24 executing program 5:
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='team_slave_0\x00')
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000072e1bc40820514009dbba5fac40109021f817a6cbb056256959d60682c5e890a967d"], 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYRES64=r1], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
pidfd_open(0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f00000003c0)=0x871, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x24003084, &(0x7f0000000200)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140), 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x6d)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000800)={0x0, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x88)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
recvmsg(r0, &(0x7f0000001500)={0x0, 0x1308, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0xb2c86da597010000, 0x2700}, 0x100)

02:36:24 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0xa)
r5 = openat$procfs(0xffffff9c, &(0x7f0000000100)='/proc/meminfo\x00', 0x0, 0x0)
ioctl$TCSBRKP(r5, 0x5425, 0x100)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r4)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@ctrl_frame=@cts={{}, {0xff}, @device_b}, 0xa)

[ 1084.632588][T19839] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1084.664670][T13285] usb 6-1: USB disconnect, device number 42
[ 1084.756156][T19838] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1084.814359][T19842] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1084.869199][T19842] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1084.983214][ T5112] usb 3-1: config index 0 descriptor too short (expected 33055, got 36)
[ 1085.012003][ T5112] usb 3-1: config 108 has too many interfaces: 122, using maximum allowed: 32
[ 1085.060296][ T5112] usb 3-1: config 108 has an invalid descriptor of length 86, skipping remainder of the config
02:36:24 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xd7c, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1085.112654][ T5112] usb 3-1: config 108 has 0 interfaces, different from the descriptor's value: 122
02:36:25 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async, rerun: 32)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0}) (rerun: 32)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async, rerun: 32)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (rerun: 32)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b) (async)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0xa)
r5 = openat$procfs(0xffffff9c, &(0x7f0000000100)='/proc/meminfo\x00', 0x0, 0x0)
ioctl$TCSBRKP(r5, 0x5425, 0x100) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r4) (async, rerun: 32)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async, rerun: 32)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async, rerun: 32)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@ctrl_frame=@cts={{}, {0xff}, @device_b}, 0xa) (rerun: 32)

[ 1085.223182][T13285] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[ 1085.268288][T19812] batadv_slave_1: left promiscuous mode
[ 1085.333254][ T5112] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1085.346295][T19850] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1085.361984][ T5112] usb 3-1: New USB device strings: Mfr=165, Product=250, SerialNumber=196
[ 1085.400921][ T5112] usb 3-1: Product: syz
[ 1085.422801][ T5112] usb 3-1: Manufacturer: syz
02:36:25 executing program 3:
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r1=>0x0})
r2 = socket(0x1d, 0x2, 0x6)
bind$can_j1939(r2, &(0x7f0000000000)={0x1d, r1, 0x3}, 0x18)
r3 = dup(r2)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
sendmsg$can_bcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000380)=ANY=[], 0x80}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

[ 1085.454223][ T5112] usb 3-1: SerialNumber: syz
[ 1085.470434][T19850] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1085.633158][T13285] usb 6-1: config index 0 descriptor too short (expected 33055, got 36)
[ 1085.641560][T13285] usb 6-1: config 108 has too many interfaces: 122, using maximum allowed: 32
[ 1085.709293][T13285] usb 6-1: config 108 has an invalid descriptor of length 86, skipping remainder of the config
[ 1085.762788][T13285] usb 6-1: config 108 has 0 interfaces, different from the descriptor's value: 122
[ 1085.944657][ T8083] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1086.072438][T19829] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1086.073229][T13285] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1086.096971][T19829] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1086.122281][ T8083] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1086.169785][T13285] usb 6-1: New USB device strings: Mfr=165, Product=250, SerialNumber=196
[ 1086.200170][T13285] usb 6-1: Product: syz
[ 1086.214274][T13285] usb 6-1: Manufacturer: syz
[ 1086.234151][T13285] usb 6-1: SerialNumber: syz
[ 1086.521231][ T8083] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1086.643274][ T8083] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1086.723796][T19846] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1086.799653][T19846] misc raw-gadget: fail, usb_gadget_register_driver returned -16
02:36:27 executing program 2:
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='team_slave_0\x00')
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000072e1bc40820514009dbba5fac40109021f817a6cbb056256959d60682c5e890a967d"], 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYRES64=r1], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
pidfd_open(0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f00000003c0)=0x871, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x24003084, &(0x7f0000000200)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140), 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x6d)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000800)={0x0, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x88)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
recvmsg(r0, &(0x7f0000001500)={0x0, 0x1308, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0xb2c86da597010000, 0x2700}, 0x100)

02:36:27 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b) (async)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0xa) (async, rerun: 64)
r5 = openat$procfs(0xffffff9c, &(0x7f0000000100)='/proc/meminfo\x00', 0x0, 0x0) (rerun: 64)
ioctl$TCSBRKP(r5, 0x5425, 0x100) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r4)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@ctrl_frame=@cts={{}, {0xff}, @device_b}, 0xa)

02:36:27 executing program 3:
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='team_slave_0\x00')
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000072e1bc40820514009dbba5fac40109021f817a6cbb056256959d60682c5e890a967d"], 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYRES64=r1], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
pidfd_open(0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f00000003c0)=0x871, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x24003084, &(0x7f0000000200)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140), 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x6d)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000800)={0x0, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x88)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
recvmsg(r0, &(0x7f0000001500)={0x0, 0x1308, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0xb2c86da597010000, 0x2700}, 0x100)

02:36:27 executing program 4:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x8, &(0x7f0000001180)=ANY=[@ANYRESOCT=r3], 0x0, 0xa, 0x0, 0x0, 0x1f00, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0xfffffffc}, 0x10}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
socket(0x9, 0x0, 0x800)
socket$inet6(0xa, 0x3, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', <r8=>0x0})
setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000040)={r8, 0x1, 0x6, @broadcast}, 0x10)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000480)={&(0x7f0000000400)='./file0\x00', 0x0, 0xc}, 0x10)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000004c0)='blkio.bfq.io_service_time\x00', 0x0, 0x0)

[ 1088.156383][ T5112] usb 3-1: USB disconnect, device number 37
02:36:28 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB=':\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r6, @ANYBLOB="10005a800c00008005000200f8000000"], 0x2c}}, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="0000399d", @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="00007d8000000200ccf08e48778671b4fd326f0692cfa9de0094f781b8dc1584d0458e650674b5559c2f3495de0f2f2d1dfd2aa36e85bc5f8bb77eb6e044abc629622810cdcbbaffb89445c431d475fe14e420a100000100b13dca7e94469e0d6b6957785b37062bdf7c379f4ffdcee43b55e4b40736eef6df7cfce6048ef9242c81954fafa4aca1c673105c3371b9186747c49665d8e60d1f855767be1cc16baad4ffc41ea4f47cec38d7acddd1e1d9bdeed5841804b1ee7ec5e006344fbe8dd5f4a7b6ca23362e75c482f7e9b35adb64ea44647fa0ca7f9130fe4c5eb3ddab260a3fedfabb9ddbd924869a72c8438dcf600ded944e84e4e0c0e01e4403cb86bc3401f910002d800a0000000202020202020000"], 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, @random=0x2, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1088.643064][T13170] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[ 1088.703277][T19895] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1088.743135][ T5112] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[ 1088.767104][T19895] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1088.956495][T19897] batadv_slave_1: entered promiscuous mode
[ 1089.043113][T13170] usb 4-1: config index 0 descriptor too short (expected 33055, got 36)
[ 1089.055521][T13170] usb 4-1: config 108 has too many interfaces: 122, using maximum allowed: 32
[ 1089.066787][ T8083] hsr_slave_0: left promiscuous mode
[ 1089.089182][T13170] usb 4-1: config 108 has an invalid descriptor of length 86, skipping remainder of the config
[ 1089.123244][ T5112] usb 3-1: config index 0 descriptor too short (expected 33055, got 36)
[ 1089.140721][ T5112] usb 3-1: config 108 has too many interfaces: 122, using maximum allowed: 32
[ 1089.151771][ T8083] hsr_slave_1: left promiscuous mode
02:36:28 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB=':\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r6, @ANYBLOB="10005a800c00008005000200f8000000"], 0x2c}}, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="0000399d", @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="00007d8000000200ccf08e48778671b4fd326f0692cfa9de0094f781b8dc1584d0458e650674b5559c2f3495de0f2f2d1dfd2aa36e85bc5f8bb77eb6e044abc629622810cdcbbaffb89445c431d475fe14e420a100000100b13dca7e94469e0d6b6957785b37062bdf7c379f4ffdcee43b55e4b40736eef6df7cfce6048ef9242c81954fafa4aca1c673105c3371b9186747c49665d8e60d1f855767be1cc16baad4ffc41ea4f47cec38d7acddd1e1d9bdeed5841804b1ee7ec5e006344fbe8dd5f4a7b6ca23362e75c482f7e9b35adb64ea44647fa0ca7f9130fe4c5eb3ddab260a3fedfabb9ddbd924869a72c8438dcf600ded944e84e4e0c0e01e4403cb86bc3401f910002d800a0000000202020202020000"], 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, @random=0x2, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB=':\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r6, @ANYBLOB="10005a800c00008005000200f8000000"], 0x2c}}, 0x0) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="0000399d", @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="00007d8000000200ccf08e48778671b4fd326f0692cfa9de0094f781b8dc1584d0458e650674b5559c2f3495de0f2f2d1dfd2aa36e85bc5f8bb77eb6e044abc629622810cdcbbaffb89445c431d475fe14e420a100000100b13dca7e94469e0d6b6957785b37062bdf7c379f4ffdcee43b55e4b40736eef6df7cfce6048ef9242c81954fafa4aca1c673105c3371b9186747c49665d8e60d1f855767be1cc16baad4ffc41ea4f47cec38d7acddd1e1d9bdeed5841804b1ee7ec5e006344fbe8dd5f4a7b6ca23362e75c482f7e9b35adb64ea44647fa0ca7f9130fe4c5eb3ddab260a3fedfabb9ddbd924869a72c8438dcf600ded944e84e4e0c0e01e4403cb86bc3401f910002d800a0000000202020202020000"], 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, @random=0x2, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async)

[ 1089.185036][T13170] usb 4-1: config 108 has 0 interfaces, different from the descriptor's value: 122
[ 1089.201962][ T8083] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1089.257320][ T8083] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1089.277890][ T5112] usb 3-1: config 108 has an invalid descriptor of length 86, skipping remainder of the config
[ 1089.327396][ T8083] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1089.341811][ T5112] usb 3-1: config 108 has 0 interfaces, different from the descriptor's value: 122
[ 1089.399402][ T8083] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1089.413899][T19902] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1089.464294][T13170] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1089.482367][ T8083] bridge_slave_1: left allmulticast mode
[ 1089.499279][T19902] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1089.510647][T13170] usb 4-1: New USB device strings: Mfr=165, Product=250, SerialNumber=196
[ 1089.534632][ T8083] bridge_slave_1: left promiscuous mode
[ 1089.560545][T13170] usb 4-1: Product: syz
[ 1089.566225][ T8083] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1089.590578][T13170] usb 4-1: Manufacturer: syz
[ 1089.610769][T13170] usb 4-1: SerialNumber: syz
[ 1089.619250][ T8083] bridge_slave_0: left allmulticast mode
[ 1089.649693][ T8083] bridge_slave_0: left promiscuous mode
[ 1089.669448][ T8083] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1089.741485][ T8083] veth1_macvtap: left promiscuous mode
[ 1089.763194][ T5112] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1089.776336][ T8083] veth0_macvtap: left promiscuous mode
02:36:29 executing program 5:
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='team_slave_0\x00')
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000072e1bc40820514009dbba5fac40109021f817a6cbb056256959d60682c5e890a967d"], 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYRES64=r1], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
pidfd_open(0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f00000003c0)=0x871, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x24003084, &(0x7f0000000200)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140), 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x6d)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000800)={0x0, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x88)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
recvmsg(r0, &(0x7f0000001500)={0x0, 0x1308, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0xb2c86da597010000, 0x2700}, 0x100)

[ 1089.799863][ T5112] usb 3-1: New USB device strings: Mfr=165, Product=250, SerialNumber=196
[ 1089.812164][ T8083] veth1_vlan: left promiscuous mode
[ 1089.845282][ T8083] veth0_vlan: left promiscuous mode
[ 1089.855700][T13285] usb 6-1: USB disconnect, device number 43
[ 1089.868882][ T5112] usb 3-1: Product: syz
[ 1089.899505][ T5112] usb 3-1: Manufacturer: syz
[ 1089.931088][ T5112] usb 3-1: SerialNumber: syz
[ 1089.983845][ T5063] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1090.001521][ T5063] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1090.011139][ T5063] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1090.025521][ T5063] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 1090.035530][ T5063] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1090.079480][T19889] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1090.090354][T19889] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1090.530176][T19888] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1090.590771][T19888] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1090.743112][ T5113] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[ 1091.143260][ T5113] usb 6-1: config index 0 descriptor too short (expected 33055, got 36)
[ 1091.169196][ T5113] usb 6-1: config 108 has too many interfaces: 122, using maximum allowed: 32
[ 1091.253982][ T5113] usb 6-1: config 108 has an invalid descriptor of length 86, skipping remainder of the config
[ 1091.334961][ T5113] usb 6-1: config 108 has 0 interfaces, different from the descriptor's value: 122
[ 1091.633377][ T5113] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1091.660203][ T5113] usb 6-1: New USB device strings: Mfr=165, Product=250, SerialNumber=196
[ 1091.749275][ T5113] usb 6-1: Product: syz
[ 1091.794950][ T5113] usb 6-1: Manufacturer: syz
[ 1091.825577][ T5113] usb 6-1: SerialNumber: syz
[ 1092.063185][ T5065] Bluetooth: hci1: command 0x0409 tx timeout
[ 1092.117821][ T8083] team0 (unregistering): Port device team_slave_1 removed
[ 1092.221256][ T8083] team0 (unregistering): Port device team_slave_0 removed
[ 1092.580600][T19912] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1092.753297][T19912] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1092.877830][ T8083] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1092.949456][ T8083] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
02:36:32 executing program 2:
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='team_slave_0\x00')
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000072e1bc40820514009dbba5fac40109021f817a6cbb056256959d60682c5e890a967d"], 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYRES64=r1], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
pidfd_open(0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f00000003c0)=0x871, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x24003084, &(0x7f0000000200)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140), 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x6d)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000800)={0x0, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x88)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
recvmsg(r0, &(0x7f0000001500)={0x0, 0x1308, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0xb2c86da597010000, 0x2700}, 0x100)

[ 1093.220014][ T5112] usb 3-1: USB disconnect, device number 38
[ 1093.316504][ T8083] bond0 (unregistering): Released all slaves
02:36:33 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0}) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB=':\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r6, @ANYBLOB="10005a800c00008005000200f8000000"], 0x2c}}, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="0000399d", @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="00007d8000000200ccf08e48778671b4fd326f0692cfa9de0094f781b8dc1584d0458e650674b5559c2f3495de0f2f2d1dfd2aa36e85bc5f8bb77eb6e044abc629622810cdcbbaffb89445c431d475fe14e420a100000100b13dca7e94469e0d6b6957785b37062bdf7c379f4ffdcee43b55e4b40736eef6df7cfce6048ef9242c81954fafa4aca1c673105c3371b9186747c49665d8e60d1f855767be1cc16baad4ffc41ea4f47cec38d7acddd1e1d9bdeed5841804b1ee7ec5e006344fbe8dd5f4a7b6ca23362e75c482f7e9b35adb64ea44647fa0ca7f9130fe4c5eb3ddab260a3fedfabb9ddbd924869a72c8438dcf600ded944e84e4e0c0e01e4403cb86bc3401f910002d800a0000000202020202020000"], 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, @random=0x2, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async, rerun: 32)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (rerun: 32)

[ 1093.504316][T19873] batadv_slave_1: left promiscuous mode
[ 1093.519206][T13170] usb 4-1: USB disconnect, device number 36
[ 1093.893227][  T917] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[ 1094.052257][T19910] chnl_net:caif_netlink_parms(): no params data found
[ 1094.143149][ T5065] Bluetooth: hci1: command 0x041b tx timeout
[ 1094.653333][  T917] usb 3-1: config index 0 descriptor too short (expected 33055, got 36)
[ 1094.661748][  T917] usb 3-1: config 108 has too many interfaces: 122, using maximum allowed: 32
[ 1094.722596][  T917] usb 3-1: config 108 has an invalid descriptor of length 86, skipping remainder of the config
[ 1094.778497][  T917] usb 3-1: config 108 has 0 interfaces, different from the descriptor's value: 122
[ 1094.887891][T19910] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1094.901176][T19910] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1094.908011][ T5113] usb 6-1: USB disconnect, device number 44
[ 1094.931188][T19910] bridge_slave_0: entered allmulticast mode
[ 1094.958264][T19910] bridge_slave_0: entered promiscuous mode
[ 1094.981975][T19910] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1094.990995][T19910] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1095.023270][  T917] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1095.032361][  T917] usb 3-1: New USB device strings: Mfr=165, Product=250, SerialNumber=196
[ 1095.043869][T19910] bridge_slave_1: entered allmulticast mode
[ 1095.058985][T19910] bridge_slave_1: entered promiscuous mode
[ 1095.071477][  T917] usb 3-1: Product: syz
[ 1095.093786][  T917] usb 3-1: Manufacturer: syz
[ 1095.108913][  T917] usb 3-1: SerialNumber: syz
[ 1095.186783][T19910] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1095.237927][T19910] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1095.335939][T19910] team0: Port device team_slave_0 added
[ 1095.374969][T19910] team0: Port device team_slave_1 added
[ 1095.506527][T19910] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1095.522251][T19910] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1095.593018][T19910] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1095.609066][T19918] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1095.647645][T19910] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1095.665958][T19910] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1095.720917][T19910] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1095.768817][T19918] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1095.938684][T19910] hsr_slave_0: entered promiscuous mode
[ 1095.960241][T19910] hsr_slave_1: entered promiscuous mode
[ 1096.023398][T19910] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1096.031068][T19910] Cannot create hsr debugfs directory
[ 1096.223423][ T5065] Bluetooth: hci1: command 0x040f tx timeout
[ 1097.507810][T19910] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1097.539854][T19910] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1097.576770][T19910] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1097.616434][T19910] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1097.950617][T19910] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1098.015517][T19910] 8021q: adding VLAN 0 to HW filter on device team0
[ 1098.038817][ T5115] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1098.046011][ T5115] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1098.094119][ T5115] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1098.101267][ T5115] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1098.303508][ T5063] Bluetooth: hci1: command 0x0419 tx timeout
[ 1098.340193][T19910] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1098.421166][  T917] usb 3-1: USB disconnect, device number 39
[ 1098.443379][T19910] veth0_vlan: entered promiscuous mode
[ 1098.487392][T19910] veth1_vlan: entered promiscuous mode
[ 1098.576377][T19910] veth0_macvtap: entered promiscuous mode
[ 1098.598966][T19910] veth1_macvtap: entered promiscuous mode
[ 1098.631310][T19910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1098.658744][T19910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1098.674905][T19910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1098.715168][T19910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1098.751209][T19910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1098.765352][T19910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1098.785628][T19910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1098.809805][T19910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1098.831482][T19910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1098.893981][T19910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1098.927540][T19910] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1098.977285][T19910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1099.014691][T19910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1099.033057][T19910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1099.059824][T19910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1099.083280][T19910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1099.094142][T19910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1099.104535][T19910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1099.116653][T19910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1099.128372][T19910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1099.139254][T19910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1099.151167][T19910] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1099.191718][T19910] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1099.225962][T19910] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1099.253138][T19910] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1099.261947][T19910] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1099.446890][ T5112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1099.465973][ T5112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1099.533445][ T5112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1099.541319][ T5112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1099.638311][T19983] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1099.664693][T19983] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1099.690449][T19983] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:39 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xd84, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:39 executing program 3:
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='team_slave_0\x00')
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000072e1bc40820514009dbba5fac40109021f817a6cbb056256959d60682c5e890a967d"], 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYRES64=r1], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
pidfd_open(0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f00000003c0)=0x871, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x24003084, &(0x7f0000000200)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140), 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x6d)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000800)={0x0, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x88)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
recvmsg(r0, &(0x7f0000001500)={0x0, 0x1308, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0xb2c86da597010000, 0x2700}, 0x100)

02:36:39 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000740)={0x12e8, r3, 0x400, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_NAN_FUNC={0x12d4, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_FOLLOW_UP_ID={0x5, 0x6, 0xac}, @NL80211_NAN_FUNC_TX_MATCH_FILTER={0x160, 0xe, 0x0, 0x1, [{0xc9, 0x0, "51752ef3d3b7ae5f0a7a9f9fcd5babd7be0513b0f7d27b3faafdc51e93e459c5cef187d6734a7a207dbb04148214af286621966f05b99d31f5e082065f6f9883f9428def24432327708c1390d258a4fe1a5e3b050b4ed30dcd248b98eb0fc27732d0cd1ec267e2e4a9831f6fbca54ec82560b29963f438ce7dd19cd67758230ffd861d2eadb6a4f8077f1bdeccef48feae38b34b964b7ef5412f24eff58339c3b72f4857c19986a77a11608c9baa34c27729447f85c206de4e033b9e8535a4297800ff2674"}, {0x57, 0x0, "ba573d981a2ad8ef264a1aad7fcd12fa44e3d10cdc7f0820354115defb56bd39cc49fc19a5459b8686cefac250133c60be154c1898afa408826c7f0c43a2e04c6613a623e4e862c324486e7ec1da53ed6d4da3"}, {0xa, 0x0, "df4bc6a26192"}, {0x2c, 0x0, "d7374f2e1d608a1fbf56187b193e6847dbfe4929922ca4f37ee80a7b3984349326d32f9b166df8cd"}]}, @NL80211_NAN_FUNC_FOLLOW_UP_DEST={0xa, 0x8, @device_b}, @NL80211_NAN_FUNC_TX_MATCH_FILTER={0x1134, 0xe, 0x0, 0x1, [{0x48, 0x0, "12350bbe8d4feaa260e80d7cb4b5e54ee38b5ebeae5aa028acc2ef17d05995e2ee2d2e4a2ec303313a4c73bdec5ad9830371e3ecc41a8c33a87aced22e1aa1032957064a"}, {0x1004, 0x0, "f2faa83c5f25ab3a79088158be374642d2456741c67d7a33f5681442b2188afe035eb68df641dfa861faa24c8d9a69a07282c7a60731d529c5539c7bb9334def037d13c83de30cd852d7f4f584ffe18267b381108a2d2049244fa1432680ce670609dcac891f2c5d6e17f632daeddb73ed00212856a9018cf70bef37380fdb2b00f64619c23372c56be70b72b36b9931ec8f405cc76e91c2b9d4c7698f9fd40b988ef7e561909a167bc5eb3e3abe20f25cec25a4c90941af7cb234ada50ecd466ba6b6c0407cc6178e74b5bb526d7d86b9addb6e3b8b59995eabdb79b26e233d5cea563966c89a9c8c5f232bb0c962a1d3d06dff794afec726985378d7ab5f8c4c79e8306a1fad52fd65d36fcd77223bb7692c790a7de7131c5db104772df3eb919a6ac8f45fe06e6bc4e5e6df8890e221135b3caa25ef954c5a0122676b6658e87030005a53c821a8bb95cca0a929d029c635431194a4a65ff9510556109b8cb72a2bab5409b2e34f029da57fc505030c3082dcacaf94ad8afb8349ed312a748d18d9104fa1c3ae0bc51de97b1be1e7087ffe664e034850c0c1a4453efc67b3d6312bc6e395685413cc112727a4eceda34733ff68ce10a65a1ea537a54e6544d7444ee9c91277c0715605221af2b126ddfeccbca08c4369782017332a939555be09dcf8cec6aa19f07626f5b81ab6fe3ba514e8660bbb198497da5dafe55d8974036b836d711751f1599ec379c26b2d8307a6b5ffae32e25dbcf223596fd80a48331ee25f58617371da0b0ba5a0dab6dba96bc45dd64e0d9db6f2a9e910c3dd56deffb6162e286079391e1cae9b14e127ba9f4aa15e7d2027f3fe7403cc9e1bcbd1039469bccf1daee1510f3d9c536dd11e6bf128ce3ca84b64454fbe09c30962c2be791e8b58f6a82c4710e356d19cf654bee04224cb8901a840d71dc80be4651b483b4a5bdc9a28b5b72844207fcf675841b5f403de8da3b41037a8f60cf3f77ff4bc1f942b7ebd50517f2481c15344f86da592cb9e6fcb608d3e32f51eb11c24178ef01251ae508392ca9ec4c582e5fe66a367608864eeb7e0b5958d254e8d328b7579002137de70d5151cd0d8ba759aa8358dae219303260743d24708d7d439c8e632c5c6c05612784590d7f692b824a15a6db8f2c01f4d54be7ac9dd36a132e2d28df773da6dc1e1a3734cb196adc4de780114f64ff9cdb1f6c70d27605b0feb096a4eb07b85fb62cbeb25075585f74a0d1250d0eb7b60e5c93d3088e5083ce65f51083da86c314a24d84eece41cbeff699e0e20a550aa4fae7c4aafba0d265419340b4673449774e080469934ab9a5f59d0ef023c937aba0d39e0ac36f9920395bfa7e72e8f415a8ffcadfa1823795ca06cb341b57940993eb04ff54e6b1d09bc46567aa935e94a085a13dd26311b8b669238631170f4c9d1c706779cb310c54939cfb49c31ffdf085a817ac996c032f34389a77c5683a87b638114afffc4837247056f92ea09482235846ee6d5a1f66873752f3ee16e45a2d9262cb49b941d702018d1e23645430dd831c718dcb51a49dd4911f771481e9189d0d5269a19474bea1866e8a997902bb8323baa6801c5eab89c310d37781ebb3bc4304f89a4d9a96673c442c6876b8b6918e7648e740043369f16db5e5fda34349b2b43c31b741597c76f99de6fc6fe49902bd675ac71f677b12b6e66420b78ad1f626406ae2fc816a00db11de589f7aa8d4e7d5465832b64fc4f3393d5911898bfb75cdbe1f27b2bc4a9eae2c1517d9582ebeba32afe4be011df7c5275c067d165f743427a57d5c16fd38bc6281d0df146d5dff4f4c6b94d175c5850413687fe667571498a7d51876f0864cca703ccfc25d559a76c69163de5743af377477a1754358b0aed30e67bc4247fc27338e4669ea912b3013884d0a97cc09917fbd99afe7f554b672b9449ff81ef68475d3b61618a4ac0424ed4fa0bac690eb0da6273c0090fe430e8f7b07f5d881fafbeaf923156e8742bfe47625833e3901a45e654474e889671468e3ba97a839c3f024d80e632d907a294762a8e17696690658d0c71f186e660b6db44272cb069c90ef79eb474e85c51bc4119e78b891103aec728327257ba3bc5d534a2a4bb64def9696685a4d41ada4a918a4b69fa943170cdc7443cf812f843335627852413c65641ae6a9aa3dda1d428c4c4ab6705813557ee9d7ccf71f88a86613446ec99abd03235f97f98eba52aea04c92482a566e6b31cf1744077b128b06cb78fa9233e7fa28df57a67a69553c21fded694748b44ffebde3a5c23794a71538545aebf781f565a15c715167d5b6f1df07bd77310c2c1bd7610890e44b496d9699e967356d210e6e1a6dfb0da995b6cdfbd3ef6655197d6bfe6f17d919b1f5f343b6a29d3281e171c602b3eb1ba24d74da1eccbbbd18c1e550ccdf34fee7e8f9076c000f6bb1dc0471b5988ab4b6f777634642888844abbce04fd8c36fa23b4dd2951107d8e18df109701cbbb7ffb744a7d021b3f122e0592c868ef8fefe259f9e448695b2fba5ef31bb1a583eebae48195ec671e3f036011cfa1520d69eac8d275c84c8f79e0e43c1bd034f523ef82b068d9c12ac369f2ec555a7ade2155aeaeb40643f6e37b3607dd176a76fc09c24c33e11fe4a651078538bce1fe6a1532f26a9dbc92993645c1bd2e51e9339889b0de96eff5001ebccf8711a094cfe3de2555487f77ddbee692cfb8f5785bf27c4ea4920ebad1ea651c6cb0cce0c1141f905f80b22e49b8357fd19af3b5156cc9dcf4d58124acc21c9772ab9369450424583d093328f732eda9a0cd0f4223e88a3bfa8471db592edeca57008a71a2fbeed5fe5413e638177b12b778298a7d5c7ce8c1ba6c5663e35f2e982d721249baa5efce1a421d8d9214386cd00a84061a7070624bd8cee83b2b4f7901125c5e33e11132feb57516ddb8d5fa2bf20e4e83d1535b86cbfb57a2135793d60cf9ca5891266cccb7bb942aef97c07034c470aba118a84838b3c4abbf7300ef0fada95330487047a8762654bba228165eb5262fdadd59701ef2ea87d4c2902e26dc7094ccd09d7842c02835173c6872b6ca7ed3ad03a7faaf652bf9b05ad3476a1e28c7aa0cf8c8d18d5c5ee0df84134620a3e0f3f525d40bf72e349670dcf4133e2769f20f8ab34da17a07d7e4ad8829eed963f4a030b01af6eab4a9fe32af11c4d8fd5229d26ddb44ec401084aa07db23cc0edbac14f4b9657e0ed66204340ac4aadd91b752ea8e94747a00bf5ad7df2d37200846db99d613a9ace82105601ff80395aae631634293eca98347a802ac5dccd6a915755b873ac0d2acbcd38662ed320360fba56c035a1337b2aa595f918bf53fa30e29870cc9ea9abdb8ffb00024a7c9a5866012a3686d229eda24a673fd688ed5c534d765e87a87668a447a23c7a0ee014fa6a60098d2cec4ef92c5244acbf24534a95ea3052a1b226d96e251d8202d826109ebf193e061018d723dbd6727eb13deed18ad77df64e4199c6611b136d5d35e93e266a52d74f5539f2dde47d6b11ad0a57aa94dbf37d75ff54d1df8d2b7884ae8af27f7b5d14679b728276db6554cf7bce028ac2f515c7c3577e89c38ec9f3b2cc623031db38ea8fcf7ea1f3173ba858cd40e3a579112726bed4124315b7945500fc2cd46975589ee15a242e08dd1a46ba33e9bc2ca74da4732734f59bbaca76a8942bf513be46434fc11df49aeeb21b512c2673e73664bd8cb72da469a2e71296ca59a5cffd22a880935073e173908d138e18ca4997118dc3702d231499f08c4ea4d7cc5325c60b63689724b72425dd572a1573be52657c59ebfefa35c19b101611a37301ab2e3decba7c283c2452baa429fb53ea0d4017d81eb67ba58338325968ed3cc9a070c2ffa1c38e010b32cceb1d4502d01368682c5094edba381b748e73bd183d77340d2ac189bcc80ba3044971452f1652c19c021475034606144bf8d6e840b1031e1907c988c7d2be2c50f38bd5238b3236a9c1035128923824438da7589422f76bffb95dc1a8825fba9f66a05ac81ef95883800d97b4033b7a31247e82bdcd24f1ee22256405e3567c09c23eec0ce289ee8983ec1bbbddb663e0c43a737e23e33c022b7f8a9fb4ee10a0b00804f464520d78aa701389ce9fe6a6b13cccd3627e0191b8894cfa9db5f15634b240d4e72ee2fe71823bb75ab6ee8c9d9cdb58fee8f7fb7562ab42e466b42390e2b05d1edd2b193dfef4e8b2848a63d4eaa0cd7dc7bf9a7f07f53f5901d675b8a7e085b32254b8653c2bc26e2605ad2ce4aa71ff1f1c94ba610d54020d82a16ebed66eda5450a22238539c84fe2c41c352bf5b4f2f39e577e886f3b483e4f5c6d044de9ef29cd47a22dce61508975a776deeac62e07c2987a570cc3a4f328bfe12835c11a8e6c0c188dafd2106fe4581d62ba7ec8694cb1606d90d08c2a73843af3177c384f8596cabf8e2dfd709487c0270b745cd09bdf835ef22f7760f3121a7effc9f4b09fae63dc2a0474933119cdcdc7e69bce0eec2de9e2c56d8e6a0eaaaf8e98ab02284c8ed8ee8a5582c99ea50a764932d6232cf8f86d6a61cd24fa8c410b29f539684b2931704f5db795afdea88704a4175abac9e62e65c5311adf1edb4ea548f55730aac3b19d9598e251a906443bb793dc8110c60d2f694036cd7426858c4649b7680b96b43159d2da8c31231d809f8823d5c9e508fb0e7a8d07bbeb699589f3702043e543c76ecc64e6eb40d1e8f0fc59c863da0edf157d58277bc70becfdb48a88a2c933af445b3c10fab3ab0d355a601925b35a2f8d41b47c6d705320aae2296ef8b0a1f132d1ea00f3bfff27ad19df012e563cb910c280cd44125fbf98c76dab1595e815b1bc99ce88a4c12e3fb3ab348a7d644f001e899c1e7a4fb77c24070ec6a82a157c11a0b1f6d58b61e8cae44aa2cf3623f1161fed8d66d89ee71a6f62edb4b648d19fd968a2c323495cb65b2044d22cbe3068c2952f2eeecd247ca101bb01831864309c2eacec1276866210e0c5796c8cfcaafc2d76b755b72ae77af4a5cc3bb99d5109109a29b6731cc5000e92bfc5fa9d9c0be8b736f50a52501c03c517713143b5b7dbb1c7c24611829b61a097dbd3e5d627ef64f49c030e3c83ac8a2000f03f7050267222e7fcddc6003199770953886e7128fd60a051523f7d849e5e7ca911525deaa7622545134939a8f667ece930812e570541a8ee517b61812efdb88d438669f6ab2fd98dc75b5fe80321588c09da7c7af6be66dcbdacc0c4c23a5075bfe476a7ffd9f81820c9d5677c5679b740f096dba50d52c4b06d60af0a31fd3393869de01499da356f82faf3c1e0e32ea8c4b2f4e6a18d18fafb65bffc6ed7a15162819062f6158a9c3269ceeb9ec7f0a6ce3e47dd3b84bd78aeaf9fb8b403c20fc649a138ec01878e4d1473ed12369d87c14c9551a652abad85112a3f020f22b2324bea913f3a9a22ac0be5eaf47d36625d95d6b7006d0b3b69b346245134706cc728d1f6a92f5397eabe9373984f6930763dc44df8af2d46942e0cc74ea8632662faa24c1be040da7614476aa7598a239e5918d511f8ae3984697d8e392e5ab594671998d62999eaaa43c45c3cdcce0a9baee5beb61bd64251e401b136d19ce746ea772ea2cc9b371dc5e5771c69ddb77460e31852f9a3fa4a37ce171e47ac892bf1899aa435ffde906f8e0546ea0ef61453e2f2735873fcdc2e0f89a9f695ea41923b99a8d0cdcba630f03d61bed7bfdbffa00bb2ad92afa3412f77"}, {0x4b, 0x0, "80341c699c6c875cf9526eefd7f5d92eb3d608118be9a1feb00128a35b073d6029ee5975f0af6209a555fd6cc13f8a75c77a19800c5f16c4adc7e66d0ce266ff8c41c2ca77f46e"}, {0x95, 0x0, "dd311a68f59e884b60593b11df635faf51edbb3a86d8ee036cccf347a2c1cc8c4846ff324bb2d942263390f67ada5fdbd89d40db7a0be098570930d4e50914690d1431dd83cc0d34da37d66d57cde55d2d1c3e5ac22008a5b3f99c43827e78bb8a5a0b596ee8d8cff31edab4a26344f4c57b2f145e07463d980dec34f22e350307772db782f6ca4293867b3f129d8bbed3"}]}, @NL80211_NAN_FUNC_SRF={0x8, 0xc, 0x0, 0x1, [@NL80211_NAN_SRF_INCLUDE={0x4}]}, @NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE={0x4}, @NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID={0x5, 0x7, 0x20}, @NL80211_NAN_FUNC_CLOSE_RANGE={0x4}, @NL80211_NAN_FUNC_TTL={0x8, 0xa, 0xffff}, @NL80211_NAN_FUNC_PUBLISH_TYPE={0x5, 0x3, 0x7}]}]}, 0x12e8}, 0x1, 0x0, 0x0, 0x4000004}, 0x1)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:39 executing program 4:
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='team_slave_0\x00')
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000072e1bc40820514009dbba5fac40109021f817a6cbb056256959d60682c5e890a967d"], 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYRES64=r1], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
pidfd_open(0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f00000003c0)=0x871, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x24003084, &(0x7f0000000200)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140), 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x6d)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000800)={0x0, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x88)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
recvmsg(r0, &(0x7f0000001500)={0x0, 0x1308, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0xb2c86da597010000, 0x2700}, 0x100)

02:36:39 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x50, 0x2, 0x6, 0x185, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x50}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

02:36:39 executing program 2:
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='team_slave_0\x00')
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000072e1bc40820514009dbba5fac40109021f817a6cbb056256959d60682c5e890a967d"], 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYRES64=r1], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
pidfd_open(0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f00000003c0)=0x871, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x24003084, &(0x7f0000000200)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140), 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x6d)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000800)={0x0, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x88)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
recvmsg(r0, &(0x7f0000001500)={0x0, 0x1308, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0xb2c86da597010000, 0x2700}, 0x100)

02:36:39 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x50, 0x2, 0x6, 0x185, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x50}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

[ 1100.165363][T20006] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1100.181501][T20008] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1100.239278][T20015] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1100.276289][T20015] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1100.302752][T19998] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1100.493172][ T5113] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[ 1100.523011][    C1] raw-gadget.0 gadget.3: ignoring, device is not running
02:36:40 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x50, 0x2, 0x6, 0x185, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x50}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

02:36:40 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xd8c, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:40 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000740)={0x12e8, r3, 0x400, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_NAN_FUNC={0x12d4, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_FOLLOW_UP_ID={0x5, 0x6, 0xac}, @NL80211_NAN_FUNC_TX_MATCH_FILTER={0x160, 0xe, 0x0, 0x1, [{0xc9, 0x0, "51752ef3d3b7ae5f0a7a9f9fcd5babd7be0513b0f7d27b3faafdc51e93e459c5cef187d6734a7a207dbb04148214af286621966f05b99d31f5e082065f6f9883f9428def24432327708c1390d258a4fe1a5e3b050b4ed30dcd248b98eb0fc27732d0cd1ec267e2e4a9831f6fbca54ec82560b29963f438ce7dd19cd67758230ffd861d2eadb6a4f8077f1bdeccef48feae38b34b964b7ef5412f24eff58339c3b72f4857c19986a77a11608c9baa34c27729447f85c206de4e033b9e8535a4297800ff2674"}, {0x57, 0x0, "ba573d981a2ad8ef264a1aad7fcd12fa44e3d10cdc7f0820354115defb56bd39cc49fc19a5459b8686cefac250133c60be154c1898afa408826c7f0c43a2e04c6613a623e4e862c324486e7ec1da53ed6d4da3"}, {0xa, 0x0, "df4bc6a26192"}, {0x2c, 0x0, "d7374f2e1d608a1fbf56187b193e6847dbfe4929922ca4f37ee80a7b3984349326d32f9b166df8cd"}]}, @NL80211_NAN_FUNC_FOLLOW_UP_DEST={0xa, 0x8, @device_b}, @NL80211_NAN_FUNC_TX_MATCH_FILTER={0x1134, 0xe, 0x0, 0x1, [{0x48, 0x0, "12350bbe8d4feaa260e80d7cb4b5e54ee38b5ebeae5aa028acc2ef17d05995e2ee2d2e4a2ec303313a4c73bdec5ad9830371e3ecc41a8c33a87aced22e1aa1032957064a"}, {0x1004, 0x0, "f2faa83c5f25ab3a79088158be374642d2456741c67d7a33f5681442b2188afe035eb68df641dfa861faa24c8d9a69a07282c7a60731d529c5539c7bb9334def037d13c83de30cd852d7f4f584ffe18267b381108a2d2049244fa1432680ce670609dcac891f2c5d6e17f632daeddb73ed00212856a9018cf70bef37380fdb2b00f64619c23372c56be70b72b36b9931ec8f405cc76e91c2b9d4c7698f9fd40b988ef7e561909a167bc5eb3e3abe20f25cec25a4c90941af7cb234ada50ecd466ba6b6c0407cc6178e74b5bb526d7d86b9addb6e3b8b59995eabdb79b26e233d5cea563966c89a9c8c5f232bb0c962a1d3d06dff794afec726985378d7ab5f8c4c79e8306a1fad52fd65d36fcd77223bb7692c790a7de7131c5db104772df3eb919a6ac8f45fe06e6bc4e5e6df8890e221135b3caa25ef954c5a0122676b6658e87030005a53c821a8bb95cca0a929d029c635431194a4a65ff9510556109b8cb72a2bab5409b2e34f029da57fc505030c3082dcacaf94ad8afb8349ed312a748d18d9104fa1c3ae0bc51de97b1be1e7087ffe664e034850c0c1a4453efc67b3d6312bc6e395685413cc112727a4eceda34733ff68ce10a65a1ea537a54e6544d7444ee9c91277c0715605221af2b126ddfeccbca08c4369782017332a939555be09dcf8cec6aa19f07626f5b81ab6fe3ba514e8660bbb198497da5dafe55d8974036b836d711751f1599ec379c26b2d8307a6b5ffae32e25dbcf223596fd80a48331ee25f58617371da0b0ba5a0dab6dba96bc45dd64e0d9db6f2a9e910c3dd56deffb6162e286079391e1cae9b14e127ba9f4aa15e7d2027f3fe7403cc9e1bcbd1039469bccf1daee1510f3d9c536dd11e6bf128ce3ca84b64454fbe09c30962c2be791e8b58f6a82c4710e356d19cf654bee04224cb8901a840d71dc80be4651b483b4a5bdc9a28b5b72844207fcf675841b5f403de8da3b41037a8f60cf3f77ff4bc1f942b7ebd50517f2481c15344f86da592cb9e6fcb608d3e32f51eb11c24178ef01251ae508392ca9ec4c582e5fe66a367608864eeb7e0b5958d254e8d328b7579002137de70d5151cd0d8ba759aa8358dae219303260743d24708d7d439c8e632c5c6c05612784590d7f692b824a15a6db8f2c01f4d54be7ac9dd36a132e2d28df773da6dc1e1a3734cb196adc4de780114f64ff9cdb1f6c70d27605b0feb096a4eb07b85fb62cbeb25075585f74a0d1250d0eb7b60e5c93d3088e5083ce65f51083da86c314a24d84eece41cbeff699e0e20a550aa4fae7c4aafba0d265419340b4673449774e080469934ab9a5f59d0ef023c937aba0d39e0ac36f9920395bfa7e72e8f415a8ffcadfa1823795ca06cb341b57940993eb04ff54e6b1d09bc46567aa935e94a085a13dd26311b8b669238631170f4c9d1c706779cb310c54939cfb49c31ffdf085a817ac996c032f34389a77c5683a87b638114afffc4837247056f92ea09482235846ee6d5a1f66873752f3ee16e45a2d9262cb49b941d702018d1e23645430dd831c718dcb51a49dd4911f771481e9189d0d5269a19474bea1866e8a997902bb8323baa6801c5eab89c310d37781ebb3bc4304f89a4d9a96673c442c6876b8b6918e7648e740043369f16db5e5fda34349b2b43c31b741597c76f99de6fc6fe49902bd675ac71f677b12b6e66420b78ad1f626406ae2fc816a00db11de589f7aa8d4e7d5465832b64fc4f3393d5911898bfb75cdbe1f27b2bc4a9eae2c1517d9582ebeba32afe4be011df7c5275c067d165f743427a57d5c16fd38bc6281d0df146d5dff4f4c6b94d175c5850413687fe667571498a7d51876f0864cca703ccfc25d559a76c69163de5743af377477a1754358b0aed30e67bc4247fc27338e4669ea912b3013884d0a97cc09917fbd99afe7f554b672b9449ff81ef68475d3b61618a4ac0424ed4fa0bac690eb0da6273c0090fe430e8f7b07f5d881fafbeaf923156e8742bfe47625833e3901a45e654474e889671468e3ba97a839c3f024d80e632d907a294762a8e17696690658d0c71f186e660b6db44272cb069c90ef79eb474e85c51bc4119e78b891103aec728327257ba3bc5d534a2a4bb64def9696685a4d41ada4a918a4b69fa943170cdc7443cf812f843335627852413c65641ae6a9aa3dda1d428c4c4ab6705813557ee9d7ccf71f88a86613446ec99abd03235f97f98eba52aea04c92482a566e6b31cf1744077b128b06cb78fa9233e7fa28df57a67a69553c21fded694748b44ffebde3a5c23794a71538545aebf781f565a15c715167d5b6f1df07bd77310c2c1bd7610890e44b496d9699e967356d210e6e1a6dfb0da995b6cdfbd3ef6655197d6bfe6f17d919b1f5f343b6a29d3281e171c602b3eb1ba24d74da1eccbbbd18c1e550ccdf34fee7e8f9076c000f6bb1dc0471b5988ab4b6f777634642888844abbce04fd8c36fa23b4dd2951107d8e18df109701cbbb7ffb744a7d021b3f122e0592c868ef8fefe259f9e448695b2fba5ef31bb1a583eebae48195ec671e3f036011cfa1520d69eac8d275c84c8f79e0e43c1bd034f523ef82b068d9c12ac369f2ec555a7ade2155aeaeb40643f6e37b3607dd176a76fc09c24c33e11fe4a651078538bce1fe6a1532f26a9dbc92993645c1bd2e51e9339889b0de96eff5001ebccf8711a094cfe3de2555487f77ddbee692cfb8f5785bf27c4ea4920ebad1ea651c6cb0cce0c1141f905f80b22e49b8357fd19af3b5156cc9dcf4d58124acc21c9772ab9369450424583d093328f732eda9a0cd0f4223e88a3bfa8471db592edeca57008a71a2fbeed5fe5413e638177b12b778298a7d5c7ce8c1ba6c5663e35f2e982d721249baa5efce1a421d8d9214386cd00a84061a7070624bd8cee83b2b4f7901125c5e33e11132feb57516ddb8d5fa2bf20e4e83d1535b86cbfb57a2135793d60cf9ca5891266cccb7bb942aef97c07034c470aba118a84838b3c4abbf7300ef0fada95330487047a8762654bba228165eb5262fdadd59701ef2ea87d4c2902e26dc7094ccd09d7842c02835173c6872b6ca7ed3ad03a7faaf652bf9b05ad3476a1e28c7aa0cf8c8d18d5c5ee0df84134620a3e0f3f525d40bf72e349670dcf4133e2769f20f8ab34da17a07d7e4ad8829eed963f4a030b01af6eab4a9fe32af11c4d8fd5229d26ddb44ec401084aa07db23cc0edbac14f4b9657e0ed66204340ac4aadd91b752ea8e94747a00bf5ad7df2d37200846db99d613a9ace82105601ff80395aae631634293eca98347a802ac5dccd6a915755b873ac0d2acbcd38662ed320360fba56c035a1337b2aa595f918bf53fa30e29870cc9ea9abdb8ffb00024a7c9a5866012a3686d229eda24a673fd688ed5c534d765e87a87668a447a23c7a0ee014fa6a60098d2cec4ef92c5244acbf24534a95ea3052a1b226d96e251d8202d826109ebf193e061018d723dbd6727eb13deed18ad77df64e4199c6611b136d5d35e93e266a52d74f5539f2dde47d6b11ad0a57aa94dbf37d75ff54d1df8d2b7884ae8af27f7b5d14679b728276db6554cf7bce028ac2f515c7c3577e89c38ec9f3b2cc623031db38ea8fcf7ea1f3173ba858cd40e3a579112726bed4124315b7945500fc2cd46975589ee15a242e08dd1a46ba33e9bc2ca74da4732734f59bbaca76a8942bf513be46434fc11df49aeeb21b512c2673e73664bd8cb72da469a2e71296ca59a5cffd22a880935073e173908d138e18ca4997118dc3702d231499f08c4ea4d7cc5325c60b63689724b72425dd572a1573be52657c59ebfefa35c19b101611a37301ab2e3decba7c283c2452baa429fb53ea0d4017d81eb67ba58338325968ed3cc9a070c2ffa1c38e010b32cceb1d4502d01368682c5094edba381b748e73bd183d77340d2ac189bcc80ba3044971452f1652c19c021475034606144bf8d6e840b1031e1907c988c7d2be2c50f38bd5238b3236a9c1035128923824438da7589422f76bffb95dc1a8825fba9f66a05ac81ef95883800d97b4033b7a31247e82bdcd24f1ee22256405e3567c09c23eec0ce289ee8983ec1bbbddb663e0c43a737e23e33c022b7f8a9fb4ee10a0b00804f464520d78aa701389ce9fe6a6b13cccd3627e0191b8894cfa9db5f15634b240d4e72ee2fe71823bb75ab6ee8c9d9cdb58fee8f7fb7562ab42e466b42390e2b05d1edd2b193dfef4e8b2848a63d4eaa0cd7dc7bf9a7f07f53f5901d675b8a7e085b32254b8653c2bc26e2605ad2ce4aa71ff1f1c94ba610d54020d82a16ebed66eda5450a22238539c84fe2c41c352bf5b4f2f39e577e886f3b483e4f5c6d044de9ef29cd47a22dce61508975a776deeac62e07c2987a570cc3a4f328bfe12835c11a8e6c0c188dafd2106fe4581d62ba7ec8694cb1606d90d08c2a73843af3177c384f8596cabf8e2dfd709487c0270b745cd09bdf835ef22f7760f3121a7effc9f4b09fae63dc2a0474933119cdcdc7e69bce0eec2de9e2c56d8e6a0eaaaf8e98ab02284c8ed8ee8a5582c99ea50a764932d6232cf8f86d6a61cd24fa8c410b29f539684b2931704f5db795afdea88704a4175abac9e62e65c5311adf1edb4ea548f55730aac3b19d9598e251a906443bb793dc8110c60d2f694036cd7426858c4649b7680b96b43159d2da8c31231d809f8823d5c9e508fb0e7a8d07bbeb699589f3702043e543c76ecc64e6eb40d1e8f0fc59c863da0edf157d58277bc70becfdb48a88a2c933af445b3c10fab3ab0d355a601925b35a2f8d41b47c6d705320aae2296ef8b0a1f132d1ea00f3bfff27ad19df012e563cb910c280cd44125fbf98c76dab1595e815b1bc99ce88a4c12e3fb3ab348a7d644f001e899c1e7a4fb77c24070ec6a82a157c11a0b1f6d58b61e8cae44aa2cf3623f1161fed8d66d89ee71a6f62edb4b648d19fd968a2c323495cb65b2044d22cbe3068c2952f2eeecd247ca101bb01831864309c2eacec1276866210e0c5796c8cfcaafc2d76b755b72ae77af4a5cc3bb99d5109109a29b6731cc5000e92bfc5fa9d9c0be8b736f50a52501c03c517713143b5b7dbb1c7c24611829b61a097dbd3e5d627ef64f49c030e3c83ac8a2000f03f7050267222e7fcddc6003199770953886e7128fd60a051523f7d849e5e7ca911525deaa7622545134939a8f667ece930812e570541a8ee517b61812efdb88d438669f6ab2fd98dc75b5fe80321588c09da7c7af6be66dcbdacc0c4c23a5075bfe476a7ffd9f81820c9d5677c5679b740f096dba50d52c4b06d60af0a31fd3393869de01499da356f82faf3c1e0e32ea8c4b2f4e6a18d18fafb65bffc6ed7a15162819062f6158a9c3269ceeb9ec7f0a6ce3e47dd3b84bd78aeaf9fb8b403c20fc649a138ec01878e4d1473ed12369d87c14c9551a652abad85112a3f020f22b2324bea913f3a9a22ac0be5eaf47d36625d95d6b7006d0b3b69b346245134706cc728d1f6a92f5397eabe9373984f6930763dc44df8af2d46942e0cc74ea8632662faa24c1be040da7614476aa7598a239e5918d511f8ae3984697d8e392e5ab594671998d62999eaaa43c45c3cdcce0a9baee5beb61bd64251e401b136d19ce746ea772ea2cc9b371dc5e5771c69ddb77460e31852f9a3fa4a37ce171e47ac892bf1899aa435ffde906f8e0546ea0ef61453e2f2735873fcdc2e0f89a9f695ea41923b99a8d0cdcba630f03d61bed7bfdbffa00bb2ad92afa3412f77"}, {0x4b, 0x0, "80341c699c6c875cf9526eefd7f5d92eb3d608118be9a1feb00128a35b073d6029ee5975f0af6209a555fd6cc13f8a75c77a19800c5f16c4adc7e66d0ce266ff8c41c2ca77f46e"}, {0x95, 0x0, "dd311a68f59e884b60593b11df635faf51edbb3a86d8ee036cccf347a2c1cc8c4846ff324bb2d942263390f67ada5fdbd89d40db7a0be098570930d4e50914690d1431dd83cc0d34da37d66d57cde55d2d1c3e5ac22008a5b3f99c43827e78bb8a5a0b596ee8d8cff31edab4a26344f4c57b2f145e07463d980dec34f22e350307772db782f6ca4293867b3f129d8bbed3"}]}, @NL80211_NAN_FUNC_SRF={0x8, 0xc, 0x0, 0x1, [@NL80211_NAN_SRF_INCLUDE={0x4}]}, @NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE={0x4}, @NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID={0x5, 0x7, 0x20}, @NL80211_NAN_FUNC_CLOSE_RANGE={0x4}, @NL80211_NAN_FUNC_TTL={0x8, 0xa, 0xffff}, @NL80211_NAN_FUNC_PUBLISH_TYPE={0x5, 0x3, 0x7}]}]}, 0x12e8}, 0x1, 0x0, 0x0, 0x4000004}, 0x1) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1100.663276][  T917] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[ 1100.673151][ T5113] usb 4-1: device descriptor read/64, error -32
[ 1100.773252][ T5115] usb 5-1: new high-speed USB device number 35 using dummy_hcd
02:36:40 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x54, 0x2, 0x6, 0x801, 0x6c, 0x87400, {}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x0}]}]}, 0x54}, 0x1, 0x40afc}, 0x0)

[ 1100.827842][T20027] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1100.866352][T20029] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1100.904980][T20027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1100.953571][ T5113] usb 4-1: new high-speed USB device number 38 using dummy_hcd
02:36:40 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001000)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000001c0)={0x2c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{}]}]}]}]}, 0x2c}}, 0x0)

[ 1101.073546][  T917] usb 3-1: config index 0 descriptor too short (expected 33055, got 36)
[ 1101.094615][  T917] usb 3-1: config 108 has too many interfaces: 122, using maximum allowed: 32
02:36:40 executing program 5:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='comm\x00')
writev(r0, &(0x7f0000000400)=[{&(0x7f0000000000)='i', 0x1}, {0x0, 0x2}], 0x2)

[ 1101.155772][  T917] usb 3-1: config 108 has an invalid descriptor of length 86, skipping remainder of the config
[ 1101.219298][  T917] usb 3-1: config 108 has 0 interfaces, different from the descriptor's value: 122
[ 1101.243301][ T5115] usb 5-1: config index 0 descriptor too short (expected 33055, got 36)
[ 1101.265470][ T5115] usb 5-1: config 108 has too many interfaces: 122, using maximum allowed: 32
[ 1101.333128][ T5113] usb 4-1: config index 0 descriptor too short (expected 33055, got 36)
[ 1101.349588][ T5113] usb 4-1: config 108 has too many interfaces: 122, using maximum allowed: 32
[ 1101.393560][ T5115] usb 5-1: config 108 has an invalid descriptor of length 86, skipping remainder of the config
[ 1101.398329][ T5113] usb 4-1: config 108 has an invalid descriptor of length 86, skipping remainder of the config
[ 1101.486982][ T5115] usb 5-1: config 108 has 0 interfaces, different from the descriptor's value: 122
[ 1101.487881][ T5113] usb 4-1: config 108 has 0 interfaces, different from the descriptor's value: 122
[ 1101.553930][  T917] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1101.571391][  T917] usb 3-1: New USB device strings: Mfr=165, Product=250, SerialNumber=196
[ 1101.616776][  T917] usb 3-1: Product: syz
[ 1101.632847][  T917] usb 3-1: Manufacturer: syz
[ 1101.656599][  T917] usb 3-1: SerialNumber: syz
[ 1101.733738][ T5115] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1101.747453][ T5115] usb 5-1: New USB device strings: Mfr=165, Product=250, SerialNumber=196
[ 1101.763190][ T5113] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1101.782280][ T5113] usb 4-1: New USB device strings: Mfr=165, Product=250, SerialNumber=196
[ 1101.807522][ T5115] usb 5-1: Product: syz
[ 1101.817957][ T5115] usb 5-1: Manufacturer: syz
[ 1101.832470][ T5115] usb 5-1: SerialNumber: syz
[ 1101.854800][ T5113] usb 4-1: Product: syz
[ 1101.884783][ T5113] usb 4-1: Manufacturer: syz
[ 1101.889437][ T5113] usb 4-1: SerialNumber: syz
[ 1102.022490][T20019] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1102.169998][T20021] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1102.199907][T20021] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1102.307782][T20019] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1102.335075][T20011] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1102.433031][T20011] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1104.759961][ T5115] usb 5-1: USB disconnect, device number 35
02:36:44 executing program 3:
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='team_slave_0\x00')
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000072e1bc40820514009dbba5fac40109021f817a6cbb056256959d60682c5e890a967d"], 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYRES64=r1], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
pidfd_open(0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f00000003c0)=0x871, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x24003084, &(0x7f0000000200)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140), 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x6d)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000800)={0x0, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x88)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
recvmsg(r0, &(0x7f0000001500)={0x0, 0x1308, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0xb2c86da597010000, 0x2700}, 0x100)

02:36:44 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xd94, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:44 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000740)={0x12e8, r3, 0x400, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_NAN_FUNC={0x12d4, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_FOLLOW_UP_ID={0x5, 0x6, 0xac}, @NL80211_NAN_FUNC_TX_MATCH_FILTER={0x160, 0xe, 0x0, 0x1, [{0xc9, 0x0, "51752ef3d3b7ae5f0a7a9f9fcd5babd7be0513b0f7d27b3faafdc51e93e459c5cef187d6734a7a207dbb04148214af286621966f05b99d31f5e082065f6f9883f9428def24432327708c1390d258a4fe1a5e3b050b4ed30dcd248b98eb0fc27732d0cd1ec267e2e4a9831f6fbca54ec82560b29963f438ce7dd19cd67758230ffd861d2eadb6a4f8077f1bdeccef48feae38b34b964b7ef5412f24eff58339c3b72f4857c19986a77a11608c9baa34c27729447f85c206de4e033b9e8535a4297800ff2674"}, {0x57, 0x0, "ba573d981a2ad8ef264a1aad7fcd12fa44e3d10cdc7f0820354115defb56bd39cc49fc19a5459b8686cefac250133c60be154c1898afa408826c7f0c43a2e04c6613a623e4e862c324486e7ec1da53ed6d4da3"}, {0xa, 0x0, "df4bc6a26192"}, {0x2c, 0x0, "d7374f2e1d608a1fbf56187b193e6847dbfe4929922ca4f37ee80a7b3984349326d32f9b166df8cd"}]}, @NL80211_NAN_FUNC_FOLLOW_UP_DEST={0xa, 0x8, @device_b}, @NL80211_NAN_FUNC_TX_MATCH_FILTER={0x1134, 0xe, 0x0, 0x1, [{0x48, 0x0, "12350bbe8d4feaa260e80d7cb4b5e54ee38b5ebeae5aa028acc2ef17d05995e2ee2d2e4a2ec303313a4c73bdec5ad9830371e3ecc41a8c33a87aced22e1aa1032957064a"}, {0x1004, 0x0, "f2faa83c5f25ab3a79088158be374642d2456741c67d7a33f5681442b2188afe035eb68df641dfa861faa24c8d9a69a07282c7a60731d529c5539c7bb9334def037d13c83de30cd852d7f4f584ffe18267b381108a2d2049244fa1432680ce670609dcac891f2c5d6e17f632daeddb73ed00212856a9018cf70bef37380fdb2b00f64619c23372c56be70b72b36b9931ec8f405cc76e91c2b9d4c7698f9fd40b988ef7e561909a167bc5eb3e3abe20f25cec25a4c90941af7cb234ada50ecd466ba6b6c0407cc6178e74b5bb526d7d86b9addb6e3b8b59995eabdb79b26e233d5cea563966c89a9c8c5f232bb0c962a1d3d06dff794afec726985378d7ab5f8c4c79e8306a1fad52fd65d36fcd77223bb7692c790a7de7131c5db104772df3eb919a6ac8f45fe06e6bc4e5e6df8890e221135b3caa25ef954c5a0122676b6658e87030005a53c821a8bb95cca0a929d029c635431194a4a65ff9510556109b8cb72a2bab5409b2e34f029da57fc505030c3082dcacaf94ad8afb8349ed312a748d18d9104fa1c3ae0bc51de97b1be1e7087ffe664e034850c0c1a4453efc67b3d6312bc6e395685413cc112727a4eceda34733ff68ce10a65a1ea537a54e6544d7444ee9c91277c0715605221af2b126ddfeccbca08c4369782017332a939555be09dcf8cec6aa19f07626f5b81ab6fe3ba514e8660bbb198497da5dafe55d8974036b836d711751f1599ec379c26b2d8307a6b5ffae32e25dbcf223596fd80a48331ee25f58617371da0b0ba5a0dab6dba96bc45dd64e0d9db6f2a9e910c3dd56deffb6162e286079391e1cae9b14e127ba9f4aa15e7d2027f3fe7403cc9e1bcbd1039469bccf1daee1510f3d9c536dd11e6bf128ce3ca84b64454fbe09c30962c2be791e8b58f6a82c4710e356d19cf654bee04224cb8901a840d71dc80be4651b483b4a5bdc9a28b5b72844207fcf675841b5f403de8da3b41037a8f60cf3f77ff4bc1f942b7ebd50517f2481c15344f86da592cb9e6fcb608d3e32f51eb11c24178ef01251ae508392ca9ec4c582e5fe66a367608864eeb7e0b5958d254e8d328b7579002137de70d5151cd0d8ba759aa8358dae219303260743d24708d7d439c8e632c5c6c05612784590d7f692b824a15a6db8f2c01f4d54be7ac9dd36a132e2d28df773da6dc1e1a3734cb196adc4de780114f64ff9cdb1f6c70d27605b0feb096a4eb07b85fb62cbeb25075585f74a0d1250d0eb7b60e5c93d3088e5083ce65f51083da86c314a24d84eece41cbeff699e0e20a550aa4fae7c4aafba0d265419340b4673449774e080469934ab9a5f59d0ef023c937aba0d39e0ac36f9920395bfa7e72e8f415a8ffcadfa1823795ca06cb341b57940993eb04ff54e6b1d09bc46567aa935e94a085a13dd26311b8b669238631170f4c9d1c706779cb310c54939cfb49c31ffdf085a817ac996c032f34389a77c5683a87b638114afffc4837247056f92ea09482235846ee6d5a1f66873752f3ee16e45a2d9262cb49b941d702018d1e23645430dd831c718dcb51a49dd4911f771481e9189d0d5269a19474bea1866e8a997902bb8323baa6801c5eab89c310d37781ebb3bc4304f89a4d9a96673c442c6876b8b6918e7648e740043369f16db5e5fda34349b2b43c31b741597c76f99de6fc6fe49902bd675ac71f677b12b6e66420b78ad1f626406ae2fc816a00db11de589f7aa8d4e7d5465832b64fc4f3393d5911898bfb75cdbe1f27b2bc4a9eae2c1517d9582ebeba32afe4be011df7c5275c067d165f743427a57d5c16fd38bc6281d0df146d5dff4f4c6b94d175c5850413687fe667571498a7d51876f0864cca703ccfc25d559a76c69163de5743af377477a1754358b0aed30e67bc4247fc27338e4669ea912b3013884d0a97cc09917fbd99afe7f554b672b9449ff81ef68475d3b61618a4ac0424ed4fa0bac690eb0da6273c0090fe430e8f7b07f5d881fafbeaf923156e8742bfe47625833e3901a45e654474e889671468e3ba97a839c3f024d80e632d907a294762a8e17696690658d0c71f186e660b6db44272cb069c90ef79eb474e85c51bc4119e78b891103aec728327257ba3bc5d534a2a4bb64def9696685a4d41ada4a918a4b69fa943170cdc7443cf812f843335627852413c65641ae6a9aa3dda1d428c4c4ab6705813557ee9d7ccf71f88a86613446ec99abd03235f97f98eba52aea04c92482a566e6b31cf1744077b128b06cb78fa9233e7fa28df57a67a69553c21fded694748b44ffebde3a5c23794a71538545aebf781f565a15c715167d5b6f1df07bd77310c2c1bd7610890e44b496d9699e967356d210e6e1a6dfb0da995b6cdfbd3ef6655197d6bfe6f17d919b1f5f343b6a29d3281e171c602b3eb1ba24d74da1eccbbbd18c1e550ccdf34fee7e8f9076c000f6bb1dc0471b5988ab4b6f777634642888844abbce04fd8c36fa23b4dd2951107d8e18df109701cbbb7ffb744a7d021b3f122e0592c868ef8fefe259f9e448695b2fba5ef31bb1a583eebae48195ec671e3f036011cfa1520d69eac8d275c84c8f79e0e43c1bd034f523ef82b068d9c12ac369f2ec555a7ade2155aeaeb40643f6e37b3607dd176a76fc09c24c33e11fe4a651078538bce1fe6a1532f26a9dbc92993645c1bd2e51e9339889b0de96eff5001ebccf8711a094cfe3de2555487f77ddbee692cfb8f5785bf27c4ea4920ebad1ea651c6cb0cce0c1141f905f80b22e49b8357fd19af3b5156cc9dcf4d58124acc21c9772ab9369450424583d093328f732eda9a0cd0f4223e88a3bfa8471db592edeca57008a71a2fbeed5fe5413e638177b12b778298a7d5c7ce8c1ba6c5663e35f2e982d721249baa5efce1a421d8d9214386cd00a84061a7070624bd8cee83b2b4f7901125c5e33e11132feb57516ddb8d5fa2bf20e4e83d1535b86cbfb57a2135793d60cf9ca5891266cccb7bb942aef97c07034c470aba118a84838b3c4abbf7300ef0fada95330487047a8762654bba228165eb5262fdadd59701ef2ea87d4c2902e26dc7094ccd09d7842c02835173c6872b6ca7ed3ad03a7faaf652bf9b05ad3476a1e28c7aa0cf8c8d18d5c5ee0df84134620a3e0f3f525d40bf72e349670dcf4133e2769f20f8ab34da17a07d7e4ad8829eed963f4a030b01af6eab4a9fe32af11c4d8fd5229d26ddb44ec401084aa07db23cc0edbac14f4b9657e0ed66204340ac4aadd91b752ea8e94747a00bf5ad7df2d37200846db99d613a9ace82105601ff80395aae631634293eca98347a802ac5dccd6a915755b873ac0d2acbcd38662ed320360fba56c035a1337b2aa595f918bf53fa30e29870cc9ea9abdb8ffb00024a7c9a5866012a3686d229eda24a673fd688ed5c534d765e87a87668a447a23c7a0ee014fa6a60098d2cec4ef92c5244acbf24534a95ea3052a1b226d96e251d8202d826109ebf193e061018d723dbd6727eb13deed18ad77df64e4199c6611b136d5d35e93e266a52d74f5539f2dde47d6b11ad0a57aa94dbf37d75ff54d1df8d2b7884ae8af27f7b5d14679b728276db6554cf7bce028ac2f515c7c3577e89c38ec9f3b2cc623031db38ea8fcf7ea1f3173ba858cd40e3a579112726bed4124315b7945500fc2cd46975589ee15a242e08dd1a46ba33e9bc2ca74da4732734f59bbaca76a8942bf513be46434fc11df49aeeb21b512c2673e73664bd8cb72da469a2e71296ca59a5cffd22a880935073e173908d138e18ca4997118dc3702d231499f08c4ea4d7cc5325c60b63689724b72425dd572a1573be52657c59ebfefa35c19b101611a37301ab2e3decba7c283c2452baa429fb53ea0d4017d81eb67ba58338325968ed3cc9a070c2ffa1c38e010b32cceb1d4502d01368682c5094edba381b748e73bd183d77340d2ac189bcc80ba3044971452f1652c19c021475034606144bf8d6e840b1031e1907c988c7d2be2c50f38bd5238b3236a9c1035128923824438da7589422f76bffb95dc1a8825fba9f66a05ac81ef95883800d97b4033b7a31247e82bdcd24f1ee22256405e3567c09c23eec0ce289ee8983ec1bbbddb663e0c43a737e23e33c022b7f8a9fb4ee10a0b00804f464520d78aa701389ce9fe6a6b13cccd3627e0191b8894cfa9db5f15634b240d4e72ee2fe71823bb75ab6ee8c9d9cdb58fee8f7fb7562ab42e466b42390e2b05d1edd2b193dfef4e8b2848a63d4eaa0cd7dc7bf9a7f07f53f5901d675b8a7e085b32254b8653c2bc26e2605ad2ce4aa71ff1f1c94ba610d54020d82a16ebed66eda5450a22238539c84fe2c41c352bf5b4f2f39e577e886f3b483e4f5c6d044de9ef29cd47a22dce61508975a776deeac62e07c2987a570cc3a4f328bfe12835c11a8e6c0c188dafd2106fe4581d62ba7ec8694cb1606d90d08c2a73843af3177c384f8596cabf8e2dfd709487c0270b745cd09bdf835ef22f7760f3121a7effc9f4b09fae63dc2a0474933119cdcdc7e69bce0eec2de9e2c56d8e6a0eaaaf8e98ab02284c8ed8ee8a5582c99ea50a764932d6232cf8f86d6a61cd24fa8c410b29f539684b2931704f5db795afdea88704a4175abac9e62e65c5311adf1edb4ea548f55730aac3b19d9598e251a906443bb793dc8110c60d2f694036cd7426858c4649b7680b96b43159d2da8c31231d809f8823d5c9e508fb0e7a8d07bbeb699589f3702043e543c76ecc64e6eb40d1e8f0fc59c863da0edf157d58277bc70becfdb48a88a2c933af445b3c10fab3ab0d355a601925b35a2f8d41b47c6d705320aae2296ef8b0a1f132d1ea00f3bfff27ad19df012e563cb910c280cd44125fbf98c76dab1595e815b1bc99ce88a4c12e3fb3ab348a7d644f001e899c1e7a4fb77c24070ec6a82a157c11a0b1f6d58b61e8cae44aa2cf3623f1161fed8d66d89ee71a6f62edb4b648d19fd968a2c323495cb65b2044d22cbe3068c2952f2eeecd247ca101bb01831864309c2eacec1276866210e0c5796c8cfcaafc2d76b755b72ae77af4a5cc3bb99d5109109a29b6731cc5000e92bfc5fa9d9c0be8b736f50a52501c03c517713143b5b7dbb1c7c24611829b61a097dbd3e5d627ef64f49c030e3c83ac8a2000f03f7050267222e7fcddc6003199770953886e7128fd60a051523f7d849e5e7ca911525deaa7622545134939a8f667ece930812e570541a8ee517b61812efdb88d438669f6ab2fd98dc75b5fe80321588c09da7c7af6be66dcbdacc0c4c23a5075bfe476a7ffd9f81820c9d5677c5679b740f096dba50d52c4b06d60af0a31fd3393869de01499da356f82faf3c1e0e32ea8c4b2f4e6a18d18fafb65bffc6ed7a15162819062f6158a9c3269ceeb9ec7f0a6ce3e47dd3b84bd78aeaf9fb8b403c20fc649a138ec01878e4d1473ed12369d87c14c9551a652abad85112a3f020f22b2324bea913f3a9a22ac0be5eaf47d36625d95d6b7006d0b3b69b346245134706cc728d1f6a92f5397eabe9373984f6930763dc44df8af2d46942e0cc74ea8632662faa24c1be040da7614476aa7598a239e5918d511f8ae3984697d8e392e5ab594671998d62999eaaa43c45c3cdcce0a9baee5beb61bd64251e401b136d19ce746ea772ea2cc9b371dc5e5771c69ddb77460e31852f9a3fa4a37ce171e47ac892bf1899aa435ffde906f8e0546ea0ef61453e2f2735873fcdc2e0f89a9f695ea41923b99a8d0cdcba630f03d61bed7bfdbffa00bb2ad92afa3412f77"}, {0x4b, 0x0, "80341c699c6c875cf9526eefd7f5d92eb3d608118be9a1feb00128a35b073d6029ee5975f0af6209a555fd6cc13f8a75c77a19800c5f16c4adc7e66d0ce266ff8c41c2ca77f46e"}, {0x95, 0x0, "dd311a68f59e884b60593b11df635faf51edbb3a86d8ee036cccf347a2c1cc8c4846ff324bb2d942263390f67ada5fdbd89d40db7a0be098570930d4e50914690d1431dd83cc0d34da37d66d57cde55d2d1c3e5ac22008a5b3f99c43827e78bb8a5a0b596ee8d8cff31edab4a26344f4c57b2f145e07463d980dec34f22e350307772db782f6ca4293867b3f129d8bbed3"}]}, @NL80211_NAN_FUNC_SRF={0x8, 0xc, 0x0, 0x1, [@NL80211_NAN_SRF_INCLUDE={0x4}]}, @NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE={0x4}, @NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID={0x5, 0x7, 0x20}, @NL80211_NAN_FUNC_CLOSE_RANGE={0x4}, @NL80211_NAN_FUNC_TTL={0x8, 0xa, 0xffff}, @NL80211_NAN_FUNC_PUBLISH_TYPE={0x5, 0x3, 0x7}]}]}, 0x12e8}, 0x1, 0x0, 0x0, 0x4000004}, 0x1) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:44 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x28, r1, 0xe65be92592cf5b5f, 0x0, 0x0, {{}, {@val={0x8}, @void, @val={0xc}}}}, 0x28}}, 0x0)

[ 1104.865749][ T5113] usb 4-1: USB disconnect, device number 38
[ 1104.886093][T20056] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
02:36:44 executing program 2:
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='team_slave_0\x00')
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000072e1bc40820514009dbba5fac40109021f817a6cbb056256959d60682c5e890a967d"], 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYRES64=r1], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
pidfd_open(0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f00000003c0)=0x871, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x24003084, &(0x7f0000000200)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140), 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x6d)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000800)={0x0, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x88)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
recvmsg(r0, &(0x7f0000001500)={0x0, 0x1308, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0xb2c86da597010000, 0x2700}, 0x100)

02:36:44 executing program 4:
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='team_slave_0\x00')
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000072e1bc40820514009dbba5fac40109021f817a6cbb056256959d60682c5e890a967d"], 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYRES64=r1], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
pidfd_open(0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f00000003c0)=0x871, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x24003084, &(0x7f0000000200)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140), 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x6d)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000800)={0x0, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x88)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
recvmsg(r0, &(0x7f0000001500)={0x0, 0x1308, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0xb2c86da597010000, 0x2700}, 0x100)

02:36:44 executing program 5:
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000092908108ac051582588f0000000109022d00010000000009040000030b08000009058d1f0d1001000009050502000000000009058b0ea5"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

[ 1104.933785][T20056] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:44 executing program 0:
openat$null(0xffffff9c, &(0x7f0000000280), 0x10000, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000004c0)={&(0x7f00000001c0)={0x30, r4, 0x400, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x80000001, 0x20}}}}, [@NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0x80, {0x9, 0x800, 0x7fff, 0x8}}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x5)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0x1f}]}]}]}]}, 0x2c}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r5, 0x8933, &(0x7f0000000500)={'wg0\x00'})
sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x78, r3, 0x200, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x5, 0x9}}}}, [@NL80211_ATTR_CQM={0x24, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x7fffffff}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x4a4}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x2}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x248}]}, @NL80211_ATTR_CQM={0x2c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x527}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x3}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x4f}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x35}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x6}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x20004810}, 0x8010)
r9 = creat(&(0x7f0000000580)='./file0\x00', 0x87)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r9)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), r5)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
syz_genetlink_get_family_id$l2tp(&(0x7f00000002c0), r0)

[ 1104.994277][T20056] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1105.006901][  T917] usb 3-1: USB disconnect, device number 40
[ 1105.216990][T20074] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1105.302395][T20074] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:45 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xd9c, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1105.353266][ T3516] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[ 1105.433107][ T5113] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[ 1105.483117][ T5115] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[ 1105.520324][T20081] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
02:36:45 executing program 0:
openat$null(0xffffff9c, &(0x7f0000000280), 0x10000, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) (async)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000004c0)={&(0x7f00000001c0)={0x30, r4, 0x400, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x80000001, 0x20}}}}, [@NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0x80, {0x9, 0x800, 0x7fff, 0x8}}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x5)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0x1f}]}]}]}]}, 0x2c}}, 0x0) (async)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0x1f}]}]}]}]}, 0x2c}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r5, 0x8933, &(0x7f0000000500)={'wg0\x00'})
sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x78, r3, 0x200, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x5, 0x9}}}}, [@NL80211_ATTR_CQM={0x24, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x7fffffff}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x4a4}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x2}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x248}]}, @NL80211_ATTR_CQM={0x2c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x527}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x3}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x4f}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x35}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x6}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x20004810}, 0x8010) (async)
sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x78, r3, 0x200, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x5, 0x9}}}}, [@NL80211_ATTR_CQM={0x24, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x7fffffff}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x4a4}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x2}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x248}]}, @NL80211_ATTR_CQM={0x2c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x527}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x3}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x4f}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x35}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x6}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x20004810}, 0x8010)
r9 = creat(&(0x7f0000000580)='./file0\x00', 0x87)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r9)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), r5)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
syz_genetlink_get_family_id$l2tp(&(0x7f00000002c0), r0)

[ 1105.573284][T20082] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1105.603122][ T3516] usb 6-1: Using ep0 maxpacket: 8
[ 1105.613436][  T917] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[ 1105.654933][T20081] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1105.723598][ T3516] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1105.751009][ T3516] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1105.803286][ T5113] usb 4-1: config index 0 descriptor too short (expected 33055, got 36)
[ 1105.812728][ T3516] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 165
[ 1105.823529][ T5113] usb 4-1: config 108 has too many interfaces: 122, using maximum allowed: 32
[ 1105.859308][T20085] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1105.880801][ T3516] usb 6-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[ 1105.893149][ T5115] usb 5-1: config index 0 descriptor too short (expected 33055, got 36)
[ 1105.902204][ T5113] usb 4-1: config 108 has an invalid descriptor of length 86, skipping remainder of the config
[ 1105.928185][ T3516] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1105.940892][ T5113] usb 4-1: config 108 has 0 interfaces, different from the descriptor's value: 122
[ 1105.955754][ T5115] usb 5-1: config 108 has too many interfaces: 122, using maximum allowed: 32
[ 1105.967654][ T3516] usb 6-1: config 0 descriptor??
[ 1105.993372][T20068] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1106.042593][T20084] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1106.093295][  T917] usb 3-1: config index 0 descriptor too short (expected 33055, got 36)
[ 1106.123302][ T5115] usb 5-1: config 108 has an invalid descriptor of length 86, skipping remainder of the config
02:36:45 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xda4, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1106.139768][  T917] usb 3-1: config 108 has too many interfaces: 122, using maximum allowed: 32
[ 1106.173301][ T5113] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1106.194951][ T5113] usb 4-1: New USB device strings: Mfr=165, Product=250, SerialNumber=196
[ 1106.232610][T20088] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1106.252792][ T5113] usb 4-1: Product: syz
[ 1106.262819][  T917] usb 3-1: config 108 has an invalid descriptor of length 86, skipping remainder of the config
[ 1106.274787][ T5115] usb 5-1: config 108 has 0 interfaces, different from the descriptor's value: 122
[ 1106.291857][ T5113] usb 4-1: Manufacturer: syz
[ 1106.308818][ T5113] usb 4-1: SerialNumber: syz
02:36:46 executing program 0:
openat$null(0xffffff9c, &(0x7f0000000280), 0x10000, 0x0) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0}) (async)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) (async)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000004c0)={&(0x7f00000001c0)={0x30, r4, 0x400, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x80000001, 0x20}}}}, [@NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0x80, {0x9, 0x800, 0x7fff, 0x8}}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x5) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0x1f}]}]}]}]}, 0x2c}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r5, 0x8933, &(0x7f0000000500)={'wg0\x00'}) (async)
sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x78, r3, 0x200, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x5, 0x9}}}}, [@NL80211_ATTR_CQM={0x24, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x7fffffff}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x4a4}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x2}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x248}]}, @NL80211_ATTR_CQM={0x2c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x527}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x3}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x4f}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x35}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x6}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x20004810}, 0x8010)
r9 = creat(&(0x7f0000000580)='./file0\x00', 0x87)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r9) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), r5)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async)
syz_genetlink_get_family_id$l2tp(&(0x7f00000002c0), r0)

[ 1106.324307][  T917] usb 3-1: config 108 has 0 interfaces, different from the descriptor's value: 122
[ 1106.327912][T20089] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1106.423495][T20088] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1106.444648][ T3516] usb 6-1: USB disconnect, device number 45
[ 1106.456693][ T5063] Bluetooth: hci6: Opcode 0x c03 failed: -19
[ 1106.484075][ T5115] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1106.540308][ T5115] usb 5-1: New USB device strings: Mfr=165, Product=250, SerialNumber=196
[ 1106.596039][ T5115] usb 5-1: Product: syz
[ 1106.631245][ T5115] usb 5-1: Manufacturer: syz
[ 1106.656597][ T5115] usb 5-1: SerialNumber: syz
[ 1106.693228][  T917] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1106.717923][  T917] usb 3-1: New USB device strings: Mfr=165, Product=250, SerialNumber=196
[ 1106.760640][  T917] usb 3-1: Product: syz
[ 1106.791933][  T917] usb 3-1: Manufacturer: syz
[ 1106.821387][  T917] usb 3-1: SerialNumber: syz
[ 1106.834829][T20075] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1106.846175][T20075] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1107.210476][T20078] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1107.257891][T20077] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1107.305774][T20078] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1107.316247][T20077] misc raw-gadget: fail, usb_gadget_register_driver returned -16
02:36:48 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="acd614fa2f40000000", @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="11002a00dd0b6162636465666768696a6b00000010002d800a0000000202020202020000"], 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:48 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xdac, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:48 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100070c100000000000ffffffff", 0x58}], 0x1)

02:36:48 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/mcfilter\x00')
read$FUSE(r0, &(0x7f00000000c0)={0x2020}, 0x2020)

[ 1108.966869][ T5113] usb 4-1: USB disconnect, device number 39
[ 1109.006087][T20098] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1109.051413][T20102] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1109.075897][T20103] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1109.094292][T20102] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1109.105780][T20103] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:49 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xdb4, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1109.537281][  T917] usb 3-1: USB disconnect, device number 41
02:36:49 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x10}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x58}}, 0x0)

02:36:49 executing program 5:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x4b, 0xfe, 0xe9, 0x8, 0xfe6, 0x9800, 0x195d, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2c, 0xeb, 0x14}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x40, 0x13, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

02:36:49 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="acd614fa2f40000000", @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="11002a00dd0b6162636465666768696a6b00000010002d800a0000000202020202020000"], 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:49 executing program 4:
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='team_slave_0\x00')
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000072e1bc40820514009dbba5fac40109021f817a6cbb056256959d60682c5e890a967d"], 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYRES64=r1], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
pidfd_open(0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f00000003c0)=0x871, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x24003084, &(0x7f0000000200)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140), 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x6d)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000800)={0x0, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x88)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
recvmsg(r0, &(0x7f0000001500)={0x0, 0x1308, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0xb2c86da597010000, 0x2700}, 0x100)

02:36:49 executing program 2:
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
creat(&(0x7f0000000300)='./file0\x00', 0x0)
llistxattr(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

[ 1109.584022][T20107] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1109.614908][T20107] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:49 executing program 3:
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000013000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f000f011c268ee0", 0x3e}], 0x1, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004c7], 0x0, 0xe02})
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000200)={0xbe, 0x0, 0x1})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1109.665331][ T5115] usb 5-1: USB disconnect, device number 36
[ 1109.674690][T20107] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1109.727031][T20114] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:49 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@local, @in=@loopback}, {@in6=@loopback, 0x0, 0x32}, @in6=@empty}, 0x0, 0xffffffff}}, 0xf8}}, 0x0)

[ 1109.777899][T20114] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1109.899029][T20127] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
02:36:49 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0)

[ 1109.958467][T20120] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1110.003310][ T3516] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[ 1110.016101][T20120] kvm: pic: level sensitive irq not supported
[ 1110.016171][T20120] kvm: pic: non byte read
02:36:49 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xdbc, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1110.048324][T20120] kvm: pic: level sensitive irq not supported
[ 1110.048388][T20120] kvm: pic: non byte read
02:36:49 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="acd614fa2f40000000", @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="11002a00dd0b6162636465666768696a6b00000010002d800a0000000202020202020000"], 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1110.167617][T20132] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
02:36:50 executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}]}, 0x5c}}, 0x0)

[ 1110.233928][T20132] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1110.244091][ T3516] usb 6-1: Using ep0 maxpacket: 8
[ 1110.256583][T20134] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:50 executing program 3:
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000013000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f000f011c268ee0", 0x3e}], 0x1, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004c7], 0x0, 0xe02})
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000200)={0xbe, 0x0, 0x1})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1110.283721][ T5112] usb 5-1: new high-speed USB device number 37 using dummy_hcd
02:36:50 executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}]}, 0x5c}}, 0x0)

[ 1110.363678][ T3516] usb 6-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=19.5d
[ 1110.381327][ T3516] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1110.427501][ T3516] usb 6-1: config 0 descriptor??
[ 1110.528049][T20141] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1110.637859][T20141] kvm: pic: level sensitive irq not supported
[ 1110.637944][T20141] kvm: pic: non byte read
[ 1110.660420][T20141] kvm: pic: level sensitive irq not supported
[ 1110.660788][T20141] kvm: pic: non byte read
[ 1110.714056][ T5112] usb 5-1: config index 0 descriptor too short (expected 33055, got 36)
[ 1110.722689][ T5112] usb 5-1: config 108 has too many interfaces: 122, using maximum allowed: 32
[ 1110.752762][ T5112] usb 5-1: config 108 has an invalid descriptor of length 86, skipping remainder of the config
[ 1110.782791][ T5112] usb 5-1: config 108 has 0 interfaces, different from the descriptor's value: 122
[ 1110.963327][ T5112] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1110.972698][ T5112] usb 5-1: New USB device strings: Mfr=165, Product=250, SerialNumber=196
[ 1110.992476][ T5112] usb 5-1: Product: syz
[ 1110.999818][ T5112] usb 5-1: Manufacturer: syz
[ 1111.008439][ T5112] usb 5-1: SerialNumber: syz
[ 1111.143277][ T3516] CoreChips 6-1:0.0 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[ 1111.335277][T20129] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1111.365481][T20129] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1112.523189][ T3516] CoreChips 6-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[ 1112.542136][ T3516] CoreChips 6-1:0.0 (unnamed net_device) (uninitialized): Failed to reset PHY: -71
[ 1112.566779][ T3516] CoreChips: probe of 6-1:0.0 failed with error -71
[ 1112.594771][ T3516] usb 6-1: USB disconnect, device number 46
02:36:52 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xdc4, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:52 executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}]}, 0x5c}}, 0x0)

[ 1113.066226][T20154] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1113.103145][ T5065] Bluetooth: hci2: command 0x0406 tx timeout
02:36:52 executing program 3:
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000013000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f000f011c268ee0", 0x3e}], 0x1, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004c7], 0x0, 0xe02})
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000200)={0xbe, 0x0, 0x1})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

02:36:52 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000740)=@data_frame={@no_qos=@type01={{0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x7}, @device_a, @random="4bedefa303be", @device_a, {0x7, 0x20}}, @a_msdu=[{@device_a, @device_a, 0x27, "46231aa08a4c4dd569cc8117256df3fd8d5bec180f7ee6a3204bd81e5d5c4fa36f34d5eda86bde"}, {@device_b, @device_b, 0x1000, "2ef2f617f01355a52b6d6f665a6e7e2cdf90c8d0664ef74ff34eda22c3f6852fbe06f3767cbfd05af69ed2d971839611dd20a1f701b64fc6a9c688492ba1be0c70b9f51958c8fed9a41ceedb49d8f17f19ea6671c3e02f0ac5ba8342a2de909c156355d524b1ce5980f1a9034a5ae822e898bb09a23e880b67213646340d9a546ef3133ab3b2a4e47146a6ac460c4c9bbac45414897de6254b56d3064bc1fdadef4c040487f12aebb6f40b7bd60e43bc4344e9f084e2feb0d02bb762e80563e021971bdaf7538ca50fa81dfa7a33729d394728f067553a00c5a5362edc768352fd672f632b070b6dda154c11d12119db98211fe0ac63f65cfb8bdd375e9a4dee99e5614e3d25472c10fa342d12bd5c7370e31d835655919aa404981125a876181a1b278a936e95f693c64436a1d974c3e383b39577f8b1070b7f20bb5f3e25bab6d66b3e6438271f3483d1d4129a1c5de5a2445901c10155afb9a571e763eb4c267137391b241d9e834b14910319b4578d923aec708eb52fb7c364cbfb602a033e0cdee5c0afab77378890ec48921499597707b04ae08f958249360a2daa0ab18c3f81676c901fc5400f79d5f369b159bc9f58abfefd70720093a0e18fd13dd1ef32b3bed138545a6e1aabca8e16e11a4c8cd2a5594768eab939f94fab5dc945ff73228448f00f60c3d562d16b6bdbdaf78d5d5b7464e6a2f564957616448cb32bd264ed5f2a441cf6e7f0ff909369e5230e5343d49725c51ffe45221db6c01ac6953d8fb94e7cc7d564d597b6737d830783284fd1b6883580e013199f6e5b8ce85076b122d2e4ca168966c3dbaa16431812250eae990d15c8a06242dfb1464a50dbb9356d57662dc31f1fffdf668fcadcef429e87127311ec5e6dd7888849725e8008b6ac40e8acce8a9dd64f92710724e003df9c1076543dc0d2bc8e069f84524f905f7848b933b271247fe31e29249bf2b045479c9be480c3511bb38406c6bd11747d5ccc56f064a996eb3b78f42669aa3b56fc5a43bc7ca460e0d8296a500d5fc78658fd2bd93060e5405cf7f883095387ac012f165ab697dbae926819ca27fc91e44c9f4f9d9701e06b845901cff814c2e9cf5dda1548ae49d805f3738b7c3fe94b96603d346d3cf8c0568f54fa62ef86a5e4f44e426d0c92b20d39c57aeb36e75456dc23634bccf1e43bb84af4ad08312314192fe056f4c1c55d2898b02979616234f5c51e0ffccd74ff3c24b72e6d5f108afff10b315b3045a7567eaae60479d50c1c0907d730940fb1fc4b2cf6111680af5d48f42bee45fc14754d28de8f1e6817c42faad80e94e556aa63852797a99220799e68ed57e20be2ce6b4f95d32ccb69653a1f2f9555553568dc9359f7fee50c12fb0eb4c875924b667b33324790fc06a8d17b450c91a973edc2c4c7150f1166e793ad23676b12ea66a884c28bbaf33d21f5566a2f6ccf1844c2d56a80a790e1bd114f3038e2703dc22af001abd2942124b8482ff378d8efe70ec0174ee54392ff4bf76e678ca41d1fd4536d8574cf96f3541117cfdefe1de814bd0748915cb83d7f19c7e0430829c76c75c612f5904e593526c746f45158c70dbcbf7cbc35fa59bae51c551feb2bc056eb4c6bfc185e07c6c76f07f2e6b824d9852e0f544b8b94528ae7ea4a347d0d89347d6dc2395394285f7e92b121a62bb8653b049ecc0225d9f74a3a5074969df5b360e1cc17e987a661870d56c2727299483fd772b4dedd76277d9d6dddde7fdb3a1462aeab26f5bec998529fc424bd6ea01336272c0c7cfd0e3b17c91faf127215145874875a201b461f47e74e31138a447773d0028fd805751abb4b20531e0b7fe7defd045c38ae75f9c7231ee831e8949b3d02cfee65e034ed90d450015a371b1fdfd53d41bdd87b5854a7e89b15a2dea7f43175feac4e0aa8f37e716637b33bb9992ddefb07da161aa84cc7612a97648989fcc4ee296e7ed4101efa45cc5289fba9c75396378e28211515757a7fbab8dbd211e10cac4a33d402b9ff207e9ec5bc1563aa28aff79d57d9cf86ecc801373dae91d75282747e543f570f493fdce1df9c67d2c2c843e9f318af50b0bb542321c0f15716db93d8bdb853fe18f01d7f4cb9ad7ed1e8e44d5811ac1eda2aabd24c2ae25e096fe9eab8de4eb33972e54d30319e3ff03b27d51cd0fc1fc9129899adbeea9501f989099d0253ca1c9d632018a33f3a67caf7350b6f11818930b26477e5c409175846623e6e596e8463641adb2b390878bfe125417f39473ec41fff312ff13b25d46bfce3c367914f449a656962e86e97f403b83a15c296b5290d1dbc60290f9b0d570b4efc18898a8c1b99105c1e1ee8a6729e724ce80ee1538c6ad8e1ec5952e12ffc8faeb933944fd3273d50a2a7d561be6103b200d7e8343ba60d4d711be8a7c8bf7e9ae1f84e593dc849323edf3088a83bc44891afd757fc9b5e9bd2612c7cad603e1304da1007a7a08f1dd84f5fdda302e0af9e0c22f2764b8ea00438122372cc38a2452a2b635f283f0f6335f231ce687d69fff5dff2d72051cffea164c93271106d4593bcbfc6f97b79d5d41da75b1117f4c4c63db5e5a2f88a571e17ddf174d3784def00646ac6c62690ebfed622deb4dd327d2bf20478500257458575ce1d3c0a9ee95ab0d93357a6b64c5c411b8a44ca1199a5d98911d83a6578479c6a1e74853516b5c0a9f4fcb9658647498350d2711b00bb7220b6d6132c0c83c9da602f469de968186fab49ad1e2d172b5d875137965548372d7b1c6fc6a154236b67558123670e9b70f43f3b2b6d23c3bde367ca624323e5bec75246f72c099e067d4be342d77c29e1f84426ee6899bba5cf7553887e59cabf8373a1fee5fca91077059aafbe8bc1b73261f14b2ce70ac1c9a6072932f22d9a9cd7d0e6b5b866af22a7d4794935bbd4b7bdb8a2c069a8b3268ac0bdf64f10e2e7b96cd1ebafb08018c96bf2ddb75a35325ba5082906fc2b49857f962719ac36b7f0a984995ae8c1dabd03916cf0113f35a9ef414880ac4bebee392968fcf24a87f1423bb745e54bb98d98952e3609f9a1b51874cd423ed2758e8507bf47672420dac0c37cde8dacc2be2ce09f64208dfbe2101ba4cc65ee1bdf698ddcad8718a0da3be944028327404bb8c8e699e39d97de04de5d9558dca57c1818d8901cb82c55694ac77b7ace0ce08054eccf3e7fcf247064e0d37c3d79ca34f1242a0893bad9317f404ac9b7347e2e861cce2cf1fdd31548d346bb0b142a057298f3c767c480d20d34d4b0ca3f6388ff778b30f6e4ce16b0163d61a2746b398451a1315632528f1ace3d1708f1398e9acdfdf7b1720591bc30c953b361c8677715cf2da5c3d35fde1b4c78c863eccbaac28a79d576c654de77cb28503e44bdf8705ec8329104a890a612b31e5c5833cde627c2ebc500c617585fa0f662ad525ed2e31babf12c0d368bab33b2a5eddb750823b12eeb476aabc252016c61a0f0aa0c926898defe3a55a01a9a822b267e52e78c87ba6f46918745851d0d6b0b5c516ebf22f576d2437c25f9ff76502bb22ece993910b4e6baef9210fecaa17dfb800f5ff0f555e2517ce8a9addc6cbf681e593d9ab4dd67f85e976ca750096b1483cf54fca70e6d99b69cf7b22260964d6c813364bca700ac4030f79194320ac5cb235d4af7482ac643b9b544deee57ae10007a832a9b5841f8b489e2e67d45c10df497bd7a25130477b9d9d9cab8fb782603d6866006b51f8cc6260d416f6a15fd9cf02515ac47ad0997de7a4bf812be062e2c327fef49a669fa4ec5daa81c15291df70aaaa431d2b2c609e0b9bfcea02f152c194e069735363c87d67d382584028fb45a691f94cc0405ab13db2964325d9a1dd29e42ce4082d64d658570654fe64edad60eacb28249cc2bd0d79b03a08a8777b9c4aa8e4610bf63cc7504d633727536bd5aea75aa36ce20bdc188cd5d9ae42fedecd865fdf5494d97c9bcd54d44cbe1553b8f18513c611a93e89bc134fb1db3f19485124bf64cf4d3589f78af26fd9deb9011104a73bbaac69d74b25eb29b62dc191cb88ea61635f2bda82249d23b090e3d03ccd882437d411764acccdedc2189bb4e3b5cd8be74e4eef4bd6d101aca3e4be1d9c2536076f04da4f76a8c89cde609e4c3f7c447f880efb732970fa85f8264d17f6475a61157b61337b7e22614a87cb036ee027b1abc41812746b5ff43d2dc2166755183b450396903cf478d088ad12f737343d02efb5120e75da2bb624f63a2ea5fe6948a6bc1dda432360d11c59c0f73c9dba96d213384ed62736ea322abf1b8c4d2bbf2167162df4b3b962764a8a155206d89cf8c1e6179776a2d4dc7ccea12bb9e10e4d0c2ef3a2735d0539bc582219f97c17f28fef4f813a2ba40a86766c98f70f04b6b238352a67dbf36ada077cc00dd84ba74671b6f326e118b5732fb6d357750c4125f7c1040a310d5beeca5fb2a6feeeace4a82792f9c33d8c99728e8f2f9cf71974584422aee437e86e64c8e1af34af20b22576ac38dead3c42e34aa06b1798bd66e476542988a2b891dbd127818fe89f8d4fcd545ab7ae48fce90b4aea7dc55e4743df94e498c86a3d99240f33b7791f6bfa47f016c37b21d3718dc7d0a214a7af464deed8cceede13fad495359355a6414def3cd502d18bc69cee22590e48926e101251d77a087f1294226ee015a92704e96e7e1daf0f090833d6d5a26189cabb68393d61287ffeb099a2b9492eb756941283f21760fa7624877046a6cc29256c30295839b1a740553f5acda4ed3bcc16ff9b7c41cb37d9198152102cefd427cfd35790a179dff772f98f9637ec4e88ece34ca540c8465114d04f6388b8a81d36a0cb7744d4f246c4faa73df3eeea3c936bd3369278b2f0f98f79602d69d10907fd5b61c5eefc6ece1e6c3511ce76c497f9090387ea198688de99594bb9540a05d81c8b421cd049fde09ed8d6c1cc144d931aa096913cbd285b3549354b268de9ab70f0c8a391ebc02fa10a0c402a23a3126fbed96eb5152b2bf11befa6b8d11784c95d5f465d6956ca0bce4a1aaa0cba70948db1cba73641290b87772b5abcbd952652f6ee27ac2c0f7b0b12a5514eecb9de1369274d7638ef4fa12291c563747e55a752f87d44372bb41e013d9e4c6dbb16408f23e3d20f60bba7e9541ea2e234f45f25a44182633ed368e8c9e8a61dd77ade3386465cb62425397736295ab7d095cff2560202b936fa48efa0bb280c7621f5a2f8df88bd21839e3d08a59c74d8964b1295e39d08764f77486911278acef07242eea47f8e74e1b3aa1e1f9ccc58fd13349535f840e89140583a6648b23d6b165e7fa969cc7c6fbe65ddeb306c81c5b994de89ab11e13cd47de46bd8b36057a9cf65efe4cf0ac00c11a50d9108197699477c1756f0fc5372abd8463620d4e914050d8f4a425214e64c1f78f1508a1589167a35e4cf65384f3ef03ab6a705854d1662100b2da9c74bbd375cf0852a98b6d0580551610d748544783816b153bb3aba347433e1154e1d1c49d00c6c800cedca87a3067631cfabbd927b139c40b301fe34bd59c63a1485ca7284940e4714ebf6b38506f668dd7e583e9ccd6d3bd2ad20fcdc268a398d910518c6176825de6ba74a4924c817ff287b78c4bc9c1044d8064a6efd1e5a867c671c90d10ad25fa1ec22d627790e1b19aff896fc80090e4ddb8af64ad8905c1a08f0479ce98da4bfeb40c66e5463aa539d400a7eac3fc8582247df732a8b515a4e5efd73d60ec22d88cbc4bdf33b4"}, {@device_a, @device_a, 0x87, "9958a112d0e736102a0359a55af3bffd24c0e3d603b30e5478d3ae13aeba80833b6846b2abc1a53375e4004be6d8a657e246217f64df0a84dd02acea3d39bd75af012f4e97225957d208d6229543bfd595f9b7aa11a71079dcb0dece39827c6568a7d010dcea971bde43f81b946d7184f38a8c2a3a9f025e0d9593145272b2bb1614dec6a8e033"}, {@device_b, @device_a, 0x64, "609f0002da2014bc2e335a5ae4113523e478edea36523c27e765d8f9b2c588583cfd88c8a2bb6f1806f6a8c57dcc22be1b37f364fb2aea875b09328327f9c5b9e47924fc9534edd25c8f0a3ed8daf81c2e93bbab42854131b7357b8bad9838fe801e75c4"}, {@broadcast, @device_a, 0x28, "adaee15d4d7e97a0299c35f767832c681050c3d3b5332d4feea0fea2535fe77345193b9595398c6d"}, {@device_b, @device_b, 0x23, "894897943beaada4f13f99a9f90c99348a0485a24bf8a93fe493f7ce93c51f63e3184c"}, {@device_a, @device_b, 0x3d, "08d1ceafadac57899786319899e20fe4cfc6e2ce0d4c52c72237a24848eb6180051e02d12c33fa7a0b7a704928a1448ef568d5967c0f83701cef64e3e0"}, {@device_a, @device_a, 0x2, "10e8"}, {@device_a, @device_b, 0x26, "e881c469be6934ad608959acb6acb5e7848345354f6fd9d6a19e22238904b53d8beafc1b3cf5"}]}, 0x1268)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:52 executing program 5:
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000013000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f000f011c268ee0", 0x3e}], 0x1, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004c7], 0x0, 0xe02})
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000200)={0xbe, 0x0, 0x1})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

02:36:52 executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}]}, 0x5c}}, 0x0)

[ 1113.118742][T20155] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:52 executing program 4:
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000014da2108ab12a190eb1e000000010902240003000000000904414017ff5d010009050f1f0100000000090583034f"], 0x0)
syz_open_dev$evdev(&(0x7f0000000040), 0x4, 0x6003)

[ 1113.177421][ T5112] usb 5-1: USB disconnect, device number 37
02:36:53 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000180)={0x1, 0x5})
r1 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f00000001c0)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000240)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/217, &(0x7f0000000500)=""/73, &(0x7f00000002c0)=""/90})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000700)=ANY=[])
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000007c0)={0x1, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0xffffffff)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r3, 0x0, 0x3af4701e)

[ 1113.259486][T20154] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1113.282786][T20164] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:53 executing program 2:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x24, 0x0, 0x0)

[ 1113.405934][T20162] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1113.426989][T20157] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1113.449966][T20162] kvm: pic: level sensitive irq not supported
02:36:53 executing program 2:
r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x23, 0x0)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r0, 0xc0445624, &(0x7f0000000080))

[ 1113.450234][T20162] kvm: pic: non byte read
[ 1113.472177][T20162] kvm: pic: level sensitive irq not supported
[ 1113.472625][T20162] kvm: pic: non byte read
[ 1113.529640][T20157] kvm: pic: level sensitive irq not supported
[ 1113.530741][T20157] kvm: pic: non byte read
[ 1113.579179][T20157] kvm: pic: level sensitive irq not supported
[ 1113.579450][T20157] kvm: pic: non byte read
02:36:53 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000740)=@data_frame={@no_qos=@type01={{0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x7}, @device_a, @random="4bedefa303be", @device_a, {0x7, 0x20}}, @a_msdu=[{@device_a, @device_a, 0x27, "46231aa08a4c4dd569cc8117256df3fd8d5bec180f7ee6a3204bd81e5d5c4fa36f34d5eda86bde"}, {@device_b, @device_b, 0x1000, "2ef2f617f01355a52b6d6f665a6e7e2cdf90c8d0664ef74ff34eda22c3f6852fbe06f3767cbfd05af69ed2d971839611dd20a1f701b64fc6a9c688492ba1be0c70b9f51958c8fed9a41ceedb49d8f17f19ea6671c3e02f0ac5ba8342a2de909c156355d524b1ce5980f1a9034a5ae822e898bb09a23e880b67213646340d9a546ef3133ab3b2a4e47146a6ac460c4c9bbac45414897de6254b56d3064bc1fdadef4c040487f12aebb6f40b7bd60e43bc4344e9f084e2feb0d02bb762e80563e021971bdaf7538ca50fa81dfa7a33729d394728f067553a00c5a5362edc768352fd672f632b070b6dda154c11d12119db98211fe0ac63f65cfb8bdd375e9a4dee99e5614e3d25472c10fa342d12bd5c7370e31d835655919aa404981125a876181a1b278a936e95f693c64436a1d974c3e383b39577f8b1070b7f20bb5f3e25bab6d66b3e6438271f3483d1d4129a1c5de5a2445901c10155afb9a571e763eb4c267137391b241d9e834b14910319b4578d923aec708eb52fb7c364cbfb602a033e0cdee5c0afab77378890ec48921499597707b04ae08f958249360a2daa0ab18c3f81676c901fc5400f79d5f369b159bc9f58abfefd70720093a0e18fd13dd1ef32b3bed138545a6e1aabca8e16e11a4c8cd2a5594768eab939f94fab5dc945ff73228448f00f60c3d562d16b6bdbdaf78d5d5b7464e6a2f564957616448cb32bd264ed5f2a441cf6e7f0ff909369e5230e5343d49725c51ffe45221db6c01ac6953d8fb94e7cc7d564d597b6737d830783284fd1b6883580e013199f6e5b8ce85076b122d2e4ca168966c3dbaa16431812250eae990d15c8a06242dfb1464a50dbb9356d57662dc31f1fffdf668fcadcef429e87127311ec5e6dd7888849725e8008b6ac40e8acce8a9dd64f92710724e003df9c1076543dc0d2bc8e069f84524f905f7848b933b271247fe31e29249bf2b045479c9be480c3511bb38406c6bd11747d5ccc56f064a996eb3b78f42669aa3b56fc5a43bc7ca460e0d8296a500d5fc78658fd2bd93060e5405cf7f883095387ac012f165ab697dbae926819ca27fc91e44c9f4f9d9701e06b845901cff814c2e9cf5dda1548ae49d805f3738b7c3fe94b96603d346d3cf8c0568f54fa62ef86a5e4f44e426d0c92b20d39c57aeb36e75456dc23634bccf1e43bb84af4ad08312314192fe056f4c1c55d2898b02979616234f5c51e0ffccd74ff3c24b72e6d5f108afff10b315b3045a7567eaae60479d50c1c0907d730940fb1fc4b2cf6111680af5d48f42bee45fc14754d28de8f1e6817c42faad80e94e556aa63852797a99220799e68ed57e20be2ce6b4f95d32ccb69653a1f2f9555553568dc9359f7fee50c12fb0eb4c875924b667b33324790fc06a8d17b450c91a973edc2c4c7150f1166e793ad23676b12ea66a884c28bbaf33d21f5566a2f6ccf1844c2d56a80a790e1bd114f3038e2703dc22af001abd2942124b8482ff378d8efe70ec0174ee54392ff4bf76e678ca41d1fd4536d8574cf96f3541117cfdefe1de814bd0748915cb83d7f19c7e0430829c76c75c612f5904e593526c746f45158c70dbcbf7cbc35fa59bae51c551feb2bc056eb4c6bfc185e07c6c76f07f2e6b824d9852e0f544b8b94528ae7ea4a347d0d89347d6dc2395394285f7e92b121a62bb8653b049ecc0225d9f74a3a5074969df5b360e1cc17e987a661870d56c2727299483fd772b4dedd76277d9d6dddde7fdb3a1462aeab26f5bec998529fc424bd6ea01336272c0c7cfd0e3b17c91faf127215145874875a201b461f47e74e31138a447773d0028fd805751abb4b20531e0b7fe7defd045c38ae75f9c7231ee831e8949b3d02cfee65e034ed90d450015a371b1fdfd53d41bdd87b5854a7e89b15a2dea7f43175feac4e0aa8f37e716637b33bb9992ddefb07da161aa84cc7612a97648989fcc4ee296e7ed4101efa45cc5289fba9c75396378e28211515757a7fbab8dbd211e10cac4a33d402b9ff207e9ec5bc1563aa28aff79d57d9cf86ecc801373dae91d75282747e543f570f493fdce1df9c67d2c2c843e9f318af50b0bb542321c0f15716db93d8bdb853fe18f01d7f4cb9ad7ed1e8e44d5811ac1eda2aabd24c2ae25e096fe9eab8de4eb33972e54d30319e3ff03b27d51cd0fc1fc9129899adbeea9501f989099d0253ca1c9d632018a33f3a67caf7350b6f11818930b26477e5c409175846623e6e596e8463641adb2b390878bfe125417f39473ec41fff312ff13b25d46bfce3c367914f449a656962e86e97f403b83a15c296b5290d1dbc60290f9b0d570b4efc18898a8c1b99105c1e1ee8a6729e724ce80ee1538c6ad8e1ec5952e12ffc8faeb933944fd3273d50a2a7d561be6103b200d7e8343ba60d4d711be8a7c8bf7e9ae1f84e593dc849323edf3088a83bc44891afd757fc9b5e9bd2612c7cad603e1304da1007a7a08f1dd84f5fdda302e0af9e0c22f2764b8ea00438122372cc38a2452a2b635f283f0f6335f231ce687d69fff5dff2d72051cffea164c93271106d4593bcbfc6f97b79d5d41da75b1117f4c4c63db5e5a2f88a571e17ddf174d3784def00646ac6c62690ebfed622deb4dd327d2bf20478500257458575ce1d3c0a9ee95ab0d93357a6b64c5c411b8a44ca1199a5d98911d83a6578479c6a1e74853516b5c0a9f4fcb9658647498350d2711b00bb7220b6d6132c0c83c9da602f469de968186fab49ad1e2d172b5d875137965548372d7b1c6fc6a154236b67558123670e9b70f43f3b2b6d23c3bde367ca624323e5bec75246f72c099e067d4be342d77c29e1f84426ee6899bba5cf7553887e59cabf8373a1fee5fca91077059aafbe8bc1b73261f14b2ce70ac1c9a6072932f22d9a9cd7d0e6b5b866af22a7d4794935bbd4b7bdb8a2c069a8b3268ac0bdf64f10e2e7b96cd1ebafb08018c96bf2ddb75a35325ba5082906fc2b49857f962719ac36b7f0a984995ae8c1dabd03916cf0113f35a9ef414880ac4bebee392968fcf24a87f1423bb745e54bb98d98952e3609f9a1b51874cd423ed2758e8507bf47672420dac0c37cde8dacc2be2ce09f64208dfbe2101ba4cc65ee1bdf698ddcad8718a0da3be944028327404bb8c8e699e39d97de04de5d9558dca57c1818d8901cb82c55694ac77b7ace0ce08054eccf3e7fcf247064e0d37c3d79ca34f1242a0893bad9317f404ac9b7347e2e861cce2cf1fdd31548d346bb0b142a057298f3c767c480d20d34d4b0ca3f6388ff778b30f6e4ce16b0163d61a2746b398451a1315632528f1ace3d1708f1398e9acdfdf7b1720591bc30c953b361c8677715cf2da5c3d35fde1b4c78c863eccbaac28a79d576c654de77cb28503e44bdf8705ec8329104a890a612b31e5c5833cde627c2ebc500c617585fa0f662ad525ed2e31babf12c0d368bab33b2a5eddb750823b12eeb476aabc252016c61a0f0aa0c926898defe3a55a01a9a822b267e52e78c87ba6f46918745851d0d6b0b5c516ebf22f576d2437c25f9ff76502bb22ece993910b4e6baef9210fecaa17dfb800f5ff0f555e2517ce8a9addc6cbf681e593d9ab4dd67f85e976ca750096b1483cf54fca70e6d99b69cf7b22260964d6c813364bca700ac4030f79194320ac5cb235d4af7482ac643b9b544deee57ae10007a832a9b5841f8b489e2e67d45c10df497bd7a25130477b9d9d9cab8fb782603d6866006b51f8cc6260d416f6a15fd9cf02515ac47ad0997de7a4bf812be062e2c327fef49a669fa4ec5daa81c15291df70aaaa431d2b2c609e0b9bfcea02f152c194e069735363c87d67d382584028fb45a691f94cc0405ab13db2964325d9a1dd29e42ce4082d64d658570654fe64edad60eacb28249cc2bd0d79b03a08a8777b9c4aa8e4610bf63cc7504d633727536bd5aea75aa36ce20bdc188cd5d9ae42fedecd865fdf5494d97c9bcd54d44cbe1553b8f18513c611a93e89bc134fb1db3f19485124bf64cf4d3589f78af26fd9deb9011104a73bbaac69d74b25eb29b62dc191cb88ea61635f2bda82249d23b090e3d03ccd882437d411764acccdedc2189bb4e3b5cd8be74e4eef4bd6d101aca3e4be1d9c2536076f04da4f76a8c89cde609e4c3f7c447f880efb732970fa85f8264d17f6475a61157b61337b7e22614a87cb036ee027b1abc41812746b5ff43d2dc2166755183b450396903cf478d088ad12f737343d02efb5120e75da2bb624f63a2ea5fe6948a6bc1dda432360d11c59c0f73c9dba96d213384ed62736ea322abf1b8c4d2bbf2167162df4b3b962764a8a155206d89cf8c1e6179776a2d4dc7ccea12bb9e10e4d0c2ef3a2735d0539bc582219f97c17f28fef4f813a2ba40a86766c98f70f04b6b238352a67dbf36ada077cc00dd84ba74671b6f326e118b5732fb6d357750c4125f7c1040a310d5beeca5fb2a6feeeace4a82792f9c33d8c99728e8f2f9cf71974584422aee437e86e64c8e1af34af20b22576ac38dead3c42e34aa06b1798bd66e476542988a2b891dbd127818fe89f8d4fcd545ab7ae48fce90b4aea7dc55e4743df94e498c86a3d99240f33b7791f6bfa47f016c37b21d3718dc7d0a214a7af464deed8cceede13fad495359355a6414def3cd502d18bc69cee22590e48926e101251d77a087f1294226ee015a92704e96e7e1daf0f090833d6d5a26189cabb68393d61287ffeb099a2b9492eb756941283f21760fa7624877046a6cc29256c30295839b1a740553f5acda4ed3bcc16ff9b7c41cb37d9198152102cefd427cfd35790a179dff772f98f9637ec4e88ece34ca540c8465114d04f6388b8a81d36a0cb7744d4f246c4faa73df3eeea3c936bd3369278b2f0f98f79602d69d10907fd5b61c5eefc6ece1e6c3511ce76c497f9090387ea198688de99594bb9540a05d81c8b421cd049fde09ed8d6c1cc144d931aa096913cbd285b3549354b268de9ab70f0c8a391ebc02fa10a0c402a23a3126fbed96eb5152b2bf11befa6b8d11784c95d5f465d6956ca0bce4a1aaa0cba70948db1cba73641290b87772b5abcbd952652f6ee27ac2c0f7b0b12a5514eecb9de1369274d7638ef4fa12291c563747e55a752f87d44372bb41e013d9e4c6dbb16408f23e3d20f60bba7e9541ea2e234f45f25a44182633ed368e8c9e8a61dd77ade3386465cb62425397736295ab7d095cff2560202b936fa48efa0bb280c7621f5a2f8df88bd21839e3d08a59c74d8964b1295e39d08764f77486911278acef07242eea47f8e74e1b3aa1e1f9ccc58fd13349535f840e89140583a6648b23d6b165e7fa969cc7c6fbe65ddeb306c81c5b994de89ab11e13cd47de46bd8b36057a9cf65efe4cf0ac00c11a50d9108197699477c1756f0fc5372abd8463620d4e914050d8f4a425214e64c1f78f1508a1589167a35e4cf65384f3ef03ab6a705854d1662100b2da9c74bbd375cf0852a98b6d0580551610d748544783816b153bb3aba347433e1154e1d1c49d00c6c800cedca87a3067631cfabbd927b139c40b301fe34bd59c63a1485ca7284940e4714ebf6b38506f668dd7e583e9ccd6d3bd2ad20fcdc268a398d910518c6176825de6ba74a4924c817ff287b78c4bc9c1044d8064a6efd1e5a867c671c90d10ad25fa1ec22d627790e1b19aff896fc80090e4ddb8af64ad8905c1a08f0479ce98da4bfeb40c66e5463aa539d400a7eac3fc8582247df732a8b515a4e5efd73d60ec22d88cbc4bdf33b4"}, {@device_a, @device_a, 0x87, "9958a112d0e736102a0359a55af3bffd24c0e3d603b30e5478d3ae13aeba80833b6846b2abc1a53375e4004be6d8a657e246217f64df0a84dd02acea3d39bd75af012f4e97225957d208d6229543bfd595f9b7aa11a71079dcb0dece39827c6568a7d010dcea971bde43f81b946d7184f38a8c2a3a9f025e0d9593145272b2bb1614dec6a8e033"}, {@device_b, @device_a, 0x64, "609f0002da2014bc2e335a5ae4113523e478edea36523c27e765d8f9b2c588583cfd88c8a2bb6f1806f6a8c57dcc22be1b37f364fb2aea875b09328327f9c5b9e47924fc9534edd25c8f0a3ed8daf81c2e93bbab42854131b7357b8bad9838fe801e75c4"}, {@broadcast, @device_a, 0x28, "adaee15d4d7e97a0299c35f767832c681050c3d3b5332d4feea0fea2535fe77345193b9595398c6d"}, {@device_b, @device_b, 0x23, "894897943beaada4f13f99a9f90c99348a0485a24bf8a93fe493f7ce93c51f63e3184c"}, {@device_a, @device_b, 0x3d, "08d1ceafadac57899786319899e20fe4cfc6e2ce0d4c52c72237a24848eb6180051e02d12c33fa7a0b7a704928a1448ef568d5967c0f83701cef64e3e0"}, {@device_a, @device_a, 0x2, "10e8"}, {@device_a, @device_b, 0x26, "e881c469be6934ad608959acb6acb5e7848345354f6fd9d6a19e22238904b53d8beafc1b3cf5"}]}, 0x1268) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1113.633136][ T5112] usb 5-1: new high-speed USB device number 38 using dummy_hcd
02:36:53 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xdcc, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:53 executing program 2:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x4084931, 0xffffffffffffffff, 0x10000000)

02:36:53 executing program 5:
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000013000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f000f011c268ee0", 0x3e}], 0x1, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004c7], 0x0, 0xe02})
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000200)={0xbe, 0x0, 0x1})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1113.821800][T20191] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
02:36:53 executing program 3:
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000013000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f000f011c268ee0", 0x3e}], 0x1, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004c7], 0x0, 0xe02})
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000200)={0xbe, 0x0, 0x1})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

02:36:53 executing program 2:
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
setresuid(0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(0x0, 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0xb)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0xb)
geteuid()
ioctl$NS_GET_OWNER_UID(r0, 0xb704, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000004840)={0x2020}, 0x2020)
dup2(0xffffffffffffffff, 0xffffffffffffffff)

02:36:53 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000740)=@data_frame={@no_qos=@type01={{0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x7}, @device_a, @random="4bedefa303be", @device_a, {0x7, 0x20}}, @a_msdu=[{@device_a, @device_a, 0x27, "46231aa08a4c4dd569cc8117256df3fd8d5bec180f7ee6a3204bd81e5d5c4fa36f34d5eda86bde"}, {@device_b, @device_b, 0x1000, "2ef2f617f01355a52b6d6f665a6e7e2cdf90c8d0664ef74ff34eda22c3f6852fbe06f3767cbfd05af69ed2d971839611dd20a1f701b64fc6a9c688492ba1be0c70b9f51958c8fed9a41ceedb49d8f17f19ea6671c3e02f0ac5ba8342a2de909c156355d524b1ce5980f1a9034a5ae822e898bb09a23e880b67213646340d9a546ef3133ab3b2a4e47146a6ac460c4c9bbac45414897de6254b56d3064bc1fdadef4c040487f12aebb6f40b7bd60e43bc4344e9f084e2feb0d02bb762e80563e021971bdaf7538ca50fa81dfa7a33729d394728f067553a00c5a5362edc768352fd672f632b070b6dda154c11d12119db98211fe0ac63f65cfb8bdd375e9a4dee99e5614e3d25472c10fa342d12bd5c7370e31d835655919aa404981125a876181a1b278a936e95f693c64436a1d974c3e383b39577f8b1070b7f20bb5f3e25bab6d66b3e6438271f3483d1d4129a1c5de5a2445901c10155afb9a571e763eb4c267137391b241d9e834b14910319b4578d923aec708eb52fb7c364cbfb602a033e0cdee5c0afab77378890ec48921499597707b04ae08f958249360a2daa0ab18c3f81676c901fc5400f79d5f369b159bc9f58abfefd70720093a0e18fd13dd1ef32b3bed138545a6e1aabca8e16e11a4c8cd2a5594768eab939f94fab5dc945ff73228448f00f60c3d562d16b6bdbdaf78d5d5b7464e6a2f564957616448cb32bd264ed5f2a441cf6e7f0ff909369e5230e5343d49725c51ffe45221db6c01ac6953d8fb94e7cc7d564d597b6737d830783284fd1b6883580e013199f6e5b8ce85076b122d2e4ca168966c3dbaa16431812250eae990d15c8a06242dfb1464a50dbb9356d57662dc31f1fffdf668fcadcef429e87127311ec5e6dd7888849725e8008b6ac40e8acce8a9dd64f92710724e003df9c1076543dc0d2bc8e069f84524f905f7848b933b271247fe31e29249bf2b045479c9be480c3511bb38406c6bd11747d5ccc56f064a996eb3b78f42669aa3b56fc5a43bc7ca460e0d8296a500d5fc78658fd2bd93060e5405cf7f883095387ac012f165ab697dbae926819ca27fc91e44c9f4f9d9701e06b845901cff814c2e9cf5dda1548ae49d805f3738b7c3fe94b96603d346d3cf8c0568f54fa62ef86a5e4f44e426d0c92b20d39c57aeb36e75456dc23634bccf1e43bb84af4ad08312314192fe056f4c1c55d2898b02979616234f5c51e0ffccd74ff3c24b72e6d5f108afff10b315b3045a7567eaae60479d50c1c0907d730940fb1fc4b2cf6111680af5d48f42bee45fc14754d28de8f1e6817c42faad80e94e556aa63852797a99220799e68ed57e20be2ce6b4f95d32ccb69653a1f2f9555553568dc9359f7fee50c12fb0eb4c875924b667b33324790fc06a8d17b450c91a973edc2c4c7150f1166e793ad23676b12ea66a884c28bbaf33d21f5566a2f6ccf1844c2d56a80a790e1bd114f3038e2703dc22af001abd2942124b8482ff378d8efe70ec0174ee54392ff4bf76e678ca41d1fd4536d8574cf96f3541117cfdefe1de814bd0748915cb83d7f19c7e0430829c76c75c612f5904e593526c746f45158c70dbcbf7cbc35fa59bae51c551feb2bc056eb4c6bfc185e07c6c76f07f2e6b824d9852e0f544b8b94528ae7ea4a347d0d89347d6dc2395394285f7e92b121a62bb8653b049ecc0225d9f74a3a5074969df5b360e1cc17e987a661870d56c2727299483fd772b4dedd76277d9d6dddde7fdb3a1462aeab26f5bec998529fc424bd6ea01336272c0c7cfd0e3b17c91faf127215145874875a201b461f47e74e31138a447773d0028fd805751abb4b20531e0b7fe7defd045c38ae75f9c7231ee831e8949b3d02cfee65e034ed90d450015a371b1fdfd53d41bdd87b5854a7e89b15a2dea7f43175feac4e0aa8f37e716637b33bb9992ddefb07da161aa84cc7612a97648989fcc4ee296e7ed4101efa45cc5289fba9c75396378e28211515757a7fbab8dbd211e10cac4a33d402b9ff207e9ec5bc1563aa28aff79d57d9cf86ecc801373dae91d75282747e543f570f493fdce1df9c67d2c2c843e9f318af50b0bb542321c0f15716db93d8bdb853fe18f01d7f4cb9ad7ed1e8e44d5811ac1eda2aabd24c2ae25e096fe9eab8de4eb33972e54d30319e3ff03b27d51cd0fc1fc9129899adbeea9501f989099d0253ca1c9d632018a33f3a67caf7350b6f11818930b26477e5c409175846623e6e596e8463641adb2b390878bfe125417f39473ec41fff312ff13b25d46bfce3c367914f449a656962e86e97f403b83a15c296b5290d1dbc60290f9b0d570b4efc18898a8c1b99105c1e1ee8a6729e724ce80ee1538c6ad8e1ec5952e12ffc8faeb933944fd3273d50a2a7d561be6103b200d7e8343ba60d4d711be8a7c8bf7e9ae1f84e593dc849323edf3088a83bc44891afd757fc9b5e9bd2612c7cad603e1304da1007a7a08f1dd84f5fdda302e0af9e0c22f2764b8ea00438122372cc38a2452a2b635f283f0f6335f231ce687d69fff5dff2d72051cffea164c93271106d4593bcbfc6f97b79d5d41da75b1117f4c4c63db5e5a2f88a571e17ddf174d3784def00646ac6c62690ebfed622deb4dd327d2bf20478500257458575ce1d3c0a9ee95ab0d93357a6b64c5c411b8a44ca1199a5d98911d83a6578479c6a1e74853516b5c0a9f4fcb9658647498350d2711b00bb7220b6d6132c0c83c9da602f469de968186fab49ad1e2d172b5d875137965548372d7b1c6fc6a154236b67558123670e9b70f43f3b2b6d23c3bde367ca624323e5bec75246f72c099e067d4be342d77c29e1f84426ee6899bba5cf7553887e59cabf8373a1fee5fca91077059aafbe8bc1b73261f14b2ce70ac1c9a6072932f22d9a9cd7d0e6b5b866af22a7d4794935bbd4b7bdb8a2c069a8b3268ac0bdf64f10e2e7b96cd1ebafb08018c96bf2ddb75a35325ba5082906fc2b49857f962719ac36b7f0a984995ae8c1dabd03916cf0113f35a9ef414880ac4bebee392968fcf24a87f1423bb745e54bb98d98952e3609f9a1b51874cd423ed2758e8507bf47672420dac0c37cde8dacc2be2ce09f64208dfbe2101ba4cc65ee1bdf698ddcad8718a0da3be944028327404bb8c8e699e39d97de04de5d9558dca57c1818d8901cb82c55694ac77b7ace0ce08054eccf3e7fcf247064e0d37c3d79ca34f1242a0893bad9317f404ac9b7347e2e861cce2cf1fdd31548d346bb0b142a057298f3c767c480d20d34d4b0ca3f6388ff778b30f6e4ce16b0163d61a2746b398451a1315632528f1ace3d1708f1398e9acdfdf7b1720591bc30c953b361c8677715cf2da5c3d35fde1b4c78c863eccbaac28a79d576c654de77cb28503e44bdf8705ec8329104a890a612b31e5c5833cde627c2ebc500c617585fa0f662ad525ed2e31babf12c0d368bab33b2a5eddb750823b12eeb476aabc252016c61a0f0aa0c926898defe3a55a01a9a822b267e52e78c87ba6f46918745851d0d6b0b5c516ebf22f576d2437c25f9ff76502bb22ece993910b4e6baef9210fecaa17dfb800f5ff0f555e2517ce8a9addc6cbf681e593d9ab4dd67f85e976ca750096b1483cf54fca70e6d99b69cf7b22260964d6c813364bca700ac4030f79194320ac5cb235d4af7482ac643b9b544deee57ae10007a832a9b5841f8b489e2e67d45c10df497bd7a25130477b9d9d9cab8fb782603d6866006b51f8cc6260d416f6a15fd9cf02515ac47ad0997de7a4bf812be062e2c327fef49a669fa4ec5daa81c15291df70aaaa431d2b2c609e0b9bfcea02f152c194e069735363c87d67d382584028fb45a691f94cc0405ab13db2964325d9a1dd29e42ce4082d64d658570654fe64edad60eacb28249cc2bd0d79b03a08a8777b9c4aa8e4610bf63cc7504d633727536bd5aea75aa36ce20bdc188cd5d9ae42fedecd865fdf5494d97c9bcd54d44cbe1553b8f18513c611a93e89bc134fb1db3f19485124bf64cf4d3589f78af26fd9deb9011104a73bbaac69d74b25eb29b62dc191cb88ea61635f2bda82249d23b090e3d03ccd882437d411764acccdedc2189bb4e3b5cd8be74e4eef4bd6d101aca3e4be1d9c2536076f04da4f76a8c89cde609e4c3f7c447f880efb732970fa85f8264d17f6475a61157b61337b7e22614a87cb036ee027b1abc41812746b5ff43d2dc2166755183b450396903cf478d088ad12f737343d02efb5120e75da2bb624f63a2ea5fe6948a6bc1dda432360d11c59c0f73c9dba96d213384ed62736ea322abf1b8c4d2bbf2167162df4b3b962764a8a155206d89cf8c1e6179776a2d4dc7ccea12bb9e10e4d0c2ef3a2735d0539bc582219f97c17f28fef4f813a2ba40a86766c98f70f04b6b238352a67dbf36ada077cc00dd84ba74671b6f326e118b5732fb6d357750c4125f7c1040a310d5beeca5fb2a6feeeace4a82792f9c33d8c99728e8f2f9cf71974584422aee437e86e64c8e1af34af20b22576ac38dead3c42e34aa06b1798bd66e476542988a2b891dbd127818fe89f8d4fcd545ab7ae48fce90b4aea7dc55e4743df94e498c86a3d99240f33b7791f6bfa47f016c37b21d3718dc7d0a214a7af464deed8cceede13fad495359355a6414def3cd502d18bc69cee22590e48926e101251d77a087f1294226ee015a92704e96e7e1daf0f090833d6d5a26189cabb68393d61287ffeb099a2b9492eb756941283f21760fa7624877046a6cc29256c30295839b1a740553f5acda4ed3bcc16ff9b7c41cb37d9198152102cefd427cfd35790a179dff772f98f9637ec4e88ece34ca540c8465114d04f6388b8a81d36a0cb7744d4f246c4faa73df3eeea3c936bd3369278b2f0f98f79602d69d10907fd5b61c5eefc6ece1e6c3511ce76c497f9090387ea198688de99594bb9540a05d81c8b421cd049fde09ed8d6c1cc144d931aa096913cbd285b3549354b268de9ab70f0c8a391ebc02fa10a0c402a23a3126fbed96eb5152b2bf11befa6b8d11784c95d5f465d6956ca0bce4a1aaa0cba70948db1cba73641290b87772b5abcbd952652f6ee27ac2c0f7b0b12a5514eecb9de1369274d7638ef4fa12291c563747e55a752f87d44372bb41e013d9e4c6dbb16408f23e3d20f60bba7e9541ea2e234f45f25a44182633ed368e8c9e8a61dd77ade3386465cb62425397736295ab7d095cff2560202b936fa48efa0bb280c7621f5a2f8df88bd21839e3d08a59c74d8964b1295e39d08764f77486911278acef07242eea47f8e74e1b3aa1e1f9ccc58fd13349535f840e89140583a6648b23d6b165e7fa969cc7c6fbe65ddeb306c81c5b994de89ab11e13cd47de46bd8b36057a9cf65efe4cf0ac00c11a50d9108197699477c1756f0fc5372abd8463620d4e914050d8f4a425214e64c1f78f1508a1589167a35e4cf65384f3ef03ab6a705854d1662100b2da9c74bbd375cf0852a98b6d0580551610d748544783816b153bb3aba347433e1154e1d1c49d00c6c800cedca87a3067631cfabbd927b139c40b301fe34bd59c63a1485ca7284940e4714ebf6b38506f668dd7e583e9ccd6d3bd2ad20fcdc268a398d910518c6176825de6ba74a4924c817ff287b78c4bc9c1044d8064a6efd1e5a867c671c90d10ad25fa1ec22d627790e1b19aff896fc80090e4ddb8af64ad8905c1a08f0479ce98da4bfeb40c66e5463aa539d400a7eac3fc8582247df732a8b515a4e5efd73d60ec22d88cbc4bdf33b4"}, {@device_a, @device_a, 0x87, "9958a112d0e736102a0359a55af3bffd24c0e3d603b30e5478d3ae13aeba80833b6846b2abc1a53375e4004be6d8a657e246217f64df0a84dd02acea3d39bd75af012f4e97225957d208d6229543bfd595f9b7aa11a71079dcb0dece39827c6568a7d010dcea971bde43f81b946d7184f38a8c2a3a9f025e0d9593145272b2bb1614dec6a8e033"}, {@device_b, @device_a, 0x64, "609f0002da2014bc2e335a5ae4113523e478edea36523c27e765d8f9b2c588583cfd88c8a2bb6f1806f6a8c57dcc22be1b37f364fb2aea875b09328327f9c5b9e47924fc9534edd25c8f0a3ed8daf81c2e93bbab42854131b7357b8bad9838fe801e75c4"}, {@broadcast, @device_a, 0x28, "adaee15d4d7e97a0299c35f767832c681050c3d3b5332d4feea0fea2535fe77345193b9595398c6d"}, {@device_b, @device_b, 0x23, "894897943beaada4f13f99a9f90c99348a0485a24bf8a93fe493f7ce93c51f63e3184c"}, {@device_a, @device_b, 0x3d, "08d1ceafadac57899786319899e20fe4cfc6e2ce0d4c52c72237a24848eb6180051e02d12c33fa7a0b7a704928a1448ef568d5967c0f83701cef64e3e0"}, {@device_a, @device_a, 0x2, "10e8"}, {@device_a, @device_b, 0x26, "e881c469be6934ad608959acb6acb5e7848345354f6fd9d6a19e22238904b53d8beafc1b3cf5"}]}, 0x1268)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000740)=@data_frame={@no_qos=@type01={{0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x7}, @device_a, @random="4bedefa303be", @device_a, {0x7, 0x20}}, @a_msdu=[{@device_a, @device_a, 0x27, "46231aa08a4c4dd569cc8117256df3fd8d5bec180f7ee6a3204bd81e5d5c4fa36f34d5eda86bde"}, {@device_b, @device_b, 0x1000, "2ef2f617f01355a52b6d6f665a6e7e2cdf90c8d0664ef74ff34eda22c3f6852fbe06f3767cbfd05af69ed2d971839611dd20a1f701b64fc6a9c688492ba1be0c70b9f51958c8fed9a41ceedb49d8f17f19ea6671c3e02f0ac5ba8342a2de909c156355d524b1ce5980f1a9034a5ae822e898bb09a23e880b67213646340d9a546ef3133ab3b2a4e47146a6ac460c4c9bbac45414897de6254b56d3064bc1fdadef4c040487f12aebb6f40b7bd60e43bc4344e9f084e2feb0d02bb762e80563e021971bdaf7538ca50fa81dfa7a33729d394728f067553a00c5a5362edc768352fd672f632b070b6dda154c11d12119db98211fe0ac63f65cfb8bdd375e9a4dee99e5614e3d25472c10fa342d12bd5c7370e31d835655919aa404981125a876181a1b278a936e95f693c64436a1d974c3e383b39577f8b1070b7f20bb5f3e25bab6d66b3e6438271f3483d1d4129a1c5de5a2445901c10155afb9a571e763eb4c267137391b241d9e834b14910319b4578d923aec708eb52fb7c364cbfb602a033e0cdee5c0afab77378890ec48921499597707b04ae08f958249360a2daa0ab18c3f81676c901fc5400f79d5f369b159bc9f58abfefd70720093a0e18fd13dd1ef32b3bed138545a6e1aabca8e16e11a4c8cd2a5594768eab939f94fab5dc945ff73228448f00f60c3d562d16b6bdbdaf78d5d5b7464e6a2f564957616448cb32bd264ed5f2a441cf6e7f0ff909369e5230e5343d49725c51ffe45221db6c01ac6953d8fb94e7cc7d564d597b6737d830783284fd1b6883580e013199f6e5b8ce85076b122d2e4ca168966c3dbaa16431812250eae990d15c8a06242dfb1464a50dbb9356d57662dc31f1fffdf668fcadcef429e87127311ec5e6dd7888849725e8008b6ac40e8acce8a9dd64f92710724e003df9c1076543dc0d2bc8e069f84524f905f7848b933b271247fe31e29249bf2b045479c9be480c3511bb38406c6bd11747d5ccc56f064a996eb3b78f42669aa3b56fc5a43bc7ca460e0d8296a500d5fc78658fd2bd93060e5405cf7f883095387ac012f165ab697dbae926819ca27fc91e44c9f4f9d9701e06b845901cff814c2e9cf5dda1548ae49d805f3738b7c3fe94b96603d346d3cf8c0568f54fa62ef86a5e4f44e426d0c92b20d39c57aeb36e75456dc23634bccf1e43bb84af4ad08312314192fe056f4c1c55d2898b02979616234f5c51e0ffccd74ff3c24b72e6d5f108afff10b315b3045a7567eaae60479d50c1c0907d730940fb1fc4b2cf6111680af5d48f42bee45fc14754d28de8f1e6817c42faad80e94e556aa63852797a99220799e68ed57e20be2ce6b4f95d32ccb69653a1f2f9555553568dc9359f7fee50c12fb0eb4c875924b667b33324790fc06a8d17b450c91a973edc2c4c7150f1166e793ad23676b12ea66a884c28bbaf33d21f5566a2f6ccf1844c2d56a80a790e1bd114f3038e2703dc22af001abd2942124b8482ff378d8efe70ec0174ee54392ff4bf76e678ca41d1fd4536d8574cf96f3541117cfdefe1de814bd0748915cb83d7f19c7e0430829c76c75c612f5904e593526c746f45158c70dbcbf7cbc35fa59bae51c551feb2bc056eb4c6bfc185e07c6c76f07f2e6b824d9852e0f544b8b94528ae7ea4a347d0d89347d6dc2395394285f7e92b121a62bb8653b049ecc0225d9f74a3a5074969df5b360e1cc17e987a661870d56c2727299483fd772b4dedd76277d9d6dddde7fdb3a1462aeab26f5bec998529fc424bd6ea01336272c0c7cfd0e3b17c91faf127215145874875a201b461f47e74e31138a447773d0028fd805751abb4b20531e0b7fe7defd045c38ae75f9c7231ee831e8949b3d02cfee65e034ed90d450015a371b1fdfd53d41bdd87b5854a7e89b15a2dea7f43175feac4e0aa8f37e716637b33bb9992ddefb07da161aa84cc7612a97648989fcc4ee296e7ed4101efa45cc5289fba9c75396378e28211515757a7fbab8dbd211e10cac4a33d402b9ff207e9ec5bc1563aa28aff79d57d9cf86ecc801373dae91d75282747e543f570f493fdce1df9c67d2c2c843e9f318af50b0bb542321c0f15716db93d8bdb853fe18f01d7f4cb9ad7ed1e8e44d5811ac1eda2aabd24c2ae25e096fe9eab8de4eb33972e54d30319e3ff03b27d51cd0fc1fc9129899adbeea9501f989099d0253ca1c9d632018a33f3a67caf7350b6f11818930b26477e5c409175846623e6e596e8463641adb2b390878bfe125417f39473ec41fff312ff13b25d46bfce3c367914f449a656962e86e97f403b83a15c296b5290d1dbc60290f9b0d570b4efc18898a8c1b99105c1e1ee8a6729e724ce80ee1538c6ad8e1ec5952e12ffc8faeb933944fd3273d50a2a7d561be6103b200d7e8343ba60d4d711be8a7c8bf7e9ae1f84e593dc849323edf3088a83bc44891afd757fc9b5e9bd2612c7cad603e1304da1007a7a08f1dd84f5fdda302e0af9e0c22f2764b8ea00438122372cc38a2452a2b635f283f0f6335f231ce687d69fff5dff2d72051cffea164c93271106d4593bcbfc6f97b79d5d41da75b1117f4c4c63db5e5a2f88a571e17ddf174d3784def00646ac6c62690ebfed622deb4dd327d2bf20478500257458575ce1d3c0a9ee95ab0d93357a6b64c5c411b8a44ca1199a5d98911d83a6578479c6a1e74853516b5c0a9f4fcb9658647498350d2711b00bb7220b6d6132c0c83c9da602f469de968186fab49ad1e2d172b5d875137965548372d7b1c6fc6a154236b67558123670e9b70f43f3b2b6d23c3bde367ca624323e5bec75246f72c099e067d4be342d77c29e1f84426ee6899bba5cf7553887e59cabf8373a1fee5fca91077059aafbe8bc1b73261f14b2ce70ac1c9a6072932f22d9a9cd7d0e6b5b866af22a7d4794935bbd4b7bdb8a2c069a8b3268ac0bdf64f10e2e7b96cd1ebafb08018c96bf2ddb75a35325ba5082906fc2b49857f962719ac36b7f0a984995ae8c1dabd03916cf0113f35a9ef414880ac4bebee392968fcf24a87f1423bb745e54bb98d98952e3609f9a1b51874cd423ed2758e8507bf47672420dac0c37cde8dacc2be2ce09f64208dfbe2101ba4cc65ee1bdf698ddcad8718a0da3be944028327404bb8c8e699e39d97de04de5d9558dca57c1818d8901cb82c55694ac77b7ace0ce08054eccf3e7fcf247064e0d37c3d79ca34f1242a0893bad9317f404ac9b7347e2e861cce2cf1fdd31548d346bb0b142a057298f3c767c480d20d34d4b0ca3f6388ff778b30f6e4ce16b0163d61a2746b398451a1315632528f1ace3d1708f1398e9acdfdf7b1720591bc30c953b361c8677715cf2da5c3d35fde1b4c78c863eccbaac28a79d576c654de77cb28503e44bdf8705ec8329104a890a612b31e5c5833cde627c2ebc500c617585fa0f662ad525ed2e31babf12c0d368bab33b2a5eddb750823b12eeb476aabc252016c61a0f0aa0c926898defe3a55a01a9a822b267e52e78c87ba6f46918745851d0d6b0b5c516ebf22f576d2437c25f9ff76502bb22ece993910b4e6baef9210fecaa17dfb800f5ff0f555e2517ce8a9addc6cbf681e593d9ab4dd67f85e976ca750096b1483cf54fca70e6d99b69cf7b22260964d6c813364bca700ac4030f79194320ac5cb235d4af7482ac643b9b544deee57ae10007a832a9b5841f8b489e2e67d45c10df497bd7a25130477b9d9d9cab8fb782603d6866006b51f8cc6260d416f6a15fd9cf02515ac47ad0997de7a4bf812be062e2c327fef49a669fa4ec5daa81c15291df70aaaa431d2b2c609e0b9bfcea02f152c194e069735363c87d67d382584028fb45a691f94cc0405ab13db2964325d9a1dd29e42ce4082d64d658570654fe64edad60eacb28249cc2bd0d79b03a08a8777b9c4aa8e4610bf63cc7504d633727536bd5aea75aa36ce20bdc188cd5d9ae42fedecd865fdf5494d97c9bcd54d44cbe1553b8f18513c611a93e89bc134fb1db3f19485124bf64cf4d3589f78af26fd9deb9011104a73bbaac69d74b25eb29b62dc191cb88ea61635f2bda82249d23b090e3d03ccd882437d411764acccdedc2189bb4e3b5cd8be74e4eef4bd6d101aca3e4be1d9c2536076f04da4f76a8c89cde609e4c3f7c447f880efb732970fa85f8264d17f6475a61157b61337b7e22614a87cb036ee027b1abc41812746b5ff43d2dc2166755183b450396903cf478d088ad12f737343d02efb5120e75da2bb624f63a2ea5fe6948a6bc1dda432360d11c59c0f73c9dba96d213384ed62736ea322abf1b8c4d2bbf2167162df4b3b962764a8a155206d89cf8c1e6179776a2d4dc7ccea12bb9e10e4d0c2ef3a2735d0539bc582219f97c17f28fef4f813a2ba40a86766c98f70f04b6b238352a67dbf36ada077cc00dd84ba74671b6f326e118b5732fb6d357750c4125f7c1040a310d5beeca5fb2a6feeeace4a82792f9c33d8c99728e8f2f9cf71974584422aee437e86e64c8e1af34af20b22576ac38dead3c42e34aa06b1798bd66e476542988a2b891dbd127818fe89f8d4fcd545ab7ae48fce90b4aea7dc55e4743df94e498c86a3d99240f33b7791f6bfa47f016c37b21d3718dc7d0a214a7af464deed8cceede13fad495359355a6414def3cd502d18bc69cee22590e48926e101251d77a087f1294226ee015a92704e96e7e1daf0f090833d6d5a26189cabb68393d61287ffeb099a2b9492eb756941283f21760fa7624877046a6cc29256c30295839b1a740553f5acda4ed3bcc16ff9b7c41cb37d9198152102cefd427cfd35790a179dff772f98f9637ec4e88ece34ca540c8465114d04f6388b8a81d36a0cb7744d4f246c4faa73df3eeea3c936bd3369278b2f0f98f79602d69d10907fd5b61c5eefc6ece1e6c3511ce76c497f9090387ea198688de99594bb9540a05d81c8b421cd049fde09ed8d6c1cc144d931aa096913cbd285b3549354b268de9ab70f0c8a391ebc02fa10a0c402a23a3126fbed96eb5152b2bf11befa6b8d11784c95d5f465d6956ca0bce4a1aaa0cba70948db1cba73641290b87772b5abcbd952652f6ee27ac2c0f7b0b12a5514eecb9de1369274d7638ef4fa12291c563747e55a752f87d44372bb41e013d9e4c6dbb16408f23e3d20f60bba7e9541ea2e234f45f25a44182633ed368e8c9e8a61dd77ade3386465cb62425397736295ab7d095cff2560202b936fa48efa0bb280c7621f5a2f8df88bd21839e3d08a59c74d8964b1295e39d08764f77486911278acef07242eea47f8e74e1b3aa1e1f9ccc58fd13349535f840e89140583a6648b23d6b165e7fa969cc7c6fbe65ddeb306c81c5b994de89ab11e13cd47de46bd8b36057a9cf65efe4cf0ac00c11a50d9108197699477c1756f0fc5372abd8463620d4e914050d8f4a425214e64c1f78f1508a1589167a35e4cf65384f3ef03ab6a705854d1662100b2da9c74bbd375cf0852a98b6d0580551610d748544783816b153bb3aba347433e1154e1d1c49d00c6c800cedca87a3067631cfabbd927b139c40b301fe34bd59c63a1485ca7284940e4714ebf6b38506f668dd7e583e9ccd6d3bd2ad20fcdc268a398d910518c6176825de6ba74a4924c817ff287b78c4bc9c1044d8064a6efd1e5a867c671c90d10ad25fa1ec22d627790e1b19aff896fc80090e4ddb8af64ad8905c1a08f0479ce98da4bfeb40c66e5463aa539d400a7eac3fc8582247df732a8b515a4e5efd73d60ec22d88cbc4bdf33b4"}, {@device_a, @device_a, 0x87, "9958a112d0e736102a0359a55af3bffd24c0e3d603b30e5478d3ae13aeba80833b6846b2abc1a53375e4004be6d8a657e246217f64df0a84dd02acea3d39bd75af012f4e97225957d208d6229543bfd595f9b7aa11a71079dcb0dece39827c6568a7d010dcea971bde43f81b946d7184f38a8c2a3a9f025e0d9593145272b2bb1614dec6a8e033"}, {@device_b, @device_a, 0x64, "609f0002da2014bc2e335a5ae4113523e478edea36523c27e765d8f9b2c588583cfd88c8a2bb6f1806f6a8c57dcc22be1b37f364fb2aea875b09328327f9c5b9e47924fc9534edd25c8f0a3ed8daf81c2e93bbab42854131b7357b8bad9838fe801e75c4"}, {@broadcast, @device_a, 0x28, "adaee15d4d7e97a0299c35f767832c681050c3d3b5332d4feea0fea2535fe77345193b9595398c6d"}, {@device_b, @device_b, 0x23, "894897943beaada4f13f99a9f90c99348a0485a24bf8a93fe493f7ce93c51f63e3184c"}, {@device_a, @device_b, 0x3d, "08d1ceafadac57899786319899e20fe4cfc6e2ce0d4c52c72237a24848eb6180051e02d12c33fa7a0b7a704928a1448ef568d5967c0f83701cef64e3e0"}, {@device_a, @device_a, 0x2, "10e8"}, {@device_a, @device_b, 0x26, "e881c469be6934ad608959acb6acb5e7848345354f6fd9d6a19e22238904b53d8beafc1b3cf5"}]}, 0x1268) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async)

[ 1113.879772][T20191] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1113.913204][ T5112] usb 5-1: Using ep0 maxpacket: 8
[ 1113.972772][T20191] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1113.988236][T20201] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1114.053542][ T5112] usb 5-1: config 0 has an invalid interface number: 65 but max is 2
[ 1114.063463][ T5112] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3
[ 1114.072499][ T5112] usb 5-1: config 0 has no interface number 0
[ 1114.087300][ T5112] usb 5-1: config 0 interface 65 altsetting 64 endpoint 0xF has an invalid bInterval 0, changing to 7
02:36:53 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r5, &(0x7f0000000600)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], 0x3c}}, 0x50)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000009c0)=ANY=[@ANYBLOB="4c00000010001fff000000000000000000000000246b92d826752cc9636bfcbba8aa51db77567cbb3385532939642b6e15a27ad48478b99f2abda5e4ec239b8b01eda8a3f22642c1e3de552935b20f1b793f518d1395e4d42a99d1d15a8906641f4a71c90645bd3e19badc63da650e24719bc2498a6f56976fa24d79ae1fa8fc6aebec64", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800500260000000000080005000000000008000a00", @ANYRES32=r6, @ANYBLOB], 0x4c}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r9, &(0x7f0000000600)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010008506eb9afc4cd8d06e754a0081c5", @ANYRES32=r10, @ANYBLOB="2377f292252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_ARPTABLES={0x5}, @IFLA_BR_STP_STATE={0x8}]}}}, @IFLA_MASTER={0x8, 0xa, r10}]}, 0x4c}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000004c0)={'team0\x00', <r11=>0x0})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000600)={'sit0\x00', &(0x7f0000000500)={'sit0\x00', <r12=>0x0, 0x80, 0x8, 0x6, 0x9, {{0x2e, 0x4, 0x3, 0x2, 0xb8, 0x65, 0x0, 0x4, 0x29, 0x0, @multicast1, @rand_addr=0x64010101, {[@ra={0x94, 0x4, 0x1}, @noop, @timestamp={0x44, 0x18, 0xbc, 0x0, 0x0, [0x8f, 0xc, 0x20, 0x7, 0x3f]}, @rr={0x7, 0xb, 0xe, [@local, @loopback]}, @rr={0x7, 0x1b, 0xd9, [@rand_addr=0x64010102, @multicast1, @local, @empty, @loopback, @loopback]}, @timestamp_prespec={0x44, 0x2c, 0xde, 0x3, 0x0, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x80000001}, {@private=0xa010102, 0x8}, {@loopback, 0xd7}, {@loopback, 0xfff}, {@dev={0xac, 0x14, 0x14, 0xa}, 0x1}]}, @ssrr={0x89, 0x7, 0x41, [@multicast2]}, @end, @timestamp_addr={0x44, 0x2c, 0x12, 0x1, 0x3, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x9}, {@remote, 0x8}, {@private=0xa010100, 0x6}, {@local, 0x8}, {@multicast2, 0x80000001}]}]}}}}})
sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000740)=ANY=[@ANYRES8=r1, @ANYRES16=0x0, @ANYBLOB="00042cbd7000fedbdf250200000080000180080003000000000008000300020000001400020067656e65766531000000000000000000140002006970766c616e300000000000000000001400020076657468315f746f5f687372000000001400020076657468315f746f5f7465616d00000008000100", @ANYRES32=0x0, @ANYBLOB="1400020070696d367265670000000000000000001400018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="3c00018008000300010000001400020076657468305f766972745f7769666900140002007866726d30000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="1c000180080003000000080001000000", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="2000018008000100", @ANYRES32=r10, @ANYBLOB="1400020067726530000000000000000000000000340001801400020076657468315f746f5f62726964676500140002006970766c616e3000000000000000000008000100", @ANYRES32=r11, @ANYBLOB="3c000180140002007866726d30000000000000000000000008000100", @ANYRES32=r12, @ANYBLOB="1400020076657468305f746f5f627269646765000800030002000000a00001801400020069703665727370616e300000000000001400020076657468305f746f5f687372000000001400020076657468315f766c616e000000000000140002006261746164765f736c6176655f30000014000200766972745f7769666930000000000000080003000300000008000100", @ANYRES32=0x0, @ANYBLOB="140002007465616d5f736c6176655f310000000014000200776c616e310000000000000000000000180001801400020073797a6b616c6c657231000000000000"], 0x248}, 0x1, 0x0, 0x0, 0x20000840}, 0xabd5f7125505d734)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
r13 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r13, 0x5423, &(0x7f0000000000)=0x1b)
r14 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r13, r14, 0x0, 0x20000023896)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r14)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="5000000008021100c394eb0853cd91aa000000000000000602021d028b960c1218240000000000000dc96c08aafd2f9ed701407d90f6b9089e1772aa201ef91ab7f107d6020ff789f9c1a91254d02f3327fe669b65420715a92719b7941b0d848b0de9ee2a6d6b53efcc50fec8a0431e3e4d0e3ae213f22123e39200"/137], 0x36)

[ 1114.098704][ T5112] usb 5-1: config 0 interface 65 altsetting 64 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1114.153349][ T5112] usb 5-1: config 0 interface 65 altsetting 64 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1114.178436][T20195] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1114.210879][T20195] kvm: pic: level sensitive irq not supported
[ 1114.210960][T20195] kvm: pic: non byte read
[ 1114.223270][T20195] kvm: pic: level sensitive irq not supported
[ 1114.223341][T20195] kvm: pic: non byte read
[ 1114.328780][ T5112] usb 5-1: config 0 interface 65 has no altsetting 0
[ 1114.373525][T20223] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1114.383441][ T5112] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a1, bcdDevice=1e.eb
[ 1114.404931][T20223] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[ 1114.483859][ T5112] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1114.514503][T20224] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1114.537438][ T5112] usb 5-1: config 0 descriptor??
[ 1114.606077][ T5112] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.65/input/input49
[ 1114.658523][T20230] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1114.715777][T20223] bond2: entered promiscuous mode
[ 1114.751796][T20223] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1114.857395][ T5113] usb 5-1: USB disconnect, device number 38
[ 1114.873211][    C1] xpad 5-1:0.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1114.882495][    C1] xpad 5-1:0.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1114.913178][ T5113] xpad 5-1:0.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[ 1115.062856][T20227] bond2: (slave bridge2): making interface the new active one
[ 1115.106351][T20227] bridge2: entered promiscuous mode
[ 1115.126749][T20227] bond2: (slave bridge2): Enslaving as an active interface with an up link
02:36:55 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xdd4, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:55 executing program 5:
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000013000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f000f011c268ee0", 0x3e}], 0x1, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004c7], 0x0, 0xe02})
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000200)={0xbe, 0x0, 0x1})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

02:36:55 executing program 3:
r0 = openat$sequencer2(0xffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$sequencer(r0, 0x0, 0x0)

02:36:55 executing program 4:
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000014da2108ab12a190eb1e000000010902240003000000000904414017ff5d010009050f1f0100000000090583034f"], 0x0)
syz_open_dev$evdev(&(0x7f0000000040), 0x4, 0x6003)

02:36:55 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async, rerun: 64)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0}) (rerun: 64)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async, rerun: 32)
r3 = socket$netlink(0x10, 0x3, 0x0) (async, rerun: 32)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r5, &(0x7f0000000600)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], 0x3c}}, 0x50)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000009c0)=ANY=[@ANYBLOB="4c00000010001fff000000000000000000000000246b92d826752cc9636bfcbba8aa51db77567cbb3385532939642b6e15a27ad48478b99f2abda5e4ec239b8b01eda8a3f22642c1e3de552935b20f1b793f518d1395e4d42a99d1d15a8906641f4a71c90645bd3e19badc63da650e24719bc2498a6f56976fa24d79ae1fa8fc6aebec64", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800500260000000000080005000000000008000a00", @ANYRES32=r6, @ANYBLOB], 0x4c}}, 0x0) (async)
r7 = socket$netlink(0x10, 0x3, 0x0) (async)
r8 = socket$netlink(0x10, 0x3, 0x0) (async)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) (async)
getsockname$packet(r9, &(0x7f0000000600)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010008506eb9afc4cd8d06e754a0081c5", @ANYRES32=r10, @ANYBLOB="2377f292252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x0) (async)
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_ARPTABLES={0x5}, @IFLA_BR_STP_STATE={0x8}]}}}, @IFLA_MASTER={0x8, 0xa, r10}]}, 0x4c}}, 0x0) (async, rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000004c0)={'team0\x00', <r11=>0x0}) (rerun: 64)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000600)={'sit0\x00', &(0x7f0000000500)={'sit0\x00', <r12=>0x0, 0x80, 0x8, 0x6, 0x9, {{0x2e, 0x4, 0x3, 0x2, 0xb8, 0x65, 0x0, 0x4, 0x29, 0x0, @multicast1, @rand_addr=0x64010101, {[@ra={0x94, 0x4, 0x1}, @noop, @timestamp={0x44, 0x18, 0xbc, 0x0, 0x0, [0x8f, 0xc, 0x20, 0x7, 0x3f]}, @rr={0x7, 0xb, 0xe, [@local, @loopback]}, @rr={0x7, 0x1b, 0xd9, [@rand_addr=0x64010102, @multicast1, @local, @empty, @loopback, @loopback]}, @timestamp_prespec={0x44, 0x2c, 0xde, 0x3, 0x0, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x80000001}, {@private=0xa010102, 0x8}, {@loopback, 0xd7}, {@loopback, 0xfff}, {@dev={0xac, 0x14, 0x14, 0xa}, 0x1}]}, @ssrr={0x89, 0x7, 0x41, [@multicast2]}, @end, @timestamp_addr={0x44, 0x2c, 0x12, 0x1, 0x3, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x9}, {@remote, 0x8}, {@private=0xa010100, 0x6}, {@local, 0x8}, {@multicast2, 0x80000001}]}]}}}}})
sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000740)=ANY=[@ANYRES8=r1, @ANYRES16=0x0, @ANYBLOB="00042cbd7000fedbdf250200000080000180080003000000000008000300020000001400020067656e65766531000000000000000000140002006970766c616e300000000000000000001400020076657468315f746f5f687372000000001400020076657468315f746f5f7465616d00000008000100", @ANYRES32=0x0, @ANYBLOB="1400020070696d367265670000000000000000001400018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="3c00018008000300010000001400020076657468305f766972745f7769666900140002007866726d30000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="1c000180080003000000080001000000", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="2000018008000100", @ANYRES32=r10, @ANYBLOB="1400020067726530000000000000000000000000340001801400020076657468315f746f5f62726964676500140002006970766c616e3000000000000000000008000100", @ANYRES32=r11, @ANYBLOB="3c000180140002007866726d30000000000000000000000008000100", @ANYRES32=r12, @ANYBLOB="1400020076657468305f746f5f627269646765000800030002000000a00001801400020069703665727370616e300000000000001400020076657468305f746f5f687372000000001400020076657468315f766c616e000000000000140002006261746164765f736c6176655f30000014000200766972745f7769666930000000000000080003000300000008000100", @ANYRES32=0x0, @ANYBLOB="140002007465616d5f736c6176655f310000000014000200776c616e310000000000000000000000180001801400020073797a6b616c6c657231000000000000"], 0x248}, 0x1, 0x0, 0x0, 0x20000840}, 0xabd5f7125505d734)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
r13 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r13, 0x5423, &(0x7f0000000000)=0x1b)
r14 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r13, r14, 0x0, 0x20000023896) (async, rerun: 64)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r14) (rerun: 64)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="5000000008021100c394eb0853cd91aa000000000000000602021d028b960c1218240000000000000dc96c08aafd2f9ed701407d90f6b9089e1772aa201ef91ab7f107d6020ff789f9c1a91254d02f3327fe669b65420715a92719b7941b0d848b0de9ee2a6d6b53efcc50fec8a0431e3e4d0e3ae213f22123e39200"/137], 0x36)

[ 1115.472216][T20238] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
02:36:55 executing program 3:
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
mlock(&(0x7f0000000000/0x11000)=nil, 0x11000)
ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000100)={0x0, 0x7ff, 0xcf, 0xb, 0x98})
shmget$private(0x0, 0x1000, 0x100, &(0x7f0000009000/0x1000)=nil)
msync(&(0x7f0000007000/0x2000)=nil, 0x2000, 0x2)
set_mempolicy(0x3, &(0x7f0000000240)=0x20000000000003f7, 0x80)
r0 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)

[ 1115.616536][T20238] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1115.683949][   T27] audit: type=1800 audit(1689907015.440:39): pid=20247 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
02:36:55 executing program 3:
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
mlock(&(0x7f0000000000/0x11000)=nil, 0x11000)
ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000100)={0x0, 0x7ff, 0xcf, 0xb, 0x98})
shmget$private(0x0, 0x1000, 0x100, &(0x7f0000009000/0x1000)=nil)
msync(&(0x7f0000007000/0x2000)=nil, 0x2000, 0x2)
set_mempolicy(0x3, &(0x7f0000000240)=0x20000000000003f7, 0x80)
r0 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)

[ 1115.783295][ T5113] usb 5-1: new high-speed USB device number 39 using dummy_hcd
02:36:55 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0) (async)
r4 = socket$netlink(0x10, 0x3, 0x0) (async)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) (async)
getsockname$packet(r5, &(0x7f0000000600)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], 0x3c}}, 0x50) (async)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000009c0)=ANY=[@ANYBLOB="4c00000010001fff000000000000000000000000246b92d826752cc9636bfcbba8aa51db77567cbb3385532939642b6e15a27ad48478b99f2abda5e4ec239b8b01eda8a3f22642c1e3de552935b20f1b793f518d1395e4d42a99d1d15a8906641f4a71c90645bd3e19badc63da650e24719bc2498a6f56976fa24d79ae1fa8fc6aebec64", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800500260000000000080005000000000008000a00", @ANYRES32=r6, @ANYBLOB], 0x4c}}, 0x0) (async)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r9, &(0x7f0000000600)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010008506eb9afc4cd8d06e754a0081c5", @ANYRES32=r10, @ANYBLOB="2377f292252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_ARPTABLES={0x5}, @IFLA_BR_STP_STATE={0x8}]}}}, @IFLA_MASTER={0x8, 0xa, r10}]}, 0x4c}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000004c0)={'team0\x00', <r11=>0x0}) (async)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000600)={'sit0\x00', &(0x7f0000000500)={'sit0\x00', <r12=>0x0, 0x80, 0x8, 0x6, 0x9, {{0x2e, 0x4, 0x3, 0x2, 0xb8, 0x65, 0x0, 0x4, 0x29, 0x0, @multicast1, @rand_addr=0x64010101, {[@ra={0x94, 0x4, 0x1}, @noop, @timestamp={0x44, 0x18, 0xbc, 0x0, 0x0, [0x8f, 0xc, 0x20, 0x7, 0x3f]}, @rr={0x7, 0xb, 0xe, [@local, @loopback]}, @rr={0x7, 0x1b, 0xd9, [@rand_addr=0x64010102, @multicast1, @local, @empty, @loopback, @loopback]}, @timestamp_prespec={0x44, 0x2c, 0xde, 0x3, 0x0, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x80000001}, {@private=0xa010102, 0x8}, {@loopback, 0xd7}, {@loopback, 0xfff}, {@dev={0xac, 0x14, 0x14, 0xa}, 0x1}]}, @ssrr={0x89, 0x7, 0x41, [@multicast2]}, @end, @timestamp_addr={0x44, 0x2c, 0x12, 0x1, 0x3, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x9}, {@remote, 0x8}, {@private=0xa010100, 0x6}, {@local, 0x8}, {@multicast2, 0x80000001}]}]}}}}})
sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000740)=ANY=[@ANYRES8=r1, @ANYRES16=0x0, @ANYBLOB="00042cbd7000fedbdf250200000080000180080003000000000008000300020000001400020067656e65766531000000000000000000140002006970766c616e300000000000000000001400020076657468315f746f5f687372000000001400020076657468315f746f5f7465616d00000008000100", @ANYRES32=0x0, @ANYBLOB="1400020070696d367265670000000000000000001400018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="3c00018008000300010000001400020076657468305f766972745f7769666900140002007866726d30000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="1c000180080003000000080001000000", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="2000018008000100", @ANYRES32=r10, @ANYBLOB="1400020067726530000000000000000000000000340001801400020076657468315f746f5f62726964676500140002006970766c616e3000000000000000000008000100", @ANYRES32=r11, @ANYBLOB="3c000180140002007866726d30000000000000000000000008000100", @ANYRES32=r12, @ANYBLOB="1400020076657468305f746f5f627269646765000800030002000000a00001801400020069703665727370616e300000000000001400020076657468305f746f5f687372000000001400020076657468315f766c616e000000000000140002006261746164765f736c6176655f30000014000200766972745f7769666930000000000000080003000300000008000100", @ANYRES32=0x0, @ANYBLOB="140002007465616d5f736c6176655f310000000014000200776c616e310000000000000000000000180001801400020073797a6b616c6c657231000000000000"], 0x248}, 0x1, 0x0, 0x0, 0x20000840}, 0xabd5f7125505d734)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
r13 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r13, 0x5423, &(0x7f0000000000)=0x1b) (async)
r14 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r13, r14, 0x0, 0x20000023896)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r14)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="5000000008021100c394eb0853cd91aa000000000000000602021d028b960c1218240000000000000dc96c08aafd2f9ed701407d90f6b9089e1772aa201ef91ab7f107d6020ff789f9c1a91254d02f3327fe669b65420715a92719b7941b0d848b0de9ee2a6d6b53efcc50fec8a0431e3e4d0e3ae213f22123e39200"/137], 0x36)

02:36:55 executing program 2:
r0 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r0, 0x107, 0x0, &(0x7f00000000c0), &(0x7f0000000080)=0xffffffd1)

[ 1115.972579][   T27] audit: type=1800 audit(1689907015.730:40): pid=20255 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0
02:36:55 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xddc, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:55 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x0, 0x0, {}, [{@nsim={{0x76}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8}}]}, 0x64}}, 0x0)

02:36:55 executing program 3:
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
mlock(&(0x7f0000000000/0x11000)=nil, 0x11000)
ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000100)={0x0, 0x7ff, 0xcf, 0xb, 0x98})
shmget$private(0x0, 0x1000, 0x100, &(0x7f0000009000/0x1000)=nil)
msync(&(0x7f0000007000/0x2000)=nil, 0x2000, 0x2)
set_mempolicy(0x3, &(0x7f0000000240)=0x20000000000003f7, 0x80)
r0 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)

[ 1116.021986][T20258] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1116.043208][ T5113] usb 5-1: Using ep0 maxpacket: 8
[ 1116.060529][T20257] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
02:36:55 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

[ 1116.146720][ T1232] ieee802154 phy0 wpan0: encryption failed: -22
[ 1116.153211][ T1232] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.157850][T20257] bond3: entered promiscuous mode
[ 1116.165175][ T5113] usb 5-1: config 0 has an invalid interface number: 65 but max is 2
[ 1116.173601][ T5113] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3
[ 1116.182496][ T5113] usb 5-1: config 0 has no interface number 0
[ 1116.191301][T20257] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1116.203069][ T5113] usb 5-1: config 0 interface 65 altsetting 64 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1116.220084][ T5113] usb 5-1: config 0 interface 65 altsetting 64 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1116.223114][T20260] bond3: (slave bridge3): making interface the new active one
[ 1116.232119][ T5113] usb 5-1: config 0 interface 65 altsetting 64 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1116.253220][ T5113] usb 5-1: config 0 interface 65 has no altsetting 0
[ 1116.260045][ T5113] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a1, bcdDevice=1e.eb
[ 1116.276708][ T5113] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
02:36:56 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

[ 1116.300412][ T5113] usb 5-1: config 0 descriptor??
[ 1116.309813][T20260] bridge3: entered promiscuous mode
[ 1116.318298][T20260] bond3: (slave bridge3): Enslaving as an active interface with an up link
[ 1116.328161][T20264] netlink: 13 bytes leftover after parsing attributes in process `syz-executor.5'.
02:36:56 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0500000000000061b5fe19c667b8af88e751", @ANYRES32=r2, @ANYBLOB="11002a00dd0b6162636465666768696a6b00000010002d800a0000000202020202020000"], 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc01cf509, &(0x7f0000000000)={<r3=>r0, 0x2, 0x8, 0x10000})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0x1f}]}]}]}]}, 0x2c}}, 0x0)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000000)=0x1b)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r8, r9, 0x0, 0x20000023896)
sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x58, r5, 0x20, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x2, 0x20}}}}, [@NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x425}, @NL80211_ATTR_FRAME={0x1e, 0x33, @deauth={@wo_ht={{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x8}, @broadcast, @device_b, @initial, {0x8, 0xf01}}, 0xe, @void}}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x58}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_ABORT_SCAN(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r5, 0x400, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r10}, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x4004000)
ioctl$DMA_HEAP_IOCTL_ALLOC(r9, 0xc0184800, &(0x7f0000000480)={0x9, <r11=>0xffffffffffffffff, 0x1})
sendmsg$nl_route(r11, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)=@ipv6_getmulticast={0x14, 0x3a, 0x100, 0x70bd27, 0x25dfdbfc, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x40004050}, 0x40)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1116.347652][ T5113] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.65/input/input50
[ 1116.359471][   T27] audit: type=1800 audit(1689907016.130:41): pid=20271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="SYSV00000000" dev="hugetlbfs" ino=5 res=0 errno=0
[ 1116.384037][T20272] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1116.440180][T20270] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1116.526643][T20270] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1116.585123][T20277] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1116.628819][T13285] usb 5-1: USB disconnect, device number 39
[ 1116.634862][    C1] xpad 5-1:0.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1116.634965][    C1] xpad 5-1:0.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1116.658106][T20277] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1116.674602][T13285] xpad 5-1:0.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[ 1116.720492][T20277] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:57 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

02:36:57 executing program 3:
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
mlock(&(0x7f0000000000/0x11000)=nil, 0x11000)
ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000100)={0x0, 0x7ff, 0xcf, 0xb, 0x98})
shmget$private(0x0, 0x1000, 0x100, &(0x7f0000009000/0x1000)=nil)
msync(&(0x7f0000007000/0x2000)=nil, 0x2000, 0x2)
set_mempolicy(0x3, &(0x7f0000000240)=0x20000000000003f7, 0x80)
r0 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)

02:36:57 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xde4, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:57 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0500000000000061b5fe19c667b8af88e751", @ANYRES32=r2, @ANYBLOB="11002a00dd0b6162636465666768696a6b00000010002d800a0000000202020202020000"], 0x40}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0500000000000061b5fe19c667b8af88e751", @ANYRES32=r2, @ANYBLOB="11002a00dd0b6162636465666768696a6b00000010002d800a0000000202020202020000"], 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc01cf509, &(0x7f0000000000)={r0, 0x2, 0x8, 0x10000}) (async)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc01cf509, &(0x7f0000000000)={<r3=>r0, 0x2, 0x8, 0x10000})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0x1f}]}]}]}]}, 0x2c}}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (async)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000000)=0x1b)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r8, r9, 0x0, 0x20000023896)
sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x58, r5, 0x20, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x2, 0x20}}}}, [@NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x425}, @NL80211_ATTR_FRAME={0x1e, 0x33, @deauth={@wo_ht={{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x8}, @broadcast, @device_b, @initial, {0x8, 0xf01}}, 0xe, @void}}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x58}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_ABORT_SCAN(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r5, 0x400, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r10}, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x4004000)
ioctl$DMA_HEAP_IOCTL_ALLOC(r9, 0xc0184800, &(0x7f0000000480)={0x9, <r11=>0xffffffffffffffff, 0x1})
sendmsg$nl_route(r11, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)=@ipv6_getmulticast={0x14, 0x3a, 0x100, 0x70bd27, 0x25dfdbfc, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x40004050}, 0x40)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:57 executing program 5:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000140))
timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=<r0=>0x0)
timer_settime(r0, 0x0, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
r1 = epoll_create1(0x0)
epoll_wait(r1, &(0x7f000000affb)=[{}], 0x1, 0xfffffffffffffef7)

02:36:57 executing program 4:
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000014da2108ab12a190eb1e000000010902240003000000000904414017ff5d010009050f1f0100000000090583034f"], 0x0)
syz_open_dev$evdev(&(0x7f0000000040), 0x4, 0x6003)

02:36:57 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

[ 1117.289312][T20289] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1117.297318][T20284] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1117.314535][   T27] audit: type=1800 audit(1689907017.080:42): pid=20285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="SYSV00000000" dev="hugetlbfs" ino=7 res=0 errno=0
02:36:57 executing program 5:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendto$inet6(r0, &(0x7f00000000c0)="eb", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000400)=ANY=[@ANYRES32=0x0, @ANYBLOB="ab"], 0x9)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000100)={0x0, 0xab}, 0x8)

[ 1117.324234][T20289] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1117.361615][T20292] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:57 executing program 3:
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000080)={0x4000000})
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000000)={0x4000000})
close_range(r0, 0xffffffffffffffff, 0x0)

02:36:57 executing program 2:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETS2(r0, 0x402c5829, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, "f061415bfae1bb25857f9222b2f0568cd53cfc"})

[ 1117.446164][T20284] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1117.485845][T20289] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:57 executing program 5:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendto$inet6(r0, &(0x7f00000000c0)="eb", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000400)=ANY=[@ANYRES32=0x0, @ANYBLOB="ab"], 0x9)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000100)={0x0, 0xab}, 0x8)

02:36:57 executing program 3:
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000080)={0x4000000})
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000000)={0x4000000})
close_range(r0, 0xffffffffffffffff, 0x0)

[ 1117.533281][ T5113] usb 5-1: new high-speed USB device number 40 using dummy_hcd
02:36:57 executing program 2:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
mincore(&(0x7f00001ee000/0x2000)=nil, 0x2000, &(0x7f0000001000)=""/4109)

02:36:57 executing program 5:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendto$inet6(r0, &(0x7f00000000c0)="eb", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000400)=ANY=[@ANYRES32=0x0, @ANYBLOB="ab"], 0x9)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000100)={0x0, 0xab}, 0x8)

[ 1117.783179][ T5113] usb 5-1: Using ep0 maxpacket: 8
02:36:57 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xdec, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:57 executing program 3:
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000080)={0x4000000})
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000000)={0x4000000})
close_range(r0, 0xffffffffffffffff, 0x0)

02:36:57 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0500000000000061b5fe19c667b8af88e751", @ANYRES32=r2, @ANYBLOB="11002a00dd0b6162636465666768696a6b00000010002d800a0000000202020202020000"], 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc01cf509, &(0x7f0000000000)={<r3=>r0, 0x2, 0x8, 0x10000}) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0x1f}]}]}]}]}, 0x2c}}, 0x0) (async)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000000)=0x1b) (async)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r8, r9, 0x0, 0x20000023896)
sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x58, r5, 0x20, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x2, 0x20}}}}, [@NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x425}, @NL80211_ATTR_FRAME={0x1e, 0x33, @deauth={@wo_ht={{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x8}, @broadcast, @device_b, @initial, {0x8, 0xf01}}, 0xe, @void}}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x58}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_ABORT_SCAN(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r5, 0x400, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r10}, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x4004000) (async)
ioctl$DMA_HEAP_IOCTL_ALLOC(r9, 0xc0184800, &(0x7f0000000480)={0x9, <r11=>0xffffffffffffffff, 0x1})
sendmsg$nl_route(r11, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)=@ipv6_getmulticast={0x14, 0x3a, 0x100, 0x70bd27, 0x25dfdbfc, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x40004050}, 0x40)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1117.897049][T20310] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1117.903349][ T5113] usb 5-1: config 0 has an invalid interface number: 65 but max is 2
[ 1117.926940][ T5113] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3
[ 1117.964198][ T5113] usb 5-1: config 0 has no interface number 0
[ 1117.979077][ T5113] usb 5-1: config 0 interface 65 altsetting 64 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1117.986488][T20311] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1118.003696][ T5113] usb 5-1: config 0 interface 65 altsetting 64 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1118.003822][T20315] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1118.042752][ T5113] usb 5-1: config 0 interface 65 altsetting 64 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1118.064998][T20317] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1118.088497][T20310] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1118.106651][ T5113] usb 5-1: config 0 interface 65 has no altsetting 0
[ 1118.111950][T20315] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1118.121434][ T5113] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a1, bcdDevice=1e.eb
[ 1118.142918][ T5113] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1118.168350][ T5113] usb 5-1: config 0 descriptor??
[ 1118.227534][ T5113] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.65/input/input51
[ 1118.550112][ T5113] usb 5-1: USB disconnect, device number 40
[ 1118.564102][    C1] xpad 5-1:0.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1118.582656][ T5113] xpad 5-1:0.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
02:36:58 executing program 3:
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000080)={0x4000000})
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000000)={0x4000000})
close_range(r0, 0xffffffffffffffff, 0x0)

02:36:58 executing program 5:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendto$inet6(r0, &(0x7f00000000c0)="eb", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000400)=ANY=[@ANYRES32=0x0, @ANYBLOB="ab"], 0x9)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000100)={0x0, 0xab}, 0x8)

02:36:58 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xdf4, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:58 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000000), r0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r6, 0x419, 0x0, 0x0, {{}, {0x0, 0xb}}}, 0x1c}}, 0x0)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r4, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r6, 0x0, 0x70bd2a, 0x25dfdbfb, {{}, {}, {0x8, 0x11, 0xeafa}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000040)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000280)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x5c, r1, 0x8, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x8, 0x2a}}}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x14, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x2004480}, 0x180)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:58 executing program 4:
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000014da2108ab12a190eb1e000000010902240003000000000904414017ff5d010009050f1f0100000000090583034f"], 0x0)
syz_open_dev$evdev(&(0x7f0000000040), 0x4, 0x6003)

02:36:58 executing program 2:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
mincore(&(0x7f00001ee000/0x2000)=nil, 0x2000, &(0x7f0000001000)=""/4109)

[ 1119.136225][T20324] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1119.199507][T20331] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1119.212895][T20326] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:59 executing program 3:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
mincore(&(0x7f00001ee000/0x2000)=nil, 0x2000, &(0x7f0000001000)=""/4109)

02:36:59 executing program 5:
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000540)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)=<r0=>0x0)
timer_settime(r0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000280)={0x2020}, 0xfffffded)

[ 1119.260706][T20324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:36:59 executing program 5:
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000540)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)=<r0=>0x0)
timer_settime(r0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000280)={0x2020}, 0xfffffded)

[ 1119.314533][T20326] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1119.453240][T13169] usb 5-1: new high-speed USB device number 41 using dummy_hcd
02:36:59 executing program 5:
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000540)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)=<r0=>0x0)
timer_settime(r0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000280)={0x2020}, 0xfffffded)

02:36:59 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xdfc, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:36:59 executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000000), r0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0) (async)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896) (async)
sendfile(r3, r4, 0x0, 0x20000023896)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff) (async)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r6, 0x419, 0x0, 0x0, {{}, {0x0, 0xb}}}, 0x1c}}, 0x0)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r4, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r6, 0x0, 0x70bd2a, 0x25dfdbfb, {{}, {}, {0x8, 0x11, 0xeafa}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000040)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000280)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x5c, r1, 0x8, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x8, 0x2a}}}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x14, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x2004480}, 0x180) (async)
sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000280)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x5c, r1, 0x8, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x8, 0x2a}}}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x14, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x2004480}, 0x180)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1119.733341][T13169] usb 5-1: Using ep0 maxpacket: 8
02:36:59 executing program 5:
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000540)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)=<r0=>0x0)
timer_settime(r0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000280)={0x2020}, 0xfffffded)

[ 1119.781303][T20341] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1119.826505][T20341] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1119.834030][T20343] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1119.863409][T13169] usb 5-1: config 0 has an invalid interface number: 65 but max is 2
[ 1119.881277][T13169] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3
[ 1119.909214][T13169] usb 5-1: config 0 has no interface number 0
02:36:59 executing program 5:
r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
lseek(r0, 0x0, 0x3)

[ 1119.927909][T20344] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1119.948299][T13169] usb 5-1: config 0 interface 65 altsetting 64 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1120.000593][T13169] usb 5-1: config 0 interface 65 altsetting 64 endpoint 0x83 has an invalid bInterval 0, changing to 7
02:36:59 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10001}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_INTERVAL={0x8, 0x7, 0x8}]}}}]}, 0x3c}}, 0x0)

[ 1120.042724][T13169] usb 5-1: config 0 interface 65 altsetting 64 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1120.096380][T13169] usb 5-1: config 0 interface 65 has no altsetting 0
[ 1120.131166][T13169] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a1, bcdDevice=1e.eb
[ 1120.169007][T13169] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
02:37:00 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xe04, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1120.210787][T13169] usb 5-1: config 0 descriptor??
[ 1120.245157][T20354] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1120.270165][T13169] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.65/input/input52
[ 1120.423963][T20357] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1120.565435][T13169] usb 5-1: USB disconnect, device number 41
[ 1120.583375][T13169] xpad 5-1:0.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
02:37:00 executing program 5:
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000002300)={0x6, 0x1, 0x4})
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000022c0)={0xfffffff7, 0x1, 0x4})

02:37:00 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000000), r0) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1b) (async)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r6, 0x419, 0x0, 0x0, {{}, {0x0, 0xb}}}, 0x1c}}, 0x0)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r4, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r6, 0x0, 0x70bd2a, 0x25dfdbfb, {{}, {}, {0x8, 0x11, 0xeafa}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000040) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000280)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x5c, r1, 0x8, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x8, 0x2a}}}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x14, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x2004480}, 0x180) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:00 executing program 2:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
mincore(&(0x7f00001ee000/0x2000)=nil, 0x2000, &(0x7f0000001000)=""/4109)

02:37:00 executing program 3:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
mincore(&(0x7f00001ee000/0x2000)=nil, 0x2000, &(0x7f0000001000)=""/4109)

02:37:00 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xe0c, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:00 executing program 4:
r0 = openat$vimc1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000040)={0x9})

02:37:01 executing program 5:
syz_emit_ethernet(0x7e, &(0x7f00000000c0)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @dest_unreach={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty=0x30f, {[@timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@multicast2}, {@dev}, {@remote}, {@empty}, {@local}, {@broadcast}]}, @rr={0x7, 0xb, 0x0, [@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}}}}}, 0x0)

[ 1121.209110][T20370] __nla_validate_parse: 2 callbacks suppressed
[ 1121.209130][T20370] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
02:37:01 executing program 4:
r0 = syz_open_dev$sndpcmc(&(0x7f0000000c40), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r0, 0x81204101, &(0x7f0000000c80))

02:37:01 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
syz_80211_inject_frame(&(0x7f0000000000), &(0x7f0000000380)=@data_frame={@qos_ht={{{@type10={{0x0, 0x2, 0xc, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x1f}, @random="680d6be59c8c", @device_b, @device_a, {0x9, 0x6}}, {0xd, 0x1, 0x1, 0x0, 0x7}}, {@type01={{0x0, 0x2, 0xe, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1}, {0x4}, @device_b, @from_mac, @from_mac=@device_b, {0xe, 0x7f}}, {0x0, 0x0, 0x2, 0x1, 0x5}}}, @ver_80211n={0x0, 0x20, 0x3, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}}, @a_msdu=[{@device_a, @device_a, 0x85, "48f31ced5a441cd4b4fc0571151da11739367607cd6d388cbf775adb9dc8c65734e6bf978509291fcb34fd3d3d32cfc263a4da49ed13569dd33b752e41ff891b1f8ae9fffb835000aa3704cce1d729a4a6294feaf556f0d9efdb13e415ca99bf1cd6053132a3adfc5ace3bc868587a47a0ffdab866d10a036892c789cb43957a3316eea0e9"}, {@device_b, @device_b, 0x3, "3997c5"}, {@broadcast, @device_a, 0xa5, "5836763e365dc65b6102ad441f25f46885b185aa47787bea684b2bde61d0da3df0b8246eed657565f344fdcf6b3bbe1cb688ab756fc0e3b4d8d8790ee0bae2973ae3f6495058615d884ca27ffeca5947f4ad2fde3797807829e8059a825a3a6b70fc4df4beae884429624be3da790d058696d6c6be2826a69eeab1b85ec68bcdafa142d58b3b7bb97d37c2a40fd52bcab2fd3f7f7818ca0a7eb07ccb8338c48175a8e9bcfe"}, {@device_b, @device_b, 0xca, "2265f7eca08a1e2f8827da67b166e1460d529ca3bbe9e2a66e069d25c23bede2818559fa715d69e08fe60eb0defe0157b8d82b4eebda35457a4a337de5ca0c4643bc374612004094c928ab9d6496f6b946b07c53e4fddac5617a8d3ea7e8d797e837c9f1021d5e1b3a41615ea91b279e341ac6da40515434b5e765b1a299d2db8a7397f2d1cba6a5fe240a0b7ad571914181696139fa9c15f2aa5ae00cb840c3053601dba441a57e327395ff46ea9a9f2d80e3e8f8f25e2a4c8c5a5dd822c3a8f96deede69546e31b744"}]}, 0x26c)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1121.290284][T20370] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1121.343226][T20370] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:01 executing program 5:
syz_emit_ethernet(0x7e, &(0x7f00000000c0)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @dest_unreach={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty=0x30f, {[@timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@multicast2}, {@dev}, {@remote}, {@empty}, {@local}, {@broadcast}]}, @rr={0x7, 0xb, 0x0, [@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}}}}}, 0x0)

[ 1121.413833][T20377] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:01 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x32}, 0x9c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)

[ 1121.466227][T20380] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:01 executing program 5:
syz_emit_ethernet(0x7e, &(0x7f00000000c0)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @dest_unreach={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty=0x30f, {[@timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@multicast2}, {@dev}, {@remote}, {@empty}, {@local}, {@broadcast}]}, @rr={0x7, 0xb, 0x0, [@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}}}}}, 0x0)

[ 1121.515605][T20377] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:01 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xe14, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:01 executing program 5:
syz_emit_ethernet(0x7e, &(0x7f00000000c0)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @dest_unreach={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty=0x30f, {[@timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@multicast2}, {@dev}, {@remote}, {@empty}, {@local}, {@broadcast}]}, @rr={0x7, 0xb, 0x0, [@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}}}}}, 0x0)

[ 1121.821097][T20389] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1121.902684][T20392] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1121.981952][T20389] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:02 executing program 2:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
mincore(&(0x7f00001ee000/0x2000)=nil, 0x2000, &(0x7f0000001000)=""/4109)

02:37:02 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async, rerun: 32)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0}) (rerun: 32)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async, rerun: 64)
syz_80211_inject_frame(&(0x7f0000000000), &(0x7f0000000380)=@data_frame={@qos_ht={{{@type10={{0x0, 0x2, 0xc, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x1f}, @random="680d6be59c8c", @device_b, @device_a, {0x9, 0x6}}, {0xd, 0x1, 0x1, 0x0, 0x7}}, {@type01={{0x0, 0x2, 0xe, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1}, {0x4}, @device_b, @from_mac, @from_mac=@device_b, {0xe, 0x7f}}, {0x0, 0x0, 0x2, 0x1, 0x5}}}, @ver_80211n={0x0, 0x20, 0x3, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}}, @a_msdu=[{@device_a, @device_a, 0x85, "48f31ced5a441cd4b4fc0571151da11739367607cd6d388cbf775adb9dc8c65734e6bf978509291fcb34fd3d3d32cfc263a4da49ed13569dd33b752e41ff891b1f8ae9fffb835000aa3704cce1d729a4a6294feaf556f0d9efdb13e415ca99bf1cd6053132a3adfc5ace3bc868587a47a0ffdab866d10a036892c789cb43957a3316eea0e9"}, {@device_b, @device_b, 0x3, "3997c5"}, {@broadcast, @device_a, 0xa5, "5836763e365dc65b6102ad441f25f46885b185aa47787bea684b2bde61d0da3df0b8246eed657565f344fdcf6b3bbe1cb688ab756fc0e3b4d8d8790ee0bae2973ae3f6495058615d884ca27ffeca5947f4ad2fde3797807829e8059a825a3a6b70fc4df4beae884429624be3da790d058696d6c6be2826a69eeab1b85ec68bcdafa142d58b3b7bb97d37c2a40fd52bcab2fd3f7f7818ca0a7eb07ccb8338c48175a8e9bcfe"}, {@device_b, @device_b, 0xca, "2265f7eca08a1e2f8827da67b166e1460d529ca3bbe9e2a66e069d25c23bede2818559fa715d69e08fe60eb0defe0157b8d82b4eebda35457a4a337de5ca0c4643bc374612004094c928ab9d6496f6b946b07c53e4fddac5617a8d3ea7e8d797e837c9f1021d5e1b3a41615ea91b279e341ac6da40515434b5e765b1a299d2db8a7397f2d1cba6a5fe240a0b7ad571914181696139fa9c15f2aa5ae00cb840c3053601dba441a57e327395ff46ea9a9f2d80e3e8f8f25e2a4c8c5a5dd822c3a8f96deede69546e31b744"}]}, 0x26c) (rerun: 64)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:02 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x0)
r4 = dup2(r3, r2)
sendmmsg$alg(r4, &(0x7f0000002e40)=[{0xeffdffff00000000, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="a7", 0x1}], 0x1}], 0x7ffff000, 0x0)

02:37:02 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xe1c, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:02 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x32}, 0x9c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)

02:37:02 executing program 3:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
mincore(&(0x7f00001ee000/0x2000)=nil, 0x2000, &(0x7f0000001000)=""/4109)

[ 1122.709922][T20402] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1122.778767][T20405] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1122.823974][T20412] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:02 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async, rerun: 64)
syz_80211_inject_frame(&(0x7f0000000000), &(0x7f0000000380)=@data_frame={@qos_ht={{{@type10={{0x0, 0x2, 0xc, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x1f}, @random="680d6be59c8c", @device_b, @device_a, {0x9, 0x6}}, {0xd, 0x1, 0x1, 0x0, 0x7}}, {@type01={{0x0, 0x2, 0xe, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1}, {0x4}, @device_b, @from_mac, @from_mac=@device_b, {0xe, 0x7f}}, {0x0, 0x0, 0x2, 0x1, 0x5}}}, @ver_80211n={0x0, 0x20, 0x3, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}}, @a_msdu=[{@device_a, @device_a, 0x85, "48f31ced5a441cd4b4fc0571151da11739367607cd6d388cbf775adb9dc8c65734e6bf978509291fcb34fd3d3d32cfc263a4da49ed13569dd33b752e41ff891b1f8ae9fffb835000aa3704cce1d729a4a6294feaf556f0d9efdb13e415ca99bf1cd6053132a3adfc5ace3bc868587a47a0ffdab866d10a036892c789cb43957a3316eea0e9"}, {@device_b, @device_b, 0x3, "3997c5"}, {@broadcast, @device_a, 0xa5, "5836763e365dc65b6102ad441f25f46885b185aa47787bea684b2bde61d0da3df0b8246eed657565f344fdcf6b3bbe1cb688ab756fc0e3b4d8d8790ee0bae2973ae3f6495058615d884ca27ffeca5947f4ad2fde3797807829e8059a825a3a6b70fc4df4beae884429624be3da790d058696d6c6be2826a69eeab1b85ec68bcdafa142d58b3b7bb97d37c2a40fd52bcab2fd3f7f7818ca0a7eb07ccb8338c48175a8e9bcfe"}, {@device_b, @device_b, 0xca, "2265f7eca08a1e2f8827da67b166e1460d529ca3bbe9e2a66e069d25c23bede2818559fa715d69e08fe60eb0defe0157b8d82b4eebda35457a4a337de5ca0c4643bc374612004094c928ab9d6496f6b946b07c53e4fddac5617a8d3ea7e8d797e837c9f1021d5e1b3a41615ea91b279e341ac6da40515434b5e765b1a299d2db8a7397f2d1cba6a5fe240a0b7ad571914181696139fa9c15f2aa5ae00cb840c3053601dba441a57e327395ff46ea9a9f2d80e3e8f8f25e2a4c8c5a5dd822c3a8f96deede69546e31b744"}]}, 0x26c) (async, rerun: 64)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1123.020109][T20402] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1123.226152][T20417] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:03 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="800000000802110000010802110000000802110000000000000000000000000064000100000602ec010aff02010882848b960c1218241ee91208a7003740a4c231230e9f7339b35ead594f"], 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:03 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xe24, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1123.472199][T20422] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1123.499215][T20424] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1123.607361][T20427] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1123.611766][T20422] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1123.715215][T20424] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:03 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x32}, 0x9c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)

02:37:03 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="800000000802110000010802110000000802110000000000000000000000000064000100000602ec010aff02010882848b960c1218241ee91208a7003740a4c231230e9f7339b35ead594f"], 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="800000000802110000010802110000000802110000000000000000000000000064000100000602ec010aff02010882848b960c1218241ee91208a7003740a4c231230e9f7339b35ead594f"], 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async)

02:37:03 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xe2c, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1124.107888][T20433] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:04 executing program 2:
r0 = syz_io_uring_setup(0x3ede, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000100))
io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x17, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)

[ 1124.276339][T20435] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1124.288453][T20433] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:04 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x32}, 0x9c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)

[ 1124.380207][T20437] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1124.397348][T20438] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1124.452510][T20435] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:04 executing program 3:
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
write$tcp_congestion(r0, &(0x7f0000000180)='reno\x00', 0x3fffff)

02:37:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async, rerun: 64)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) (async, rerun: 64)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="800000000802110000010802110000000802110000000000000000000000000064000100000602ec010aff02010882848b960c1218241ee91208a7003740a4c231230e9f7339b35ead594f"], 0x36) (async, rerun: 64)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async, rerun: 64)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:04 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x0)
r4 = dup2(r3, r2)
sendmmsg$alg(r4, &(0x7f0000002e40)=[{0xeffdffff00000000, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="a7", 0x1}], 0x1}], 0x7ffff000, 0x0)

02:37:04 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4008ae89, &(0x7f0000000640)={"06000000dd245c8449000000c9c8dc1964325fa96fa42b76030000402bec0ba41f0725003a40c8a4024d564b3b00041f09ffff80003c5ca2c2000000ee3778baece6b88378e3d63a0e000040361d264ffa8b46485f02baee010100c04252066178868d1ef4b5ffff5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10000174a3ac8694525a7e8c499a573577736800000000000008f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa006a832d309fcda5bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478fbe65449b404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df1e7c9c71bc08a282fc2c142856b5e69aff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684364673dcfa9235ea5a2ff23c4bb5c5acb2e8976dcac779ff000000000000003d185afe28b774b99d38c90937428617de4cdd6f53c419ce31054182fd898af706f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e9605ab8c3c43840abd17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba16f70f558b2246ad95ccf7d3f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a800655d127de6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019be5fe12a33caf9dd8768ddbc02a484c345c3efb254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f47692613e28387e955722908dd88b863c8e1af3cc50815b6f070072975af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047666865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffb7e7603970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8fdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})

02:37:04 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xe34, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1124.872758][T20454] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:04 executing program 3:
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
write$tcp_congestion(r0, &(0x7f0000000180)='reno\x00', 0x3fffff)

02:37:04 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x0)
r4 = dup2(r3, r2)
sendmmsg$alg(r4, &(0x7f0000002e40)=[{0xeffdffff00000000, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="a7", 0x1}], 0x1}], 0x7ffff000, 0x0)

[ 1124.975586][T20462] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1125.128863][T20467] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1125.140394][T20468] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1125.216380][T20462] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1125.227356][T20467] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:05 executing program 3:
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
write$tcp_congestion(r0, &(0x7f0000000180)='reno\x00', 0x3fffff)

02:37:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) (async)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) (async)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:05 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xe3c, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1125.677259][T20480] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1125.764912][T20482] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1125.813451][T20482] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:05 executing program 3:
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
write$tcp_congestion(r0, &(0x7f0000000180)='reno\x00', 0x3fffff)

02:37:05 executing program 4:
r0 = memfd_create(&(0x7f0000000200)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdI\x83\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xe2{\xfd\x8a\xb4\x8e\x9c\xfb\xf6\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4y', 0x0)
r1 = dup(r0)
write$cgroup_pid(r1, &(0x7f0000000040)=0xffffffffffffffff, 0xe)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0)
sendfile(r0, r1, &(0x7f0000000100), 0x6c03)
rt_sigtimedwait(&(0x7f00000000c0), 0x0, &(0x7f00000004c0), 0x8)

[ 1125.859879][T20482] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:05 executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1126.176164][T20490] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1126.241365][T20490] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:06 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x0)
r4 = dup2(r3, r2)
sendmmsg$alg(r4, &(0x7f0000002e40)=[{0xeffdffff00000000, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="a7", 0x1}], 0x1}], 0x7ffff000, 0x0)

02:37:06 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xe44, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:06 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0003}]})
select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180))

02:37:06 executing program 4:
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @raw_data="7bd9d1eceb284f67424138311f64b2031b718ab1449c95894d820affb75c63afe8bacf4570ae7d4e3d6c9b4f2c8598709f9238b647adbb4ced1d732bf232383f2b4f82e90d6470ae5bfa0bc721f20b7da932782a25868a61c7d6b4c25a4f5b7e8bdda1f14ac8bed68d6858aa6aa2d09e0d2bbca9bc3a1f2523062fbc7716514f46d7fdca49bd3f38a3286ce746b2b30be1d0a42d4d6a286c8ebbf6903c0480c2cc68450831743faea0346a1d923478feefbf8164a3ec1bedee55722e9c0b71f84d21fdf02740285c"})

02:37:06 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x80}, 0x8)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e23, @empty}], 0x10)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)={0x0, 0x6bd3}, 0x5865)

[ 1127.078735][T20497] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1127.166068][T20503] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1127.240848][T20497] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:07 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x0)
r4 = dup2(r3, r2)
sendmmsg$alg(r4, &(0x7f0000002e40)=[{0xeffdffff00000000, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="a7", 0x1}], 0x1}], 0x7ffff000, 0x0)

02:37:07 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
connect$rds(r0, &(0x7f0000001500)={0x2, 0x0, @multicast1}, 0x10)

02:37:07 executing program 4:
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @raw_data="7bd9d1eceb284f67424138311f64b2031b718ab1449c95894d820affb75c63afe8bacf4570ae7d4e3d6c9b4f2c8598709f9238b647adbb4ced1d732bf232383f2b4f82e90d6470ae5bfa0bc721f20b7da932782a25868a61c7d6b4c25a4f5b7e8bdda1f14ac8bed68d6858aa6aa2d09e0d2bbca9bc3a1f2523062fbc7716514f46d7fdca49bd3f38a3286ce746b2b30be1d0a42d4d6a286c8ebbf6903c0480c2cc68450831743faea0346a1d923478feefbf8164a3ec1bedee55722e9c0b71f84d21fdf02740285c"})

02:37:07 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x80}, 0x8)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e23, @empty}], 0x10)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)={0x0, 0x6bd3}, 0x5865)

02:37:07 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xe4c, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:07 executing program 3:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x80}, 0x8)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e23, @empty}], 0x10)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)={0x0, 0x6bd3}, 0x5865)

[ 1127.749057][T20515] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1127.859741][T20515] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1127.890323][T20515] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:07 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x80}, 0x8)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e23, @empty}], 0x10)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)={0x0, 0x6bd3}, 0x5865)

02:37:09 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x0)
r4 = dup2(r3, r2)
sendmmsg$alg(r4, &(0x7f0000002e40)=[{0xeffdffff00000000, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="a7", 0x1}], 0x1}], 0x7ffff000, 0x0)

02:37:09 executing program 3:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x80}, 0x8)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e23, @empty}], 0x10)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)={0x0, 0x6bd3}, 0x5865)

02:37:09 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xe54, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:09 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x80}, 0x8)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e23, @empty}], 0x10)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)={0x0, 0x6bd3}, 0x5865)

02:37:09 executing program 4:
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @raw_data="7bd9d1eceb284f67424138311f64b2031b718ab1449c95894d820affb75c63afe8bacf4570ae7d4e3d6c9b4f2c8598709f9238b647adbb4ced1d732bf232383f2b4f82e90d6470ae5bfa0bc721f20b7da932782a25868a61c7d6b4c25a4f5b7e8bdda1f14ac8bed68d6858aa6aa2d09e0d2bbca9bc3a1f2523062fbc7716514f46d7fdca49bd3f38a3286ce746b2b30be1d0a42d4d6a286c8ebbf6903c0480c2cc68450831743faea0346a1d923478feefbf8164a3ec1bedee55722e9c0b71f84d21fdf02740285c"})

[ 1130.140779][T20533] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1130.368050][T20539] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:10 executing program 3:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x80}, 0x8)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e23, @empty}], 0x10)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)={0x0, 0x6bd3}, 0x5865)

02:37:10 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x0)
r4 = dup2(r3, r2)
sendmmsg$alg(r4, &(0x7f0000002e40)=[{0xeffdffff00000000, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="a7", 0x1}], 0x1}], 0x7ffff000, 0x0)

02:37:10 executing program 4:
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @raw_data="7bd9d1eceb284f67424138311f64b2031b718ab1449c95894d820affb75c63afe8bacf4570ae7d4e3d6c9b4f2c8598709f9238b647adbb4ced1d732bf232383f2b4f82e90d6470ae5bfa0bc721f20b7da932782a25868a61c7d6b4c25a4f5b7e8bdda1f14ac8bed68d6858aa6aa2d09e0d2bbca9bc3a1f2523062fbc7716514f46d7fdca49bd3f38a3286ce746b2b30be1d0a42d4d6a286c8ebbf6903c0480c2cc68450831743faea0346a1d923478feefbf8164a3ec1bedee55722e9c0b71f84d21fdf02740285c"})

02:37:10 executing program 0:
r0 = socket$inet6(0xa, 0x5, 0x0)
shutdown(r0, 0x0)
setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @remote, 0x1}], 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x40}, 0x1c)

[ 1131.184560][T20549] syz-executor.0 (20549) used greatest stack depth: 21760 bytes left
02:37:11 executing program 0:
add_key$user(&(0x7f0000001080), &(0x7f00000010c0)={'syz', 0x3}, &(0x7f0000001100)='P', 0x1, 0xfffffffffffffffd)

[ 1131.245015][ T2880] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
02:37:11 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r3)
getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800000010000507000004000000000000000000", @ANYRES32=r4, @ANYBLOB="0000200000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=ANY=[@ANYBLOB="3000000024001d0f3a61aa51acb1d58f1a43ca38", @ANYRES32=r4, @ANYBLOB="00000000f1ffffff000000000b000100636c73616374"], 0x30}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@delchain={0x50, 0x64, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff2, 0xffff}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x1c, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}]}}]}, 0x50}}, 0x0)

[ 1131.589529][ T2880] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
02:37:11 executing program 4:
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)
mlock(&(0x7f0000fff000/0x1000)=nil, 0x1000)
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1)

[ 1131.900658][ T2880] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1132.074478][T20560] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1132.243546][ T2880] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1133.389660][ T2880] hsr_slave_0: left promiscuous mode
[ 1133.410746][ T2880] hsr_slave_1: left promiscuous mode
[ 1133.485666][ T2880] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1133.497890][ T2880] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1133.537979][ T2880] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1133.570951][ T2880] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1133.656786][ T2880] bridge_slave_1: left allmulticast mode
[ 1133.668761][ T2880] bridge_slave_1: left promiscuous mode
[ 1133.694202][ T2880] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1133.794210][ T2880] bridge_slave_0: left allmulticast mode
[ 1133.809256][ T2880] bridge_slave_0: left promiscuous mode
[ 1133.845647][ T2880] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1134.093609][ T2880] veth1_macvtap: left promiscuous mode
[ 1134.099304][ T2880] veth0_macvtap: left promiscuous mode
[ 1134.141513][ T2880] veth1_vlan: left promiscuous mode
[ 1134.169653][ T2880] veth0_vlan: left promiscuous mode
02:37:13 executing program 0:
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pipe2$9p(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x4800)
write$binfmt_script(r2, &(0x7f0000000080)={'#! ', './file0'}, 0xb)
splice(r1, 0x0, r0, 0x0, 0x8ca, 0x0)

02:37:13 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000100)=@newsa={0x184, 0x10, 0x1, 0x0, 0x0, {{@in=@multicast1, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@loopback, 0x0, 0x6c}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'michael_mic-generic\x00'}}}, @algo_comp={0x48, 0x3, {{'lzjh\x00'}}}]}, 0x184}}, 0x0)

[ 1134.264474][T20583] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1134.752671][ T5063] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1134.763898][ T5063] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1134.773938][ T5063] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1134.781673][ T5063] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 1134.789338][ T5063] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1135.181812][ T2880] team0 (unregistering): Port device team_slave_1 removed
[ 1135.212266][ T2880] team0 (unregistering): Port device team_slave_0 removed
[ 1135.238037][ T2880] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1135.256166][ T2880] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1135.414974][ T2880] bond0 (unregistering): Released all slaves
[ 1135.774652][T20585] chnl_net:caif_netlink_parms(): no params data found
[ 1135.967156][T20585] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1136.001463][T20585] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1136.010388][T20585] bridge_slave_0: entered allmulticast mode
[ 1136.017593][T20585] bridge_slave_0: entered promiscuous mode
[ 1136.025877][T20585] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1136.033193][T20585] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1136.040431][T20585] bridge_slave_1: entered allmulticast mode
[ 1136.047558][T20585] bridge_slave_1: entered promiscuous mode
[ 1136.099033][T20585] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1136.145566][T20585] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1136.300896][T20585] team0: Port device team_slave_0 added
[ 1136.326562][T20585] team0: Port device team_slave_1 added
[ 1136.427969][T20585] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1136.440507][T20585] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1136.539214][T20585] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1136.602711][T20585] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1136.633965][T20585] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1136.703502][T20585] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1136.863373][ T5063] Bluetooth: hci1: command 0x0409 tx timeout
[ 1136.877227][T20585] hsr_slave_0: entered promiscuous mode
[ 1136.894025][T20585] hsr_slave_1: entered promiscuous mode
[ 1136.929364][T20585] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1136.943405][T20585] Cannot create hsr debugfs directory
[ 1138.472017][T20585] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1138.506988][T20585] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1138.538453][T20585] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1138.576169][T20585] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1138.793788][T20585] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1138.845152][T20585] 8021q: adding VLAN 0 to HW filter on device team0
[ 1138.878318][  T917] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1138.885496][  T917] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1138.927951][  T917] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1138.935116][  T917] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1138.943250][ T5063] Bluetooth: hci1: command 0x041b tx timeout
[ 1139.030797][T20585] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1139.082532][T20585] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1139.180128][T20585] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1139.290442][T20585] veth0_vlan: entered promiscuous mode
[ 1139.321923][T20585] veth1_vlan: entered promiscuous mode
[ 1139.397973][T20585] veth0_macvtap: entered promiscuous mode
[ 1139.429111][T20585] veth1_macvtap: entered promiscuous mode
[ 1139.478962][T20585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1139.513174][T20585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1139.533773][T20585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1139.563691][T20585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1139.593528][T20585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1139.619377][T20585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1139.644086][T20585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1139.683070][T20585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1139.703460][T20585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1139.733119][T20585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1139.754626][T20585] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1139.812136][T20585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1139.843084][T20585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1139.873636][T20585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1139.904803][T20585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1139.933127][T20585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1139.953037][T20585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1139.962901][T20585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1139.975327][T20585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1139.993007][T20585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1140.023003][T20585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1140.044817][T20585] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1140.071715][T20585] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1140.103126][T20585] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1140.112075][T20585] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1140.143789][T20585] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1140.294199][T13170] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1140.302073][T13170] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1140.357395][T13170] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1140.365894][T13170] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1140.524596][T20651] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1140.576765][T20651] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1140.632146][T20651] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:20 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xe5c, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:20 executing program 4:
r0 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_qrtr_TIOCOUTQ(r0, 0x5411, &(0x7f0000000080))

02:37:20 executing program 5:
socketpair$unix(0xa, 0x5, 0x0, &(0x7f0000004180))

02:37:20 executing program 0:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x9, 0x0)
open(&(0x7f0000000400)='./file0\x00', 0x41e002, 0x0)

02:37:20 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000000)=@gcm_256={{}, "a6fb7ac66d4c00d5", "a8a9cf5139b73b0eb3b8621193960b357469231d6643be1501de71de4193149b", "86645cf8", "4032133a5b72c631"}, 0x38)

02:37:20 executing program 2:
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TLS_TX(r0, 0x11e, 0x1, 0x0, 0x0)

02:37:20 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44040)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
r2 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
getresgid(0x0, &(0x7f0000008380), 0x0)
ftruncate(r2, 0x800)
lseek(r2, 0x200, 0x0)
r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0)
fanotify_mark(r1, 0x20, 0x0, r2, &(0x7f0000000100)='./bus\x00')
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001b40)={{{@in6=@mcast1, @in=@dev}}, {{}, 0x0, @in=@remote}}, 0x0)
sendfile(r2, r4, 0x0, 0x1f607)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
openat$cgroup_subtree(r5, &(0x7f00000001c0), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000003d80)={0x2020}, 0x2020)
r6 = open(0x0, 0x0, 0x0)
openat$cgroup_subtree(r6, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x5)
sendmmsg$unix(r5, 0x0, 0x0, 0x1800)

02:37:20 executing program 2:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x2}}, 0x20)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="10000000246837f73199aee6fdb9291b3091ec1a2d41d227975ad8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3)

[ 1141.023328][ T5063] Bluetooth: hci1: command 0x040f tx timeout
02:37:20 executing program 0:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000040)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e24, 0x0, @loopback}, r1}}, 0x30)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f0000000040)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e24, 0x0, @loopback}, r3}}, 0x30)

02:37:20 executing program 4:
syz_open_dev$sndpcmp(&(0x7f0000001680), 0x0, 0x0)
io_setup(0x3, &(0x7f0000000180)=<r0=>0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
io_submit(r0, 0x1, &(0x7f0000002340)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x8, 0x0, r1, 0x0}])

02:37:20 executing program 5:
r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0)
read$FUSE(r0, &(0x7f0000002240)={0x2020}, 0x2020)
writev(r0, &(0x7f00000021c0)=[{&(0x7f0000002200)='\x00\x00\x00\x00', 0x4}], 0x1)

[ 1141.129129][T20675] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1141.179003][T20675] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1141.236280][T20675] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:21 executing program 2:
syz_usb_connect(0x0, 0x2d, &(0x7f0000001d80)=ANY=[@ANYBLOB="1201000009980708b5192100c7980000000109021b000120000000090400000107000000090585cf"], 0x0)

02:37:21 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xe64, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:21 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x18, 0x1, 0x7, 0x301, 0x0, 0x0, {}, [@NFACCT_FILTER={0x4}]}, 0x18}}, 0x0)

02:37:21 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000080), 0x8, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000080), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

02:37:21 executing program 0:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[], 0xe1)
r1 = open(&(0x7f0000000180)='./bus\x00', 0x12103e, 0x0)
copy_file_range(r1, 0x0, r1, 0x0, 0xb2, 0x0)

02:37:21 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x6, 0x0, &(0x7f0000000500)=0x8300)

02:37:21 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e23, @empty}], 0x10)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000080)={0x0, @in={{0x2, 0x0, @empty}}}, 0x90)

[ 1141.696450][T13170] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[ 1141.741661][T20708] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1141.751768][    T7] kworker/dying (7) used greatest stack depth: 21536 bytes left
[ 1141.870185][T20714] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1141.962010][T20708] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1141.973160][T13170] usb 3-1: Using ep0 maxpacket: 8
[ 1142.103787][T13170] usb 3-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
02:37:21 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44040)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
r2 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
getresgid(0x0, &(0x7f0000008380), 0x0)
ftruncate(r2, 0x800)
lseek(r2, 0x200, 0x0)
r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0)
fanotify_mark(r1, 0x20, 0x0, r2, &(0x7f0000000100)='./bus\x00')
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001b40)={{{@in6=@mcast1, @in=@dev}}, {{}, 0x0, @in=@remote}}, 0x0)
sendfile(r2, r4, 0x0, 0x1f607)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
openat$cgroup_subtree(r5, &(0x7f00000001c0), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000003d80)={0x2020}, 0x2020)
r6 = open(0x0, 0x0, 0x0)
openat$cgroup_subtree(r6, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x5)
sendmmsg$unix(r5, 0x0, 0x0, 0x1800)

02:37:21 executing program 4:
openat$snapshot(0xffffffffffffff9c, &(0x7f0000001240), 0x0, 0x0)
syz_open_dev$mouse(&(0x7f00000012c0), 0x0, 0x0)

[ 1142.144364][T13170] usb 3-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1142.244050][T13170] usb 3-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
02:37:22 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xe6c, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1142.310718][T13170] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
02:37:22 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44040)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
r2 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
getresgid(0x0, &(0x7f0000008380), 0x0)
ftruncate(r2, 0x800)
lseek(r2, 0x200, 0x0)
r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0)
fanotify_mark(r1, 0x20, 0x0, r2, &(0x7f0000000100)='./bus\x00')
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001b40)={{{@in6=@mcast1, @in=@dev}}, {{}, 0x0, @in=@remote}}, 0x0)
sendfile(r2, r4, 0x0, 0x1f607)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
openat$cgroup_subtree(r5, &(0x7f00000001c0), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000003d80)={0x2020}, 0x2020)
r6 = open(0x0, 0x0, 0x0)
openat$cgroup_subtree(r6, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x5)
sendmmsg$unix(r5, 0x0, 0x0, 0x1800)

[ 1142.455640][T13170] hub 3-1:32.0: USB hub found
02:37:22 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000080), 0x8, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000080), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

[ 1142.568882][T20724] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1142.607026][T20724] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1142.664087][T20724] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1142.703328][T13170] hub 3-1:32.0: config failed, can't read hub descriptor (err -22)
[ 1142.845167][T13170] usb 3-1: USB disconnect, device number 42
[ 1143.103179][ T5063] Bluetooth: hci1: command 0x0419 tx timeout
02:37:22 executing program 2:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e23, @empty}], 0x10)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000080)={0x0, @in={{0x2, 0x0, @empty}}}, 0x90)

02:37:22 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e23, @empty}], 0x10)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000080)={0x0, @in={{0x2, 0x0, @empty}}}, 0x90)

02:37:22 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xe74, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1143.229358][T20735] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1143.308427][T20739] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1143.419707][T20735] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:23 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e23, @empty}], 0x10)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000080)={0x0, @in={{0x2, 0x0, @empty}}}, 0x90)

02:37:23 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44040)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
r2 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
getresgid(0x0, &(0x7f0000008380), 0x0)
ftruncate(r2, 0x800)
lseek(r2, 0x200, 0x0)
r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0)
fanotify_mark(r1, 0x20, 0x0, r2, &(0x7f0000000100)='./bus\x00')
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001b40)={{{@in6=@mcast1, @in=@dev}}, {{}, 0x0, @in=@remote}}, 0x0)
sendfile(r2, r4, 0x0, 0x1f607)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
openat$cgroup_subtree(r5, &(0x7f00000001c0), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000003d80)={0x2020}, 0x2020)
r6 = open(0x0, 0x0, 0x0)
openat$cgroup_subtree(r6, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x5)
sendmmsg$unix(r5, 0x0, 0x0, 0x1800)

02:37:23 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xe7c, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:23 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000080), 0x8, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000080), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

02:37:23 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44040)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
r2 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
getresgid(0x0, &(0x7f0000008380), 0x0)
ftruncate(r2, 0x800)
lseek(r2, 0x200, 0x0)
r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0)
fanotify_mark(r1, 0x20, 0x0, r2, &(0x7f0000000100)='./bus\x00')
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001b40)={{{@in6=@mcast1, @in=@dev}}, {{}, 0x0, @in=@remote}}, 0x0)
sendfile(r2, r4, 0x0, 0x1f607)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
openat$cgroup_subtree(r5, &(0x7f00000001c0), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000003d80)={0x2020}, 0x2020)
r6 = open(0x0, 0x0, 0x0)
openat$cgroup_subtree(r6, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x5)
sendmmsg$unix(r5, 0x0, 0x0, 0x1800)

[ 1144.033844][T20746] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1144.113779][T20748] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1144.191223][T20746] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:24 executing program 2:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e23, @empty}], 0x10)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000080)={0x0, @in={{0x2, 0x0, @empty}}}, 0x90)

02:37:24 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e23, @empty}], 0x10)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000080)={0x0, @in={{0x2, 0x0, @empty}}}, 0x90)

02:37:24 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xea4, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1144.697125][T20765] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1144.752082][T20765] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1144.818829][T20765] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:24 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e285f53c185dc147a6eace8eac9a007acec49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000008000000006fa03c64689720890700000000000000db5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0f8a1ae6dc64ea97c0af60fd6ad9b97aa5fa684a0366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d645ffff9c4d2ec7c32f207a6aa279f15147decf59fa86e295e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f7b87b0131394e9f620034b1a0476072a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000b52600007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870cefd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feadf8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d80c6bf4d652b6946c216c1f895778cb25122a2a998de44aeadea2a40da8daccf0808420900721737390cbf3a74cbbf66f5c51514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c4370b2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f7638600005bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e809ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12e83c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2a2f1f54e0e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e10dbde110934256c5cdaca9e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
linkat(r2, &(0x7f0000000180)='./file1\x00', r2, &(0x7f0000000640)='./bus\x00', 0x0)
unlinkat(r2, &(0x7f00000001c0)='./bus\x00', 0x0)

02:37:24 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0xeac, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1145.249403][T20767] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1145.296336][T20767] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:25 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e285f53c185dc147a6eace8eac9a007acec49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000008000000006fa03c64689720890700000000000000db5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0f8a1ae6dc64ea97c0af60fd6ad9b97aa5fa684a0366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d645ffff9c4d2ec7c32f207a6aa279f15147decf59fa86e295e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f7b87b0131394e9f620034b1a0476072a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000b52600007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870cefd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feadf8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d80c6bf4d652b6946c216c1f895778cb25122a2a998de44aeadea2a40da8daccf0808420900721737390cbf3a74cbbf66f5c51514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c4370b2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f7638600005bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e809ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12e83c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2a2f1f54e0e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e10dbde110934256c5cdaca9e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
linkat(r2, &(0x7f0000000180)='./file1\x00', r2, &(0x7f0000000640)='./bus\x00', 0x0)
unlinkat(r2, &(0x7f00000001c0)='./bus\x00', 0x0)

02:37:25 executing program 2:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e23, @empty}], 0x10)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000080)={0x0, @in={{0x2, 0x0, @empty}}}, 0x90)

02:37:25 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44040)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
r2 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
getresgid(0x0, &(0x7f0000008380), 0x0)
ftruncate(r2, 0x800)
lseek(r2, 0x200, 0x0)
r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0)
fanotify_mark(r1, 0x20, 0x0, r2, &(0x7f0000000100)='./bus\x00')
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001b40)={{{@in6=@mcast1, @in=@dev}}, {{}, 0x0, @in=@remote}}, 0x0)
sendfile(r2, r4, 0x0, 0x1f607)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
openat$cgroup_subtree(r5, &(0x7f00000001c0), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000003d80)={0x2020}, 0x2020)
r6 = open(0x0, 0x0, 0x0)
openat$cgroup_subtree(r6, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x5)
sendmmsg$unix(r5, 0x0, 0x0, 0x1800)

02:37:25 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44040)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
r2 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
getresgid(0x0, &(0x7f0000008380), 0x0)
ftruncate(r2, 0x800)
lseek(r2, 0x200, 0x0)
r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0)
fanotify_mark(r1, 0x20, 0x0, r2, &(0x7f0000000100)='./bus\x00')
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001b40)={{{@in6=@mcast1, @in=@dev}}, {{}, 0x0, @in=@remote}}, 0x0)
sendfile(r2, r4, 0x0, 0x1f607)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
openat$cgroup_subtree(r5, &(0x7f00000001c0), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000003d80)={0x2020}, 0x2020)
r6 = open(0x0, 0x0, 0x0)
openat$cgroup_subtree(r6, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x5)
sendmmsg$unix(r5, 0x0, 0x0, 0x1800)

02:37:25 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000080), 0x8, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000080), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

02:37:25 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e285f53c185dc147a6eace8eac9a007acec49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000008000000006fa03c64689720890700000000000000db5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0f8a1ae6dc64ea97c0af60fd6ad9b97aa5fa684a0366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d645ffff9c4d2ec7c32f207a6aa279f15147decf59fa86e295e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f7b87b0131394e9f620034b1a0476072a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000b52600007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870cefd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feadf8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d80c6bf4d652b6946c216c1f895778cb25122a2a998de44aeadea2a40da8daccf0808420900721737390cbf3a74cbbf66f5c51514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c4370b2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f7638600005bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e809ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12e83c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2a2f1f54e0e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e10dbde110934256c5cdaca9e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
linkat(r2, &(0x7f0000000180)='./file1\x00', r2, &(0x7f0000000640)='./bus\x00', 0x0)
unlinkat(r2, &(0x7f00000001c0)='./bus\x00', 0x0)

02:37:25 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x5, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:25 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e285f53c185dc147a6eace8eac9a007acec49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000008000000006fa03c64689720890700000000000000db5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0f8a1ae6dc64ea97c0af60fd6ad9b97aa5fa684a0366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d645ffff9c4d2ec7c32f207a6aa279f15147decf59fa86e295e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f7b87b0131394e9f620034b1a0476072a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000b52600007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870cefd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feadf8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d80c6bf4d652b6946c216c1f895778cb25122a2a998de44aeadea2a40da8daccf0808420900721737390cbf3a74cbbf66f5c51514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c4370b2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f7638600005bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e809ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12e83c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2a2f1f54e0e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e10dbde110934256c5cdaca9e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
linkat(r2, &(0x7f0000000180)='./file1\x00', r2, &(0x7f0000000640)='./bus\x00', 0x0)
unlinkat(r2, &(0x7f00000001c0)='./bus\x00', 0x0)

[ 1145.934169][T20788] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:25 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e285f53c185dc147a6eace8eac9a007acec49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000008000000006fa03c64689720890700000000000000db5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0f8a1ae6dc64ea97c0af60fd6ad9b97aa5fa684a0366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d645ffff9c4d2ec7c32f207a6aa279f15147decf59fa86e295e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f7b87b0131394e9f620034b1a0476072a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000b52600007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870cefd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feadf8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d80c6bf4d652b6946c216c1f895778cb25122a2a998de44aeadea2a40da8daccf0808420900721737390cbf3a74cbbf66f5c51514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c4370b2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f7638600005bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e809ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12e83c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2a2f1f54e0e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e10dbde110934256c5cdaca9e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
linkat(r2, &(0x7f0000000180)='./file1\x00', r2, &(0x7f0000000640)='./bus\x00', 0x0)
unlinkat(r2, &(0x7f00000001c0)='./bus\x00', 0x0)

[ 1146.048063][T20788] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:26 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e285f53c185dc147a6eace8eac9a007acec49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000008000000006fa03c64689720890700000000000000db5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0f8a1ae6dc64ea97c0af60fd6ad9b97aa5fa684a0366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d645ffff9c4d2ec7c32f207a6aa279f15147decf59fa86e295e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f7b87b0131394e9f620034b1a0476072a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000b52600007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870cefd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feadf8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d80c6bf4d652b6946c216c1f895778cb25122a2a998de44aeadea2a40da8daccf0808420900721737390cbf3a74cbbf66f5c51514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c4370b2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f7638600005bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e809ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12e83c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2a2f1f54e0e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e10dbde110934256c5cdaca9e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
linkat(r2, &(0x7f0000000180)='./file1\x00', r2, &(0x7f0000000640)='./bus\x00', 0x0)
unlinkat(r2, &(0x7f00000001c0)='./bus\x00', 0x0)

02:37:26 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e285f53c185dc147a6eace8eac9a007acec49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000008000000006fa03c64689720890700000000000000db5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0f8a1ae6dc64ea97c0af60fd6ad9b97aa5fa684a0366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d645ffff9c4d2ec7c32f207a6aa279f15147decf59fa86e295e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f7b87b0131394e9f620034b1a0476072a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000b52600007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870cefd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feadf8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d80c6bf4d652b6946c216c1f895778cb25122a2a998de44aeadea2a40da8daccf0808420900721737390cbf3a74cbbf66f5c51514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c4370b2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f7638600005bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e809ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12e83c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2a2f1f54e0e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e10dbde110934256c5cdaca9e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
linkat(r2, &(0x7f0000000180)='./file1\x00', r2, &(0x7f0000000640)='./bus\x00', 0x0)
unlinkat(r2, &(0x7f00000001c0)='./bus\x00', 0x0)

02:37:26 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x6, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:26 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xf8, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, [@tmpl={0x44, 0x5, [{{@in=@dev}, 0x0, @in=@remote, 0x0, 0x5}]}]}, 0xf8}}, 0x0)

02:37:26 executing program 0:
r0 = openat$fb0(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)={0x3c0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[ 1146.627874][T20801] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1146.696363][T20801] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:26 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x4}}}, @IFLA_ADDRESS={0xc, 0x1, @local}]}, 0x44}}, 0x0)

02:37:26 executing program 0:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000400)={0x0, 0x0, 0x80000001, 0x0, 0x0, "33215141f1450a14a7ce5e13e1e6f653a73591"})
ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000080)=0xe1da)
ioctl$TCXONC(r0, 0x540a, 0x0)
ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "f24ae18204ec9ae8ceb098b5f8d3f37978b849"})

02:37:26 executing program 2:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/unix\x00')
r1 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r1, &(0x7f0000000340)=@file={0x1, './file0\x00'}, 0x6e)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000000100)=""/236, 0xec}], 0x1, 0x0, 0x0)

02:37:26 executing program 3:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x2, 0xd, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private1}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}, @sadb_x_policy={0x8, 0x12, 0x2, 0x2, 0x0, 0x0, 0x0, {0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@rand_addr=' \x01\x00'}}, @sadb_lifetime={0x4, 0x4}]}, 0xc0}}, 0x0)

02:37:26 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_REG_ADDR_MIN={0x8, 0x5, 0x1, 0x0, 0xb}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_NAT_TYPE={0x8}]}}}]}]}], {0x14}}, 0x80}}, 0x0)

02:37:26 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x8, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:26 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x16}]})
syz_open_procfs(0xffffffffffffffff, 0x0)
creat(&(0x7f0000000100)='./file0\x00', 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

02:37:26 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000680)={'gre0\x00', &(0x7f00000005c0)=ANY=[@ANYBLOB="73797a746e48e15b68426c3100005f5b", @ANYRES32=0x0, @ANYBLOB="21000000000000000000000045e1ff1300000000002f"]})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000040)={'gre0\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="fdf11d3a000000a9bba4a049870400d8", @ANYRES32=0x0, @ANYRES32]})

[ 1147.180907][   T27] audit: type=1326 audit(1689907046.940:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20813 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc0579 code=0x0
02:37:27 executing program 3:
r0 = openat$damon_schemes(0xffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$damon_schemes(r0, 0x0, 0x0)

02:37:27 executing program 4:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f00006d0000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000100)=0xfffffffffffffff7, 0x5, 0x3)

[ 1147.221628][T20818] netlink: 'syz-executor.1': attribute type 8 has an invalid length.
02:37:27 executing program 2:
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)

[ 1147.304933][T20818] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1147.332392][T20818] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:27 executing program 3:
r0 = openat$damon_schemes(0xffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$damon_schemes(r0, 0x0, 0x0)

02:37:27 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x6, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'wg2\x00'}, 0x18)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYBLOB="9b55de29856fbae583bd71f37c66003e955141e9050000e2ff00000186a73502df89029c8428c2"], 0x208e24b)
mmap(&(0x7f0000ab6000/0x1000)=nil, 0x1000, 0x2000008, 0x10, r3, 0x7000)
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r3, 0x80045700, &(0x7f00000001c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
signalfd(r3, &(0x7f0000000100)={[0x4]}, 0x8)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000040))
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @ioapic={0xd000, 0x0, 0x0, 0x2, 0x0, [{}, {}, {0x1}, {0x3, 0x0, 0x0, '\x00', 0x2}, {}, {}, {}, {}, {0x0, 0xfe}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x20}, {0x0, 0x0, 0x7a, '\x00', 0xff}, {0x80, 0x40}, {0x0, 0x5b}, {0x0, 0x0, 0x3, '\x00', 0x9}, {}, {0x0, 0x0, 0xfd}, {0x0, 0x0, 0x10}, {0xdd}]}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

02:37:27 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000700)={0xfc, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_FWMARK={0x8}, @WGDEVICE_A_LISTEN_PORT={0x6}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_PEERS={0xbc, 0x8, 0x0, 0x1, [{0xb8, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x90, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x3}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x3}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x2}}]}, {0x4}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}]}]}]}, 0xfc}}, 0x0)

02:37:27 executing program 3:
r0 = openat$damon_schemes(0xffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$damon_schemes(r0, 0x0, 0x0)

[ 1147.550773][T20838] IPVS: sync thread started: state = BACKUP, mcast_ifn = wg2, syncid = 0, id = 0
02:37:27 executing program 2:
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000002600)=0x2001, 0x4)

02:37:27 executing program 3:
r0 = openat$damon_schemes(0xffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$damon_schemes(r0, 0x0, 0x0)

02:37:27 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x9, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1147.819038][T20849] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1147.860912][T20849] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:27 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x78, 0x0, 0x0)

02:37:27 executing program 4:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f00006d0000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000100)=0xfffffffffffffff7, 0x5, 0x3)

02:37:27 executing program 3:
prlimit64(0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpgrp(r0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000cc0), 0xc, 0x0}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000c80)=0x9)
r3 = socket$netlink(0x10, 0x3, 0x0)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)=""/83, 0x53}], 0x1}, 0x0)
r4 = gettid()
sched_setaffinity(r4, 0x8, &(0x7f0000000400)=0x1)
getrlimit(0x2, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bca75fdc7accc038baafb8c2ab7a520700617fc6d0e1c4bf2781", @ANYRES32=0x0, @ANYBLOB], 0x40}}, 0x0)

02:37:27 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000200)=ANY=[], 0x18eb96b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x28011, r2, 0x0)
sendfile(r2, 0xffffffffffffffff, &(0x7f00000000c0)=0x1, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="2321202e2f66696c6530202f6465762f6b766d0020626c6aa56b696f2e6266712e696f5f776169745f74696d65000a102015fe354d8b5b61ea43cfa49018d0839df868aba7f6f364"], 0x79)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

02:37:27 executing program 5:
mkdir(&(0x7f0000000100)='./file0\x00', 0x21)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
open(0x0, 0x0, 0xada66a977c02d739)
writev(0xffffffffffffffff, &(0x7f00000001c0), 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8}, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x2)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='veth1_virt_wifi\x00', 0x10)
connect$inet6(r2, &(0x7f0000004540)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000000100), 0x40000c4, 0x0)

02:37:27 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0xa, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:28 executing program 0:
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000100)='0', 0x1}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
openat$cgroup_procs(r0, 0x0, 0x2, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr(&(0x7f0000000300)='./file0\x00', 0x0, &(0x7f0000000380)='@(#\x00', 0x4, 0x0)
ptrace$cont(0xffffffffffffffff, 0x0, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001300090468fe0700000000000000ff3f04000000480100100000000004002b000a00010014a4ee1ee438d2fd000000000000007200", 0x39}], 0x1)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000040)="390000001000111868090707a640000f0021ff3f04000000170a001700000000040037001000030001632564aa58b9a64411f6bbf44dc48f57", 0x39}], 0x1)
ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f00000002c0)=r2)
sched_setscheduler(0x0, 0x0, 0x0)

[ 1148.538022][T20863] wireguard0: entered promiscuous mode
[ 1148.583351][T20863] wireguard0: entered allmulticast mode
[ 1148.619770][T20879] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1148.660937][T20879] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:28 executing program 4:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f00006d0000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000100)=0xfffffffffffffff7, 0x5, 0x3)

[ 1148.921785][T20878] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1148.969007][T20878] gretap0: entered promiscuous mode
[ 1149.182526][T20881] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.0'.
02:37:29 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0xb, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1149.225190][T20881] 0ªX¹¦Dö»: renamed from gretap0
02:37:29 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000200)=ANY=[], 0x18eb96b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x28011, r2, 0x0)
sendfile(r2, 0xffffffffffffffff, &(0x7f00000000c0)=0x1, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="2321202e2f66696c6530202f6465762f6b766d0020626c6aa56b696f2e6266712e696f5f776169745f74696d65000a102015fe354d8b5b61ea43cfa49018d0839df868aba7f6f364"], 0x79)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 1149.312386][T20881] 0ªX¹¦Dö»: left promiscuous mode
[ 1149.329613][T20881] 0ªX¹¦Dö»: entered allmulticast mode
[ 1149.361404][T20881] A link change request failed with some changes committed already. Interface 
c0ªX¹¦Dö» may have been left with an inconsistent configuration, please check.
[ 1149.413095][T20888] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:29 executing program 4:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f00006d0000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000100)=0xfffffffffffffff7, 0x5, 0x3)

02:37:29 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0xe, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:29 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000200)=ANY=[], 0x18eb96b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x28011, r2, 0x0)
sendfile(r2, 0xffffffffffffffff, &(0x7f00000000c0)=0x1, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="2321202e2f66696c6530202f6465762f6b766d0020626c6aa56b696f2e6266712e696f5f776169745f74696d65000a102015fe354d8b5b61ea43cfa49018d0839df868aba7f6f364"], 0x79)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 1150.046847][T20898] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:30 executing program 4:
syz_clone(0x40000000, 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f00000004c0))
sched_setaffinity(0x0, 0x0, 0x0)

02:37:30 executing program 3:
prlimit64(0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpgrp(r0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000cc0), 0xc, 0x0}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000c80)=0x9)
r3 = socket$netlink(0x10, 0x3, 0x0)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)=""/83, 0x53}], 0x1}, 0x0)
r4 = gettid()
sched_setaffinity(r4, 0x8, &(0x7f0000000400)=0x1)
getrlimit(0x2, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bca75fdc7accc038baafb8c2ab7a520700617fc6d0e1c4bf2781", @ANYRES32=0x0, @ANYBLOB], 0x40}}, 0x0)

02:37:30 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0xf, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:30 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x15)
ioctl$TCSETSF2(r0, 0x404c4701, &(0x7f0000000040)={0x2, 0x2, 0x0, 0x0, 0x0, "ebeed70300000000000000960000000800"})

[ 1150.911187][T20916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:30 executing program 0:
prlimit64(0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpgrp(r0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000cc0), 0xc, 0x0}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000c80)=0x9)
r3 = socket$netlink(0x10, 0x3, 0x0)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)=""/83, 0x53}], 0x1}, 0x0)
r4 = gettid()
sched_setaffinity(r4, 0x8, &(0x7f0000000400)=0x1)
getrlimit(0x2, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bca75fdc7accc038baafb8c2ab7a520700617fc6d0e1c4bf2781", @ANYRES32=0x0, @ANYBLOB], 0x40}}, 0x0)

02:37:30 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x67)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000044882, 0x0)
io_setup(0x1, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0xa, &(0x7f0000000100)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0x2, 0x0, 0x0, r1, &(0x7f0000000000)="98", 0x100000, 0x4000}])

02:37:30 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000200)=ANY=[], 0x18eb96b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x28011, r2, 0x0)
sendfile(r2, 0xffffffffffffffff, &(0x7f00000000c0)=0x1, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="2321202e2f66696c6530202f6465762f6b766d0020626c6aa56b696f2e6266712e696f5f776169745f74696d65000a102015fe354d8b5b61ea43cfa49018d0839df868aba7f6f364"], 0x79)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 1151.080844][T20916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1151.357379][T20930] wireguard0: entered promiscuous mode
[ 1151.365826][T20930] wireguard0: entered allmulticast mode
02:37:31 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x10, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:31 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x67)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000044882, 0x0)
io_setup(0x1, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0xa, &(0x7f0000000100)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0x2, 0x0, 0x0, r1, &(0x7f0000000000)="98", 0x100000, 0x4000}])

02:37:31 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000200)=ANY=[], 0x18eb96b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x28011, r2, 0x0)
sendfile(r2, 0xffffffffffffffff, &(0x7f00000000c0)=0x1, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="2321202e2f66696c6530202f6465762f6b766d0020626c6aa56b696f2e6266712e696f5f776169745f74696d65000a102015fe354d8b5b61ea43cfa49018d0839df868aba7f6f364"], 0x79)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

02:37:31 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x67)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000044882, 0x0)
io_setup(0x1, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0xa, &(0x7f0000000100)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0x2, 0x0, 0x0, r1, &(0x7f0000000000)="98", 0x100000, 0x4000}])

[ 1151.704264][T20944] netlink: 'syz-executor.1': attribute type 16 has an invalid length.
[ 1151.760866][T20946] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1151.917494][T20946] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1151.990832][T20927] wireguard0: entered promiscuous mode
[ 1152.069193][T20927] wireguard0: entered allmulticast mode
02:37:32 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x67)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000044882, 0x0)
io_setup(0x1, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0xa, &(0x7f0000000100)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0x2, 0x0, 0x0, r1, &(0x7f0000000000)="98", 0x100000, 0x4000}])

02:37:32 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x11, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1152.908907][T20962] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1153.124594][T20962] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:34 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000200)=ANY=[], 0x18eb96b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x28011, r2, 0x0)
sendfile(r2, 0xffffffffffffffff, &(0x7f00000000c0)=0x1, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="2321202e2f66696c6530202f6465762f6b766d0020626c6aa56b696f2e6266712e696f5f776169745f74696d65000a102015fe354d8b5b61ea43cfa49018d0839df868aba7f6f364"], 0x79)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

02:37:34 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x67)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000044882, 0x0)
io_setup(0x1, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0xa, &(0x7f0000000100)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0x2, 0x0, 0x0, r1, &(0x7f0000000000)="98", 0x100000, 0x4000}])

02:37:34 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000200)=ANY=[], 0x18eb96b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x28011, r2, 0x0)
sendfile(r2, 0xffffffffffffffff, &(0x7f00000000c0)=0x1, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="2321202e2f66696c6530202f6465762f6b766d0020626c6aa56b696f2e6266712e696f5f776169745f74696d65000a102015fe354d8b5b61ea43cfa49018d0839df868aba7f6f364"], 0x79)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

02:37:34 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x13, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:34 executing program 0:
prlimit64(0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpgrp(r0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000cc0), 0xc, 0x0}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000c80)=0x9)
r3 = socket$netlink(0x10, 0x3, 0x0)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)=""/83, 0x53}], 0x1}, 0x0)
r4 = gettid()
sched_setaffinity(r4, 0x8, &(0x7f0000000400)=0x1)
getrlimit(0x2, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bca75fdc7accc038baafb8c2ab7a520700617fc6d0e1c4bf2781", @ANYRES32=0x0, @ANYBLOB], 0x40}}, 0x0)

02:37:34 executing program 3:
prlimit64(0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpgrp(r0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000cc0), 0xc, 0x0}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000c80)=0x9)
r3 = socket$netlink(0x10, 0x3, 0x0)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)=""/83, 0x53}], 0x1}, 0x0)
r4 = gettid()
sched_setaffinity(r4, 0x8, &(0x7f0000000400)=0x1)
getrlimit(0x2, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bca75fdc7accc038baafb8c2ab7a520700617fc6d0e1c4bf2781", @ANYRES32=0x0, @ANYBLOB], 0x40}}, 0x0)

[ 1154.616856][T20970] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1154.705579][T20970] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:34 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x26, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:34 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x67)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000044882, 0x0)
io_setup(0x1, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0xa, &(0x7f0000000100)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0x2, 0x0, 0x0, r1, &(0x7f0000000000)="98", 0x100000, 0x4000}])

[ 1155.198101][T20981] wireguard0: entered promiscuous mode
[ 1155.298340][T20981] wireguard0: entered allmulticast mode
02:37:35 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x67)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000044882, 0x0)
io_setup(0x1, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0xa, &(0x7f0000000100)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0x2, 0x0, 0x0, r1, &(0x7f0000000000)="98", 0x100000, 0x4000}])

[ 1155.466094][T21001] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1155.693401][T21001] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:35 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x67)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000044882, 0x0)
io_setup(0x1, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0xa, &(0x7f0000000100)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0x2, 0x0, 0x0, r1, &(0x7f0000000000)="98", 0x100000, 0x4000}])

02:37:35 executing program 5:
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000ffb000/0x1000)=nil, 0x1000}, 0x4})

02:37:35 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_MACSEC_CIPHER_SUITE={0xc, 0xb}]}}}]}, 0x40}}, 0x0)

02:37:36 executing program 5:
r0 = socket$kcm(0x29, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_cmd={0xe}})

02:37:36 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x67)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000044882, 0x0)
io_setup(0x1, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0xa, &(0x7f0000000100)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0x2, 0x0, 0x0, r1, &(0x7f0000000000)="98", 0x100000, 0x4000}])

02:37:36 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x28, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1156.192654][T20992] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR
[ 1156.531819][T21015] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:36 executing program 2:
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002301020052000500000002000020d3"])

[ 1156.596201][T21018] netlink: 'syz-executor.2': attribute type 11 has an invalid length.
[ 1156.630840][T21015] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1156.707243][T21021] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[ 1156.737926][T21021] vhci_hcd: invalid port number 82
[ 1156.770484][T21021] vhci_hcd: invalid port number 82
02:37:37 executing program 2:
r0 = socket(0x1d, 0x2, 0x6)
accept4$inet(r0, 0x0, 0x0, 0x0)

02:37:37 executing program 0:
prlimit64(0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpgrp(r0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000cc0), 0xc, 0x0}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000c80)=0x9)
r3 = socket$netlink(0x10, 0x3, 0x0)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)=""/83, 0x53}], 0x1}, 0x0)
r4 = gettid()
sched_setaffinity(r4, 0x8, &(0x7f0000000400)=0x1)
getrlimit(0x2, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bca75fdc7accc038baafb8c2ab7a520700617fc6d0e1c4bf2781", @ANYRES32=0x0, @ANYBLOB], 0x40}}, 0x0)

02:37:37 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x67)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000044882, 0x0)
io_setup(0x1, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0xa, &(0x7f0000000100)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0x2, 0x0, 0x0, r1, &(0x7f0000000000)="98", 0x100000, 0x4000}])

02:37:37 executing program 3:
prlimit64(0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpgrp(r0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000cc0), 0xc, 0x0}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000c80)=0x9)
r3 = socket$netlink(0x10, 0x3, 0x0)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)=""/83, 0x53}], 0x1}, 0x0)
r4 = gettid()
sched_setaffinity(r4, 0x8, &(0x7f0000000400)=0x1)
getrlimit(0x2, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bca75fdc7accc038baafb8c2ab7a520700617fc6d0e1c4bf2781", @ANYRES32=0x0, @ANYBLOB], 0x40}}, 0x0)

02:37:37 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x33, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:37 executing program 5:
r0 = openat$drirender128(0xffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x0, "2aba64d8648204eaa71aabb593c34241be5801deff45d6b24eaaa339de751f8d"})

02:37:37 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x0, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0)
sendfile(r5, r4, 0x0, 0x6)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e21, @loopback}, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x33, &(0x7f0000000200)=0xbfb, 0x4a)
bind$inet6(r6, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r6, 0x29, 0x46, 0x0, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x20008805, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x8004)
r7 = socket(0x10, 0x803, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r8, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000580)=ANY=[@ANYBLOB="1c0000005e000106000000000000000000dc00000473b1b7c058400e578752f39102c787ef615a8bd0406efa76bbf2649dbb9173f8aae1f9f79c930e", @ANYRES32=0x0, @ANYBLOB="04000000"], 0x1c}], 0x1}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r1)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r8, &(0x7f0000000540)={&(0x7f0000000400), 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x20, 0x0, 0x200, 0x0, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x7}}}}, ["", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r7)
getsockname$packet(r7, &(0x7f00000004c0)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x22)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000d0700000052ffe7fdffffff0010", @ANYRES32=r9, @ANYBLOB], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=ANY=[@ANYBLOB="3800000024001d0f00"/20], 0x38}}, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r3)
sendmsg$NL80211_CMD_NEW_STATION(r10, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x10805}, 0x4)

02:37:37 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="020a000007000000000000000000000005001a0005000000000000000000000000000000fe800000000000000000000002000500d0d6d0"], 0x38}}, 0x0)

[ 1157.972540][T21031] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1158.056352][T21031] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:37 executing program 5:
getpid()
syz_clone(0x40000000, &(0x7f0000000000)="1950aecae3f1eaffc6b947e1aaf6a0c61c87677d6dac416c637f62db567054c64a2d134467c47f38c55b8f8144e332d71e9ccd1694b6d03896f30dcdb849456e32bb8f2ba31c3910519611b8776985e174a964e836fbabed707d93b85563447ba2fc2d5c0d416466b764d4437527f7165f08f31e04e311490b1a546ca312c1568baaf5d450c2275b557377ff2557164d0ca84988ff408d370c3d643715bced449a67385fd582e2ed3094f1e1f18313ccf42f9dcd8117ed68dadf80b4bb99e8161a9e05b03369a27f7eba1ee65b14e656807383ce73ad37b92e5a557805ae3fb4dda9", 0xe2, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000200)="03477a7be6105dd95a9e85fa8a1c5cf14c6dae769d9e00380599dd97f439be5399f5dbbe25a85c586b124e235b45b1d31bfdc5739dd3c50bde99b601be4288e1df30d9f82dc060056c4be21b1aecaa896b482938c6af823db037b27196635c324467e12f5c868e6b28402db9e6bd977981009acdcc4a1ce3a8b57d6ab0b38201229f6ce3389fab8d2dadaeb37c653cee700f692b8489c5490b55cbae0a089cbd82423d2f3586cb8412bc64ebdbfc51759d646718c9c41052ed0b44828d561bd4")

[ 1158.176507][T21039] wireguard0: entered promiscuous mode
[ 1158.182244][T21039] wireguard0: entered allmulticast mode
02:37:38 executing program 4:
r0 = openat$vimc2(0xffffff9c, &(0x7f0000001080), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r0, 0xc0cc5604, &(0x7f0000001280)={0x9, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}})

02:37:38 executing program 4:
r0 = openat$vimc2(0xffffff9c, &(0x7f0000001080), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r0, 0xc0cc5604, &(0x7f0000001280)={0x9, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}})

02:37:38 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3b, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1158.408684][T21046] wireguard0: entered promiscuous mode
[ 1158.419838][T21046] wireguard0: entered allmulticast mode
02:37:38 executing program 4:
r0 = openat$vimc2(0xffffff9c, &(0x7f0000001080), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r0, 0xc0cc5604, &(0x7f0000001280)={0x9, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}})

[ 1158.608326][T21061] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1158.632310][T21051] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1158.644416][T21044] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1158.668095][T21056] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:40 executing program 4:
r0 = openat$vimc2(0xffffff9c, &(0x7f0000001080), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r0, 0xc0cc5604, &(0x7f0000001280)={0x9, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}})

02:37:40 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x71, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:40 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x0, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0)
sendfile(r5, r4, 0x0, 0x6)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e21, @loopback}, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x33, &(0x7f0000000200)=0xbfb, 0x4a)
bind$inet6(r6, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r6, 0x29, 0x46, 0x0, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x20008805, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x8004)
r7 = socket(0x10, 0x803, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r8, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000580)=ANY=[@ANYBLOB="1c0000005e000106000000000000000000dc00000473b1b7c058400e578752f39102c787ef615a8bd0406efa76bbf2649dbb9173f8aae1f9f79c930e", @ANYRES32=0x0, @ANYBLOB="04000000"], 0x1c}], 0x1}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r1)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r8, &(0x7f0000000540)={&(0x7f0000000400), 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x20, 0x0, 0x200, 0x0, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x7}}}}, ["", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r7)
getsockname$packet(r7, &(0x7f00000004c0)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x22)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000d0700000052ffe7fdffffff0010", @ANYRES32=r9, @ANYBLOB], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=ANY=[@ANYBLOB="3800000024001d0f00"/20], 0x38}}, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r3)
sendmsg$NL80211_CMD_NEW_STATION(r10, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x10805}, 0x4)

02:37:40 executing program 5:
getpid()
syz_clone(0x40000000, &(0x7f0000000000)="1950aecae3f1eaffc6b947e1aaf6a0c61c87677d6dac416c637f62db567054c64a2d134467c47f38c55b8f8144e332d71e9ccd1694b6d03896f30dcdb849456e32bb8f2ba31c3910519611b8776985e174a964e836fbabed707d93b85563447ba2fc2d5c0d416466b764d4437527f7165f08f31e04e311490b1a546ca312c1568baaf5d450c2275b557377ff2557164d0ca84988ff408d370c3d643715bced449a67385fd582e2ed3094f1e1f18313ccf42f9dcd8117ed68dadf80b4bb99e8161a9e05b03369a27f7eba1ee65b14e656807383ce73ad37b92e5a557805ae3fb4dda9", 0xe2, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000200)="03477a7be6105dd95a9e85fa8a1c5cf14c6dae769d9e00380599dd97f439be5399f5dbbe25a85c586b124e235b45b1d31bfdc5739dd3c50bde99b601be4288e1df30d9f82dc060056c4be21b1aecaa896b482938c6af823db037b27196635c324467e12f5c868e6b28402db9e6bd977981009acdcc4a1ce3a8b57d6ab0b38201229f6ce3389fab8d2dadaeb37c653cee700f692b8489c5490b55cbae0a089cbd82423d2f3586cb8412bc64ebdbfc51759d646718c9c41052ed0b44828d561bd4")

[ 1160.970368][T21073] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:40 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=@newsa={0x154, 0x10, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@private0}, {@in=@loopback, 0x0, 0x6c}, @in=@remote, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @encap={0x1c, 0x4, {0x0, 0x0, 0x0, @in=@local}}]}, 0x154}}, 0x0)

02:37:40 executing program 0:
io_uring_setup(0x2418, &(0x7f0000000080)={0x0, 0x0, 0x7, 0x400000})

02:37:40 executing program 4:
r0 = syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0)
io_setup(0x5, &(0x7f0000001500)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000880)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}])

[ 1161.066110][T21068] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1161.080652][T21079] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1161.091341][T21073] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:40 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)

02:37:40 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'veth0\x00', &(0x7f0000000000)=@ethtool_channels={0x23}})

[ 1161.186987][T21076] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
02:37:41 executing program 4:
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x7d})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mmap(&(0x7f00008b6000/0x9000)=nil, 0x9000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
read(r0, &(0x7f0000000380)=""/167, 0xa7)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)

02:37:41 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)

02:37:41 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/ip_mr_vif\x00')
pread64(r0, &(0x7f0000000180)=""/192, 0xc0, 0x1)

02:37:41 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x0, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0)
sendfile(r5, r4, 0x0, 0x6)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e21, @loopback}, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x33, &(0x7f0000000200)=0xbfb, 0x4a)
bind$inet6(r6, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r6, 0x29, 0x46, 0x0, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x20008805, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x8004)
r7 = socket(0x10, 0x803, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r8, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000580)=ANY=[@ANYBLOB="1c0000005e000106000000000000000000dc00000473b1b7c058400e578752f39102c787ef615a8bd0406efa76bbf2649dbb9173f8aae1f9f79c930e", @ANYRES32=0x0, @ANYBLOB="04000000"], 0x1c}], 0x1}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r1)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r8, &(0x7f0000000540)={&(0x7f0000000400), 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x20, 0x0, 0x200, 0x0, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x7}}}}, ["", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r7)
getsockname$packet(r7, &(0x7f00000004c0)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x22)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000d0700000052ffe7fdffffff0010", @ANYRES32=r9, @ANYBLOB], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=ANY=[@ANYBLOB="3800000024001d0f00"/20], 0x38}}, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r3)
sendmsg$NL80211_CMD_NEW_STATION(r10, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x10805}, 0x4)

02:37:41 executing program 5:
getpid()
syz_clone(0x40000000, &(0x7f0000000000)="1950aecae3f1eaffc6b947e1aaf6a0c61c87677d6dac416c637f62db567054c64a2d134467c47f38c55b8f8144e332d71e9ccd1694b6d03896f30dcdb849456e32bb8f2ba31c3910519611b8776985e174a964e836fbabed707d93b85563447ba2fc2d5c0d416466b764d4437527f7165f08f31e04e311490b1a546ca312c1568baaf5d450c2275b557377ff2557164d0ca84988ff408d370c3d643715bced449a67385fd582e2ed3094f1e1f18313ccf42f9dcd8117ed68dadf80b4bb99e8161a9e05b03369a27f7eba1ee65b14e656807383ce73ad37b92e5a557805ae3fb4dda9", 0xe2, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000200)="03477a7be6105dd95a9e85fa8a1c5cf14c6dae769d9e00380599dd97f439be5399f5dbbe25a85c586b124e235b45b1d31bfdc5739dd3c50bde99b601be4288e1df30d9f82dc060056c4be21b1aecaa896b482938c6af823db037b27196635c324467e12f5c868e6b28402db9e6bd977981009acdcc4a1ce3a8b57d6ab0b38201229f6ce3389fab8d2dadaeb37c653cee700f692b8489c5490b55cbae0a089cbd82423d2f3586cb8412bc64ebdbfc51759d646718c9c41052ed0b44828d561bd4")

02:37:41 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x117, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:41 executing program 4:
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x7d})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mmap(&(0x7f00008b6000/0x9000)=nil, 0x9000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
read(r0, &(0x7f0000000380)=""/167, 0xa7)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)

02:37:41 executing program 3:
r0 = socket(0x2a, 0x2, 0x0)
bind$qrtr(r0, &(0x7f0000000000)={0x2}, 0xc)

[ 1161.538741][T21100] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'.
02:37:41 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)

[ 1161.624523][T21094] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1161.692638][T21106] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:41 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r0, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000001300)="ee5d7d58cfca5c49e4121b7605dd3bad9ef6d772beae08a379d8c7af16e3e752987e678b1a5eeaf60a0bbd128f3c270a31ef9924df808e2bf46a84629dcabf1f60ee67e6fa5d898fdd324f09897d840f63099d9e2095159017115ada9fc60e1c20b25a58ce4bdadd116b75339603c31f37e0c88ef0e7adc8a7bef3d822fc73bdf0188fdbe44e800abe604db35c84c0031d73b0165ed2a36e1c308e4bd43c7a5095ab9a8bafee9117d17ed124d82f8dd3e8297ea9debdafa83cdb7e559531408f1dcb15c32e6c58114f1d59df868a949dd287f701de6fbe95704767e5473e9729b3ebf1ab4e5fcf8bedf6ac235fd3a33970d5179b197668fcb43b00f9fd7b018ecca24cc19dbbbb289ae94b487a4e93752ef1064ab9c190eb61c09d1fd4a1faf8e5606809d11efc1481b32b72368fa221d7b69d422c3043b31345af12a054cd3699bffdd2bac34e3803b60787e7f5e77d665507afcc7a1cc330b09bff87bebd43d323237c03868a277fd7ce4e08d2e3825475d5d32544ec4103b26713eb346c4780aba1f9ed5d0e082839eeb17760df2d0e652ba40c5dedd1e678ea43995a3593cec79be8298c5f1dd76cec5b24c46ceaaabcfb82ebe1fad1a80654dcbb9c0306827a78a29ad3ce190c5737b52d3407127ec6e753705d6d0ee21f42db5d0b083bd826d78a3a1972d7998e664a485fbf8849248a0fddbaf5c336b03eed148b163e11fb922c7669d79f9619e88204cccfe309d04a2b3d1aa2bccf7bf751be02db5b791562a3a9c74d727e7572b0eb8dfc89ded5c631c582a7f0ca80614cde9be5be6b663c31932e3a3bcad6e0cb8b64e8196bdd221c396602ea065f72c0e21659d6dae4add77929c301d64b26a0dcc26c5b39ab95e12b0b2a03ff4787e432f0257c01bc00f0320f3af64dc1c4f64f133e9d3619cf80797b880272ad9b8c7c377f3f1b754b250296eccb03358274c01d6a999c6c66bc7d3e1d762f31478c2132e08d9d0514c9cec6bf0b3c1e39eae07fbc3ae64a086889479c75d7ff2f5ab2a0f1f72b0ea2cba1f1682c6e30d29f601d0f25af893d355dde888e0727da3a86c3b05533e4b039fe6fd1c74208d5161da15fff6790a470ea2511137a146e7db4445bedae1e937998962bf1da285a7edc52a0ade371164012675cbdbae55bb9ef82b7af75d0811491940e94e677a4c12082d45594830256a7fc2bee76cbd0dd478cf3b5bcb89fbfd7f58f9dd452a7ec0e768b88c7e12f67990a1525c1746bfa42d7bb51bca1b467ff271facb72ab9bd74d412fc339efe2d2176c34e3bfcd3654b1d49d85d34eb8a44c8b38cb97934838164b4e6942325189f1e5a1d7b9e3509337d603ebcbfe8694208669d4efe80505f04b5350272d9390ebb07c3bda431251f4cc63ce58843f5c69850c5aec6b1a7ba91ce005d56b3ae298fc24ea459736bf996b1ddec4b7166c2bcfc5ffbf482fefef3ad5b112f679c1bf94079ce96e491b220a8e179e0323f44b83e1e6bb2c99cb2bb57dab4967104d605a40e101c04b889e48e79d4bbfc515a853ef64c2030a419af0a00d400e05ece865844452465b84d36c1e65127b078bf7e9bc1085f4ed4a91770fc8507e3ddda79b25e18cba366efead2059d2984d82ee67c939b342556883f619a2782d279e9a718ea2c1977985859937d626fcf915b5bb18e241bc85fc93336b5b67f5025f146b3baec2b391699da3a8fcb42fb9f42631f3068a13f12cc9fd899e952a114746d0c65e5d5e2b2418480b6f103630b4949b15484829a81385de9fc56b509bd714e9bc2724a532edf39d0ea76a87cb545165ac58427ce3389642f4d495307efa5e0332c914380a331de814a6125f93662da047d980881c5106f5b8f2b8149bc87e12d161e9b0c7b3da4b383e9566213f53f31133fe3bb64d699093e0211f15930e214461e275bb667c9053ee5843adfcda04e9a4c1b3b825aac352877f6989a9dd19216d577dd021905041e1a19807b73066b8c8673497fb88f98b676b46a97408ba43779f6ed14d940efd66aa897630ef83cfe61d1db971b2daf280065c6768d87492859f5f90fecbce9f36d563f281a80e4880c9318488d24630170faa994a95789e1a5d49c81e987f0943b9db9a13c9419c48f9e9356875380b455ef3084810c97ed5158e7e69e8136463141404d8525db543ba7cdd492931f650e9bc11cd49f33d564b93001b1e9a2ec0d32bc4af70b7d822a1193dfa8e71484bd3a5f08f1699dc121ca2da011d6ab41176f770f54d7a6dcddcf43c60c0ba410d99c058ba3b88dd66db34fb5fb8777f6897378b3152c42103aa02559aa1425166e4d2055d80e1a1c3031aceea3028dae09aa35dc52dceffdc89f138fbe71e0b8b58c1e578118157ca88b2bd36447086c717205c41c7e81f057a99b06c4e440c3d64b0666ea663c8123c78a28cddc14004fb1dd86f529495188a7c9a3265cb86ffa513319a2ccdefc53b0f907335f29002bf5d2d87a26eb2515ca2a25c14a2217170d17a348547f46dd0737ecb01bd1e32325818cdf339abc0919b8b01ad536ecc68167319439dfc77f75bd66afcd22eaa8093b0480f4d09c77a3cbfca18a838c3eae4731b7047062580cc4d563299d05872045a851a3be2244bc4b66fdfbd301f6212ce85eef99192630fe2200ddf61bb956514aa1fe7d12fd3be7d8192ad4c04991631d934958d353bb4457382c5f863c68848230dc8bb224b1f6bd5dfe91b9305266bdbd80f30e99d51a503372f4c90f17a01496b32c545f64f0016c6d860a7e62cb36a630c5a017b36002d0c9222648102ad4063801899c5f4ae4d402058bf6e74b7b58873f1ec965aae3a82b7bd3887bcca6200d59656f9d30b297cb159fb4958c12631e5d641c03df0365b0218dc0ae71269b8452e017b89e521a5f43d248ea9c0e13295cf4b10229a46d03c9a44205aa82b178c1ec5b98be4a8b12ce93e4519ee45b09d675701424b584921ebe2af85083c5d1c80001eb634b28e4ddf3f4b8a5c7b5e8910f7b2ba2eae834420443366eb20e3944d5c1f40591b6204204b77b7226e9d5d4e1cc2e3d98c2bc17e2f306db5b2911cb82e5e79bed3e4cb01dc09b7075ecce9ead7c52520893083fa928a861bb95645cd1dddc9c275cd883cd6514a343cc248a9907af1aeb88e4640f7ef716e162e94000403d0c0b17f6e09174696602e3205431bb494dede762b10e352cc49d58478507bedcf4695489e33060a7d24ebf358902f19b7194faa0388612ba59a991e50fb50eb70aa3e7a674f8d8c6145c8dd80676a8a2e16b2e2e5f9383257091385c7be49b7ba54f012672c3f5751f4c4f9074159c54a0f1aab513fa88b729180a472fec409a3ae500a6aa36cc419c99d74417a60738d81367f9c70118764585fb4fa59a2933dcbcc01e200886ab6802ebed01c34b7f5bb55ed90aea0df27ff21aba714b84972ade22454855913a37925f9a74238fa9bcff17dc51383e0644c119aaf1e26ac8b84f03670a36ca5590c0ab2f7e8302dbff9c0453f33d23b75e4541493688d4ee8733165da5aea0e114aa2abbbc94bc85954537777c1cf9f8ec96df6ed379e3b106aaec791be1609ce9821d4c561edcd92d28db4852f24800bb6902eb89e967e19dde0280abb6e9def000d9578527686fb9da6d0acdbc08039b1a958e62a2d5f286b56e33ba567acea1c819777b4449465e4e7a7dfafa3ec21c3f5aa8f6e4b2cd0737bcbf55c78f15ca8d3768ac4bef209e9f9621336ae43e68381d2a252f5fa68bf273aacc0febb48459ae5844569c52d849bf89c3630d302d197aadda5c5c0acae6c82d6cef3cacd7dbfcf130e160a94daf704104724ee1bdfd64279a750ff2f5e5e3f4cf46f0e3cef9aaaaba6c0e0cb2a084456b4e6d39079ff9ef043f78076cb5bc4757aab896dd481a152b02b611874aef2d3f98b47c3c3ebbf53ea27b5773d391e7943db8696ed8647e1c4fcb35ba9ab32c234489c1577fe77a1d33fb78008a015e15b806eb43878d8d84919881cc26c2679029aeffbf53e91a57c665757ad1d04d9c41256f067e3be9bf1dec22df6e172041f0823f6cf9109e7e3a213eafb2d75ead5aa21110dc74e3abe780236102d8f4466782e9be5b73471dba02f9c486460a190c31f89af51123a0cdd14012b921d33d4f355c46bdb6293cdfd142a2d970324db8d92c7d7da9efc276b0fcfb749cdb27f5a766c5e2222bdd707c9a8f4d561a77d0b4eb7a95417ccea2aee7065cdfabf6e8bc3668ca494f45e4a0eac973bfa44df2f9d53bf38dfab350bfd3bdcb8ec732659d3888f8028c61b09ae1f0a98f3883d0d3ec0f9cd82f19cd4c38568ab0e31fd244fc2b8783556186178485be01be63ed991a8203ae66fd1f0ffa1505ddf49c396f653084d1c415598020b5e2846715310bc2a9ea0ea6ae134cfabab1484d6996391105e5ed0e63a3cff2cdcce73302a18d6cc18a4566bd5b134f678afa2a51f65a5d7a13c7fdcd12c81d01648283ab304572e998b3f86f8629bcd4319113c6220fcc132f8373c676bf58f580ecdc29b81dd7255f34326e862530911c576a2d8c7af66bd726a0d37543b834b834f1a3b60b71f4fd4acf76cd911b3a256e8a855b0e1c2398bf67ab2d4939da7a07abbbe29d418f17228da6e236793489fd82085b2327efb6a067560f5a89ba85f8fbb76f11741385ea326dc25ae89161ea94aad1b291e973c373a528c0421d3a7f802a10b612f5d6323ec26f93ca2409036d0cd026a0ba7bf2b3a675277cb0d24d359f54cf4dad4b9afcc7cc6b076aa410c4ffcaad480165e04d492a6bbfce4c99dd8a2200a8ea6a640a5e2fd9898c81f80a778c63e4eca904639ab9d413d968e910e258e19de408a04c8f65939544c3cb12ad592f05c6d3b20abfd4fba48da57e2e55ec91154b4f194391b2999fc60da12ecdacf88ad136feb36c8fc5d5e2697b04c4cf9d8bd2dfbbd1875498a5ba0cad7a58259fc9cd6744688a78c755a2812f8896b654a81134bc5f347d6e5bf3fc4d45faf13fe3fe45405f6d7824d853a4bb4a3ae188a0a599a563de070b56fd566020f05ed6d65636b0c7a3ea5ce935e77c62645ebc2c262bef9216540fc79ffce67568e7461fdc3f25772263595c3ee3ae515f06a662944776a6036549e5473e997f9a3d8c5846afd7fcad62ae5bb0fadd9394d3b6bce4d995f91a9562c2497e2fb9afcf1e2b2f6ec0c59076b35e478e3f5bf810a7e6e89a0f0283aab4ea19b75d854952bd1222b6cdb5a50f854878c82be144b81cd9efd479611e0bceb555d5f2e7c48efe96fb395d7de660a5666cae40a3d05a19ba14179dbb0f7fde2c5fdc93ccfb1f2c189e9add89e34f729a0a3d8f58aa9e9889618060b3eeb4349b863494f6aaa68267d894a882d6f4d664dbe0d877fe18c864433377afe593a8b6f5aa0fe9d6b5d7f378cb3979d822c0400e314703d6fbcfcad3a00627953405970fa47101be727ae0c4e5929bbf5f8ee941a6a7a1570528d636ffcccc5a59dc8de63b66b6ad822e951834aecdb55eee036a403951efacb1a0dd31e245be074a3fbd9b8e87644764a02fa84c3b21dbd77ffcc9fe5ac966e1140162ac82342441d7684bfb4c2c1fb16162da4db578ab2664bc66ecfdda19a06a5ebdb394821016efed888c2babf1001d3fcf22c38b89cb9c01eeb27d0ac436e8015f43bcacbfea32e764b9b72f343f0563187a3774e393b89549ed7624dcbd11203ee66dee77e5b65ed5503cb2daa35e5c148a1f88e958c2400462eae23bbbceb6f2d739356f949d717d0fa624f6", 0x1000}, {&(0x7f0000002300)="41e6e43fab688b1f70aed3b87440aad3349dc0cd70c77b4cbbaca02976c59d31180890a05c89a7183e2c07b7121b8b158145c7182eba81e68feca29396e9271b775e39457f322f32a285a1983522d42fbe978dd5c1b4eb5aca602aafc58308d78ef8852f1bf17f2639fdf2e621738acb1f3a628f30a3767ce33e66411085be5327dacfe68d817fbb169d5a53d38145a8d881511ac1906ea256e6873a6672e71a35b960f6306cc6eaca1b21fe62aee5f7d4c83d58ed4b151a31a8624c29f06656c125d4335f1e32c027c0b1c8d61a279f721afde229cdac70f2cf37c9e1efdfc7edf48c7c73bf5d7f89b694f5cfb49233d676a92b579eae9833ec2679e1d2b707146fbe99dbd6004bb220df003db1b7b138fdf5631dd8c768b23daaf3e48cde44b1bd80103f0bd2b8dc14573ec100271d92ccf744d5f70fdbad35d6ae3a7af420bd041bbcee929662bf06eabb5cfb2c5a932644cced3528d9418b5c5670289b9f683770af9601c31da2ce37257f8f56a9ddb68db934b20024983bbc656002386f5ebafac21e1ae51d2485966c6ae6bbbe20f43428c21b67ba22cd4add81699a7957a636af08c5faafdca7d534ec075018fc7a7768416f2962785280686202de8d440fe9182f6d48de198c71c92e3df1c9034459f97437867ebc73edd079387c02ed2892a9088d8a125defa950694c4d9d7a82769d9263ace60bb46286f6edf36155990132f6f3a09d4bb0f6ebb0c9d3174bd11b7e840dbe65046a50143f4314cf2b7072d9f7d66d1155296186b0f6ad1d2b1eabf7f6f669a70819c731e11f5d3ca8b154e09c9738143e9718116a0930e6f7f6398b518c031371652ae15ef6966e417765ef34795498881443d0961afcd03c2905e077114e7fc942f7aeeb1cc16fb26d56e943dccb3f50a0f3ce81ec17b9b525d3287ca0007409c6182d559102321c5939b35bf14d0940c3657f0056985811e57cf863f41fc50f06569ab7f4dedf1181aa9259c19663606b38a2dceccefdc8a79f1abca6e92b1c7fcd824eed9119a3d22ae77af3f39d1b17c6c052bee155833e435439772fe0f9e52a10c351668356da79a709594e77022db2c434dbe4c72992f2ef7d0b0ed245aefd1fdb1620953d20047b9cb6cee526b632262e66e387ea29529ba7a4465fe08cf2437690bd9b12b79a1fb75475f35e9d0e96e6745234b251ddab7f4b306b006410f9e321114555b68f156152d7b6335165689215a7ce6b37db83c7fce107d53208285c755fad8dbd3945ec49ca2a932081b9ae123a533ba9b22be153b87874264e2d48750cd4bdd0e2c2ba1202c07af482742882ec9659602627e983cb8e949c1ad6a89bf50090819412fa2611c193472cd62a0e9dbc959f3bdf4559e52e9f1cd199a4155c2cb8c369bd34a1c30eb0b3ec37680aabb20ed8fbed03e1ae156b66f4482aec3838fcbaed4c1933260c87ce191617136a62fece43ba1633bcc6c9829515c7126928d713aa225dc6ea275fb6772b5dcde023da961978b223358a581487ab5eab68d0af7dd25b2831b6a34f89dd5c8fc42d371d88542d83643a80a7c1230583d9d6a7ceb483d39f20e87b1cf750c0c3b7395c16713414221fb7dc208365a5aba7e5d33ede10d35a340e363037b9b81e09928acc39b52f3b55f1d2435b5263d80c4ee20590894fc31967f6108c38b837795c04caf75c334ebe267425a5d6e06bbef12d0ebe505ba03d1c54a3d86db0f1a46b322a96620b2448a5da048bf517f3eb7d5029ec897ebb109935ce92eb5285bccf11528bebe55d3515cdd5c9e041c96b3dc70b478c56df50ebefd9d1e5f49ec2454a1d78b2514039f93612de69d10bf6f27be4a8619c7bad971c3202247202960f32cf762d67c847f207a72c39c518efe784f6047e936ca6c150a11fd5da6a3f01ec0ff3d10bd25812b0887999a0adf548831296305e87d1db3cad5a8657e168a1ff39c0a301dfaef32d2919172bd7e34c767d1aecd1caf005de9352aa940b8f2ecffc9079b877a094eec2227a3048dca4a44266596c83b048506f51f138d82a400134e23b099af385685b20861cd948beb1ba5a0cbd85267459c58b0e69f5128d5d65ea4217588145f286ab01c9255052f9ef63db4e55ee7239fb8644a42a2d3eb9f9dc176ad274880d5b1cc033c892908de2344ea6f860f590c1573e08c4b5019628326e76d9aadf808bf3a78e9094c3d6ccb28bac7852fb8d7d3eb493dfa9b2881a1f87a6f661db3639039bc9875ec2c8f5393362088c55a3ba9364a2d0c4a1f55df1f281751abc2cb69567ffc6a378fda6fc3feb3ff964997ea28fb1b317584652555146924398a5bf436f4d694a917813e4e201c8c9d652e4a04574f9b707260d96939ff5ff7b5df21afe093f745fde4dcfeca2ea2e44e377a07e09f47514c22d9694ddd0be31f01192567512aed20eb5b8b6db29826fa260ace149d313a4d423ef6e2fdd3d0295dd2a30b910dae5cc3b76bd9c4c66b8752940631fd3b8da1e33a49316a446c1b5944dea1db079104349832bdb84396b989a93d4f7ac24975b843e689c651ed41b369837a9c7b5e30f55788d0fb3f5fe8258f8a49833fcc6ed6c2fbeb0f41d2dff187256a77f5df9dc74a49e43b68f96a9c92455208556701553e11e91971e592a6c9ad52e0d0d8bad3ce948d1d2600996fe9c8a06c10ced9676584d8024382f7677e8739aa7a6933ceeb3f2cdf32960caa8e3b571e3797c61ee404bab48bad07d7f1d665e64e03cfe2b8b2aff45b6501c7dc7f4694941606ed11fdbbefbfcdecd5c11402cff3df927595df51baeacfbdf4a97ea38deb3ae0ccf58ba95891caf98bb77d8b82d208921ef0fc03920e21b96e788be3c483faae25db52e343de0547b98a470acfb785d1c858c1117c6ed9731078685c248f07a4426858cc5cf0aa2c7b921afae3f6bd651b691fcedc2da7899a644012dbc551248f99790e690f9e7852e59c2cae885f5b651477d139f675728865d1680d4be17f2b88c0e70b83f9df2c689571eb316e35349a18716f28dae1b81aba39ae40fa3b3dfab5f227cb1e19589a52b1a9a85e2b9480205c5d21fc5adb52c7c5343592eae5b7659e82ecf6099ce43ad3cd0a641729a22a354379d5d8b11e4bf362206d699f01d0d9f1a02e307b2e5c7bb0cc23e076b110a1ab85f965d6fecc2f44457834b7daaa4875f4752ba22b9e553826f2cc1f0b25a825f5f6f933901ecd170354797b882aeb5399b400eb0e692feb1a81df8b24958196282c4cc1b17ad6521103a8ab31a69e2d6f7dda8c45efc97701aff2ffcdc60b5473eac02739a6a83c1e440f94124c1da2ac56f55c4d7fe1107a2214ebeb734dc4c496e11c592799682c3a4295ae55d225a601cec75717ac7fae5026076e36793a923d838869a8004424a716891b23eed35c6a9e4b3b9546b50c71ef92c6dba13187b34398e2e3e5e1661724fe907b2fae3001fde1f0bd3fbb03c35a252f9b90f78c57929bd2364329341bb9553b8b43a7291c8ca26e712cc44adb3128338efdf002498e1a43ceb88c8f959b560b9912e53e8d60e45e386699ad79372fe6f7798b1bf12fa9ed82bc8cdffd01b023c5da23c30ddeeb19f5f50b2ad337323e282f46c89b7bed6a54fdb3f1217ef178d085316414f20de5b43ada21a3793e8a836188fd1d62740ae96da4b1e26cf88b771ead2f7d7687a4b5398a34b062f09015ee1bc465b57de82134751b2857e03edeb72bda1c406b5363e750ee0e029b56cfd240ff1912473fa33c3b8742928e602a9379e4ceb91593649bf70199c27fa8e9f00c7ad604f29b5e611c162101890bc534b0c0000639351f827e40c17c496661a51613b28a63c368ca8b9c82fee2e6069714f16b73fb31541174877940537dacfa6c820ac4a75c981f6dbe76193bee35b6b91e1ba2287cf57860dabb3a1b7657f644e19958c3bc136cac3c985efe85758a6681259e03e4b15fb6f0f716a3ea59095409abbeed370d681568846239030819cf74f9069a39d615b9e7e19820022a8c0b3ad9ebf0ca04f88042666b43e8d309560e18bf9e12502194a78e01781e239d14a418b1069661dc4cdebe2beb2b8b7977cfd550c3d7081c5ef6eaa37c85b064ef4826ddf1e639c6085496a94431f4ed31cec9a56826f92a4ddb8a4260447b8f1754a4e5e2cc4b90aa4b012dd4cbb68cac63703242727c7edb3e2b1cecfc599a0947b11c6f50de77beb883572a9f48975b27e279d17b7fe878ebc28a5d296f41395274e3eda331a8461badf26b775c8046c71056003c935d1befae08d0179f673e6c61b4850c52d6de780fa9ca96a6063646df8b5980ebde707f96bd7e8a267d06be13c1604a27da83d2aa5c523f2e002260964e1d6e53d1a2e0a9bc95c801082c18f3135a68e262955f733793c9151fba88abbe4a2930aea5f98986423b625e25572dc29d10ceecf191a94e253df85760127303cb0c8b7cf71005e06a034ad232133bb2bb18d4bc0d7075ec2c4d0af1d9044a24b3b62103e7abcdd533d7938dda4f314db04194adec304872ddd76318ae94cb3c8aa805c5d56aadf1cdfab9c2511218ee1a73b6e18a03861b5bcbb3757415882c7fd3483f65bcbb2ebdea619986744a39a984b7ab6fcb8e40fa87ccd926080b9a87424f38a9dfee2dab556768fb2cdc12e15e9daf634ce13714a55c40373e729af9a48ec127afe449103", 0xd01}], 0x2}}], 0x1, 0x60c5840)

02:37:41 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)

02:37:41 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x0, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0)
sendfile(r5, r4, 0x0, 0x6)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e21, @loopback}, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x33, &(0x7f0000000200)=0xbfb, 0x4a)
bind$inet6(r6, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r6, 0x29, 0x46, 0x0, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x20008805, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x8004)
r7 = socket(0x10, 0x803, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r8, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000580)=ANY=[@ANYBLOB="1c0000005e000106000000000000000000dc00000473b1b7c058400e578752f39102c787ef615a8bd0406efa76bbf2649dbb9173f8aae1f9f79c930e", @ANYRES32=0x0, @ANYBLOB="04000000"], 0x1c}], 0x1}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r1)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r8, &(0x7f0000000540)={&(0x7f0000000400), 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x20, 0x0, 0x200, 0x0, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x7}}}}, ["", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r7)
getsockname$packet(r7, &(0x7f00000004c0)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x22)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000d0700000052ffe7fdffffff0010", @ANYRES32=r9, @ANYBLOB], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=ANY=[@ANYBLOB="3800000024001d0f00"/20], 0x38}}, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r3)
sendmsg$NL80211_CMD_NEW_STATION(r10, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x10805}, 0x4)

[ 1161.792751][T21106] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:41 executing program 4:
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x7d})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mmap(&(0x7f00008b6000/0x9000)=nil, 0x9000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
read(r0, &(0x7f0000000380)=""/167, 0xa7)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)

02:37:41 executing program 3:
openat$khugepaged_scan(0xffffff9c, &(0x7f0000000000), 0x1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
r0 = syz_io_uring_setup(0x5ad, &(0x7f0000000100)={0x0, 0x0, 0x3e81}, &(0x7f0000000000/0x12000)=nil, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000040), &(0x7f00000000c0))
io_uring_enter(r0, 0x0, 0x0, 0x1, 0x0, 0x0)

02:37:41 executing program 0:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000000)={@my=0x0})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
r2 = dup(r1)
connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x0, @my=0x0}, 0x10)
dup3(r2, r0, 0x0)

[ 1162.011669][T21125] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1162.115446][T21120] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
02:37:41 executing program 4:
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x7d})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mmap(&(0x7f00008b6000/0x9000)=nil, 0x9000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
read(r0, &(0x7f0000000380)=""/167, 0xa7)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)

[ 1162.228842][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1162.241294][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1162.253785][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:9e:7c:1a:10:e5:04, vlan:0)
[ 1162.267246][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1162.280157][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1162.293090][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1162.305740][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1162.318402][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1162.331059][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1162.343729][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
02:37:42 executing program 5:
getpid()
syz_clone(0x40000000, &(0x7f0000000000)="1950aecae3f1eaffc6b947e1aaf6a0c61c87677d6dac416c637f62db567054c64a2d134467c47f38c55b8f8144e332d71e9ccd1694b6d03896f30dcdb849456e32bb8f2ba31c3910519611b8776985e174a964e836fbabed707d93b85563447ba2fc2d5c0d416466b764d4437527f7165f08f31e04e311490b1a546ca312c1568baaf5d450c2275b557377ff2557164d0ca84988ff408d370c3d643715bced449a67385fd582e2ed3094f1e1f18313ccf42f9dcd8117ed68dadf80b4bb99e8161a9e05b03369a27f7eba1ee65b14e656807383ce73ad37b92e5a557805ae3fb4dda9", 0xe2, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000200)="03477a7be6105dd95a9e85fa8a1c5cf14c6dae769d9e00380599dd97f439be5399f5dbbe25a85c586b124e235b45b1d31bfdc5739dd3c50bde99b601be4288e1df30d9f82dc060056c4be21b1aecaa896b482938c6af823db037b27196635c324467e12f5c868e6b28402db9e6bd977981009acdcc4a1ce3a8b57d6ab0b38201229f6ce3389fab8d2dadaeb37c653cee700f692b8489c5490b55cbae0a089cbd82423d2f3586cb8412bc64ebdbfc51759d646718c9c41052ed0b44828d561bd4")

02:37:42 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x146, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:42 executing program 4:
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
openat$cgroup_ro(r0, &(0x7f0000000240)='cpu.stat\x00', 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f00000004c0)=@security={'security\x00', 0xe, 0x4, 0x3f0, 0xffffffff, 0x118, 0x118, 0x0, 0xffffffff, 0xffffffff, 0x358, 0x358, 0x358, 0xffffffff, 0x4, &(0x7f0000000280), {[{{@uncond, 0x0, 0xb8, 0x118, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x0, 0x24, 0x3}}, @common=@socket0={{0x20}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @broadcast, 0x8, 0xa, [0x20, 0x34, 0x3d, 0x0, 0x11, 0x1, 0x38, 0x3, 0x30, 0xd, 0x9, 0x12, 0x31, 0xf, 0xe, 0x31], 0x0, 0x9, 0x1}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x5, 0x1, 0x1}}}, {{@uncond, 0x0, 0x168, 0x1a8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0xffffffff, 0x2, 0x10, 0x0, 'syz0\x00', 0x1}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x84, 0xa, "5f5729d79497b3e184ceac94f266a19e2ef8b18514e53f3e3e95b6ac62b8"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x450)
setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff})
open(&(0x7f00000002c0)='./bus\x00', 0x1c1042, 0x0)

02:37:42 executing program 3:
openat$khugepaged_scan(0xffffff9c, &(0x7f0000000000), 0x1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
r0 = syz_io_uring_setup(0x5ad, &(0x7f0000000100)={0x0, 0x0, 0x3e81}, &(0x7f0000000000/0x12000)=nil, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000040), &(0x7f00000000c0))
io_uring_enter(r0, 0x0, 0x0, 0x1, 0x0, 0x0)

02:37:42 executing program 0:
syz_emit_ethernet(0xfdef, &(0x7f0000000140)={@link_local, @random="21f960dc65d4", @void, {@llc={0x8864, {@snap={0x11, 0x0, '.', "3087a2"}}}}}, 0x0)

02:37:43 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='pagemap\x00')
lseek(r0, 0xfffffffffffffffe, 0x0)
read$FUSE(r0, 0x0, 0x0)

[ 1163.276600][T21148] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1163.379702][T21148] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:43 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x8002, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

[ 1164.064834][T21158] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1164.170124][T21158] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:46 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2b, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet6_int(r1, 0x29, 0x2, &(0x7f0000000000)=0x1, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

02:37:46 executing program 4:
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000440)=0x1ff, 0x4)
sendmsg$tipc(r0, &(0x7f0000000400)={&(0x7f0000000240)=@id, 0x10, 0x0}, 0x0)
setsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f0000000040), 0x4)
connect$tipc(r0, &(0x7f0000000000)=@name, 0x10)

02:37:46 executing program 2:
r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000500), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_LINK_RESET_STATS(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000600)={0x24, r0, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x4, 0x1, 'syz1\x00'}]}]}, 0x24}}, 0x0)

02:37:46 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x3, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:46 executing program 4:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xe, &(0x7f0000000000), 0x4)

[ 1166.455266][T21169] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1166.592584][T21173] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1166.735987][T21169] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1167.233095][    C0] net_ratelimit: 8027 callbacks suppressed
[ 1167.233117][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1167.251636][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1167.264375][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1167.277071][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1167.289755][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1167.302495][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1167.315167][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1167.327874][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1167.340569][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1167.353292][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1172.243017][    C0] net_ratelimit: 7879 callbacks suppressed
[ 1172.243038][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1172.261658][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1172.274348][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1172.287085][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1172.299766][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1172.312439][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1172.325266][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1172.337982][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1172.350702][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1172.363451][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
02:37:52 executing program 3:
openat$khugepaged_scan(0xffffff9c, &(0x7f0000000000), 0x1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
r0 = syz_io_uring_setup(0x5ad, &(0x7f0000000100)={0x0, 0x0, 0x3e81}, &(0x7f0000000000/0x12000)=nil, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000040), &(0x7f00000000c0))
io_uring_enter(r0, 0x0, 0x0, 0x1, 0x0, 0x0)

02:37:52 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1800000016005531"], 0x18}}, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r0)
recvmmsg(r0, &(0x7f0000005340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

02:37:52 executing program 2:
r0 = epoll_create(0x38)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
epoll_pwait2(r0, &(0x7f0000000000)=[{}], 0x1, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000180)={0x3})
close(r0)

02:37:52 executing program 4:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

02:37:52 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x14, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:52 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x54, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x3}}, {0x14, 0x2, @in={0x2, 0x0, @local}}}}]}]}, 0x54}}, 0x0)

[ 1172.652144][T21184] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:52 executing program 4:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

02:37:52 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x34, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x4}}}]}, 0x34}}, 0x0)

[ 1172.802088][T21184] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1172.867448][T21191] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
02:37:52 executing program 5:
pipe2$9p(0x0, 0x84080)

02:37:52 executing program 0:
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x77e3, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000040)={0x4})

02:37:52 executing program 4:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

02:37:53 executing program 2:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000bc0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0xa, &(0x7f0000000c40), 0x4)
recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x3)

02:37:53 executing program 3:
openat$khugepaged_scan(0xffffff9c, &(0x7f0000000000), 0x1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
r0 = syz_io_uring_setup(0x5ad, &(0x7f0000000100)={0x0, 0x0, 0x3e81}, &(0x7f0000000000/0x12000)=nil, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000040), &(0x7f00000000c0))
io_uring_enter(r0, 0x0, 0x0, 0x1, 0x0, 0x0)

02:37:53 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x21, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:37:53 executing program 5:
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f00000018c0)={&(0x7f0000001040)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=[@rdma_args={0x48, 0x182, 0x1, {{}, {0x0}, 0x0}}], 0x48}, 0x0)

02:37:53 executing program 0:
r0 = syz_open_dev$dri(&(0x7f00000004c0), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r0, 0xc00464af, &(0x7f0000000080))

02:37:53 executing program 4:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

02:37:53 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x3c, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWT_BPF_XMIT_HEADROOM={0x8}}, @NHA_ID={0x8, 0x6, 0x1}, @NHA_OIF={0x8, 0x5, r1}]}, 0x3c}}, 0x0)

[ 1173.832716][T21213] netlink: 'syz-executor.2': attribute type 4 has an invalid length.
02:37:53 executing program 5:
r0 = syz_io_uring_setup(0x2453, &(0x7f00000000c0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000003c0), &(0x7f0000000400))
io_uring_register$IORING_REGISTER_BUFFERS2(r0, 0xf, &(0x7f0000000240)={0x2, 0x0, 0x0, &(0x7f00000001c0)=[{0x0, 0x2}, {0x0}], &(0x7f0000000200)=[0x0, 0x0]}, 0x20)

02:37:53 executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x24}}, @in={0x2, 0x0, @dev}], 0x20)
shutdown(r0, 0x0)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @dev={0xac, 0x3}}]}, &(0x7f0000000200)=0x10)

[ 1173.932011][T21214] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:53 executing program 4:
r0 = socket(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000880)=ANY=[@ANYBLOB="bf16000000000000b7070000060000005070000000000000480000000000e1ff95000000000000002ba7e1d30cb599e83f24a3aa81d36bb3019c13bd23212fb56f040026fb41f2db3b1639b7bbc9af171b856de734cfe3cafafefc40056bdc17487960317102fa9ea41d8123741c66be166992b2dcd72fa0fca047d41886d0d4d94f2f4e345c652fbc1626cca2a2ad35806150ae0209e62f51ee988e6e06c8ceef3ceb9fc404000000c588b277beee1cbf9b0a4def42d410f6accd3637110bec4e90a6341965c39e9ebab0e39622200e011ea661c45a3449abe802f5ab3e3101c0932ed4148d3b3e22278d00031e5388ee5c867de2c6211d6ececb0cd2b6d357b8000018ef4aafad197acc7dc1e915c685ceff7f000000000000491b8bc4748eda186872000007ce468ee23fd2f73902ebcfcf49822775985bf31b405b433a8acd715f5888b2007f0000000000000000010000000000000000000000309329170ed8e5b56780260ed652290f58fa64533500ebffffff00ca1276445432997f0000000000000008e75a89faff01210cce39bf405f1e846c12423a163b33e680846f26dc7add65873d9f87463ad6f7c2f3ee1a39244960b318778faa047f6d0800000000000000e7a6520602a80d608df4d433623c850af895abba72bf14f6fbd7fbad2a436804eeae1de6d2c740a4bc5e32bd378af7c9136adf32ec7bf48cabecead649f96ea24c32872c490637c34360cb5d46ce680eeb80127eb23f9902519a693b85c6552051385e7e87a2db762cbb253fbd76b9117c1a11d18aa21a0c5f0c28999a639c0376678be35ffe99ff799a11d9b219c00c369a12bf8685b862d2000000bda1bae489bcef5ae59136aaacc59608f4d4e6067338b521eaf2e2465da053cfd5e95394e5520545364361d2c1465c5461a7c4174e5cd9c7976c9aa6342c5621dbc2dccedb5ab74e0b119252a23352fca272212d0c0104000014593d65d3f5e1e9b294669bcd2df061a4d6a835e40e7302f53f90da24cb256b34e95bca9c512f737486ecd037ce40d0a706a5b05e72f8c218366e321f9109ae4cf44b3b0104154a93394f42b4ab6125e0ba8b1a1d8c473852910b3cb7e8dc795ac01bad9a6b438b9db5f5c926940a3ac36daf2a9dc9d868ec11f51e08bc67a3d598039d328b4677229e8b587e8a00f1733adabd5d2837c084c164cf30010969c79a09ac7a9bffff5bc7e420baa9000cd49f77782205d3f6f4b6aa751f49a6b76e3d23635f1d33b906707563b8ec92dec767cc09fe9936acb43382bfc81c823ba32f25738d863cf20181208e23ce19966e729a7b4eefa68554fa4ccadac05c8eac1b52dd528b124285a16da4d01b68e3fcb3d9a24e9d670500956702fe9be5d8207d426450ca622e8e0197270cbb947231baf36e0567c0f5de639c99bb71ca0e60d2decb185cddd74d4f00000000000000000000006ed429a657a8203f6542e9dd19d7a70431aefcb9f1b673512e25503c603f19fa4c39ee9b08aadd2c7555543837770a812207bc2be9c86f94282b325e3097438594670099106f0defa5b3db53c74ce8eebfa45c204edfc4cefbd94c4c034dcbc90975b097ece2484b5287105335791eb3061ac500a6728677c72b5b76c18186d6f1a5c74aadd922dc002fd4bd1bc3409e8d7144689c89f7a5e95fce153d4e9bf0fe0aaa3dfaa443c5081606fda5059146ef94586f5d1658ef0389734108a3af432c730175a7c6e3bb997ed39a0da78527b212001e57349219c98f4c0000000000000000"], &(0x7f0000000140)='GPL\x00'}, 0x48)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000047c0)=r1, 0x4)
sendmsg$NL80211_CMD_NOTIFY_RADAR(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000011c0)={0x14, 0x0, 0xa15, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)

02:37:53 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x3c, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWT_BPF_XMIT_HEADROOM={0x8}}, @NHA_ID={0x8, 0x6, 0x1}, @NHA_OIF={0x8, 0x5, r1}]}, 0x3c}}, 0x0)

[ 1174.073508][T21214] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:37:54 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mount(&(0x7f00000007c0)=ANY=[@ANYRES16=r0], 0x0, &(0x7f0000000500)='sysv\x00', 0x100008, &(0x7f0000000540)='\x00')
writev(0xffffffffffffffff, &(0x7f00000001c0), 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'sit0\x00', <r5=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0xfffc}, 0x0, r5})
sendmsg$nl_route_sched(r3, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000400)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c00000066002708299d080c0000dbdf25002000", @ANYRES32=r5, @ANYBLOB="f2ff0100f1ff0f0000ff000000000b000000008008000b00ff01000008000b00040000006466ecfd349e09a0e3f9d1dc034ca807deb57592227478966341dafae28d3f00f67bc1f7ad29a05735e23836933f52805ef1105f0209c7487142fc380aae0c0e3a159fb7c5ff9f3094c14ec56114fec6fec88ca9a4c87dd4e5a30000e949230d15cab8b07cc30f1b1a3f47668acb027cd2c9e43f3c74c9a4c6764682ee97703feaf68f4ca0f963f95c6b76304bbbacf4e06036a29973cbde2d6a7c958c1103cb0254dc5deb61b1538d0d6671ad1825fbd87e0e7977e7b3b9a9ea26223bafd92254040bc090b22804f9adac29da4be02c977ed6043439b19d0277f8b0a6624eadd96df53f17da4ab3558471b4f4df94299d94c801bff70d02e5e51b3a411264557c7b6158fa891dfaa1b84d578b9853f53923558e10f676d0789c9b0daa6b0bf67ef1e486bde2b87d28a48a5a1181f8ad7ce5a471685f1dcc968dafc3daae5762ff59073ddca326134c62e9b7917d10c336c7d4ca116d5c5fe20b19abbd996a7e4729067219"], 0x3c}, 0x1, 0x0, 0x0, 0x20004080}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae)
symlink(&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='./file1\x00')
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)-generic\x00'}, 0x58)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x8010)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000014)
openat(0xffffffffffffffff, 0x0, 0x2000c0, 0x4)
unshare(0x6c060000)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)

02:37:54 executing program 5:
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f00000000c0)=@nameseq={0x1e, 0x0}, 0x10)

[ 1174.247916][T21225] netlink: 'syz-executor.2': attribute type 4 has an invalid length.
[ 1177.253304][    C0] net_ratelimit: 11559 callbacks suppressed
[ 1177.253318][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1177.271542][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1177.283816][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1177.296111][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1177.308366][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1177.320857][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1177.333230][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1177.345479][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1177.357728][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1177.369976][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1177.697174][ T1232] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.717534][ T1232] ieee802154 phy1 wpan1: encryption failed: -22
02:38:00 executing program 5:
r0 = memfd_secret(0x0)
ftruncate(r0, 0x5)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x280000b, 0x4011, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000040), 0x0, 0x4)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ae4000/0x1000)=nil, 0x1000, 0x300000a, 0x11, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000000), 0x0, 0x4)

02:38:00 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x3c, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWT_BPF_XMIT_HEADROOM={0x8}}, @NHA_ID={0x8, 0x6, 0x1}, @NHA_OIF={0x8, 0x5, r1}]}, 0x3c}}, 0x0)

02:38:00 executing program 4:
ioprio_set$pid(0x0, 0x0, 0x0)

02:38:00 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x24, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:38:00 executing program 3:
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000040), 0xcb002, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000200)={0x1, 0x5}, 0x2)
write$USERIO_CMD_REGISTER(r0, &(0x7f0000000800), 0x2)
close(r0)

[ 1182.263203][    C0] net_ratelimit: 14681 callbacks suppressed
[ 1182.263218][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1182.281783][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1182.294455][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1182.307233][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1182.319919][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1182.332539][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1182.345217][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1182.357939][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1182.370625][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1182.383378][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1182.385488][T21239] netlink: 'syz-executor.2': attribute type 4 has an invalid length.
02:38:02 executing program 4:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_disconn_phy_link_complete={{0x42, 0x3}, {0x0, 0xc9}}}, 0x6)

[ 1182.484365][T21244] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:38:02 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001100), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000240)={0x50, r1, 0x221, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'dvmrp0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x50}}, 0x4080)

[ 1182.632765][T21241] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:38:02 executing program 4:
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={&(0x7f0000000040)="2b2395cc822e4adf10b6cffdb4c5c06eb8de472b643ebb4f93cf5c2c50010dbccb74f5341693c0bb6b2459a772308e157604921bb0532024ee28a8a875ed2f43b96672046144fc5f4bd46da50fa94d0e2599f8", 0x0, 0x0, 0x0, 0x0, 0x1}, 0x38)
r0 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r0, 0x84, 0x9, &(0x7f0000000000), 0x98)

02:38:02 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x3c, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWT_BPF_XMIT_HEADROOM={0x8}}, @NHA_ID={0x8, 0x6, 0x1}, @NHA_OIF={0x8, 0x5, r1}]}, 0x3c}}, 0x0)

02:38:02 executing program 3:
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x103)
renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x10c)

02:38:05 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000bc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095001500000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc41f06d25dfd73a015e0ca7fc2506a0f68a7d06d7535f7866907dc6751dfb265a0e3ccae669e173a64ae5638d2b7cc7996e35cce0b679c1cfd6587d452d46b7cc957d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe3e26e7a23129d6606fd28a69989d552af6200000003a000000000000008b119422000000fa541ce935b0f327cb3f011a7d06602e2fd5234712596b696418f163d1a13ed38ae89d24e1cebfba2f87925bfacba83109753f541cd027edd68149ee99ee9d6f7d6dd4aed4afe1f44ccb19e810879b70a70000000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbe43a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568660defb6670c3d62ad0a97aec773713a66b223fa8b148871c8d31d24291c25449f106b99893ed20fa7a059fbbef90327e827e513e9606800000000e89f9c85c822a96154d08806bc376e3e69ee52b59d13182e1f24ed200ada12f7a1525320e71666f472a97214d0b2874df30ed5eb1affb87ba55b2872078e9f40b4ae7dc3b2aeb0d11cd22c35d329c7da281d7540f19dff00ffffffff08000000e1ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb037965950000000000bc66f5d5c0a1634051bfbff088b0741c84c045b33092c8fb50fdb33bd0d6a3ff5a07c85f668d2300ceec5a0027ac5678375c502a78f8750b9b1c4cee0df4498f0aa54339c1fca0b07343e6e5ed571b4803c50210822c9bba0140b1b434f5f133c8fe3db9ee9eb849153c58d40b2132aaf74912a223557fd56a57ccdebc942fb856528f27192c421e62a918d549ac068e9b6cb2c18b67cad59942c7f3203fef4e86bbcb83f4403c378a3321"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
socket$netlink(0x10, 0x3, 0x7)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000023c000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = dup(0xffffffffffffffff)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000280)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@local}}, &(0x7f0000000380)=0xe8)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000003c0)={&(0x7f0000001200)={0x1784, 0x0, 0x2, 0x70bd29, 0x0, {0x1e}, [@typed={0x8, 0x6a, 0x0, 0x0, @u32=0x5}, @typed={0x8, 0x8e, 0x0, 0x0, @fd}, @typed={0xc, 0xe, 0x0, 0x0, @u64=0x6}, @typed={0xd, 0x25, 0x0, 0x0, @str='/dev/kvm\x00'}, @nested={0xc7, 0x75, 0x0, 0x1, [@generic="91884498314945c3ff34c7f2ee72207f2a226695593d565351204ccdfc35f920876de95357b8f3cbf4bbb1621eebef87d442ffe6e2a0e38057db3e79f0a7810a795746c2d77ea2e300000019cfcb7d1fba83dcda46d691f13e65305e286b1ef0b26f2ce7f204605e28c1591063a2e0d7e827bb10ed50b23d1aeed38736b2f99f77036c32949e313c44b69da12bc7843576f81fd368ffe0057be0440938e8885318cc7121c622878c2d51f7e3572f047fc124772e8f098f4ee3000000000000", @typed={0x4, 0x43}]}, @generic="b8d89ea483e78e071fb20dd766440abd4ac2cf4c1d0bdce6960064674f1532cfe098970c8a6185b1c669f5245867457868044f8f9b79c36e9110df6904983bc9df0aecc363c08d169882f4b3f594b181edfc8fb006b4a71c5a852abd25da67fbe9a0dc2037f4ec033b34b18c3ac84e7a177e3e08786567cecb36d63f8d98b565798f1652cb6f7d5dad94e7cf4c69e328326cae5173a8e347e606003a1cb7fb34b61bc50777eefc245e51b1fb22c06dea147c8b00"/192, @nested={0x15ba, 0x1d, 0x0, 0x1, [@generic="635ba0711a1c2ac4516e5fdcce81e39134f60ca045a07b68183fd471c7187682c2f5bacb8c93a035adbb646cc817eeba39ed6ab0f81db3ac215644a54b64c86bf41762311755537a3289d4cbaa77d34f78ea8d64f801a36b78e1cb12cb31958c771c593c37bd83d5c60a907639b2bc9fb12beb59fcff435ec7a603f4b5583dd4d8847e1cff814b324055f6d6a910b3495c3bfea6fdda368325b757f7184df14be803a13aca8ce5ffd42f8944d9827619a65cb69b03fb0c277bc1453a1b932c1d48a55656f72eb0c34dbe861d98ef1ffb36fa97f41121cb22b540352b368b672a64fdf8fdeace0bf684be8ebc98f27982e75a5d2139b5b9e61ae41763b21023e4197e4eb75d63a4be6a6da7b718aa8669f0eb91526ab9942d318402fa0e0ac69a2ed622d3257a177387eca7d451cc9456c7cc2da353e0ab6da7cf8187f4554443b11c449ab878ded7404fe54d349948eabbdc2c94f607fea5b2b0fd3f18e3437bc2b096e3b03b066a1211f8a97787b5c226b4cac77fd0df76f1fa87c9bbfcbc846ab40395fd58908385f572169d0084e25d45273ed5d720f0b527e4fef65b1e8bafa045bbf1c0aa829ee76d6ed0304fb382f7d3b6dbe797c1e56b2fedab2898a8e886f54ea88e5c91d8422a3a5f73fa7196b1aaa6e593a87432dfcf65879c885ac5150583b874c7585745c229df2b1f19ab51f988aef082b312de43b979bdcde17dd1fb394271aaa6e95518c8efecd8725f31fc8cbfd5c90c8c36a37ef7a5423ccf697ba8a53628118bde19e9c95a74a9c36143d0249823fabb6df2a80e6e84908b7de7f3aacacea892052033821615b12ec699d0564f273c91a8b552b9afb6ab465b4e46b120cc4f13118dcbc0fb747871ce51db842ba41faae782bfc1ed0977b8e07f575b1f068d31566750e0a9b6f672d564fbb2b005b1d9c99abe7a666b78f9c0763f94285253798af38f76c9ab97753c043ebc942c226369fa389f65bdc7cfdb330b735fbd5ecc76e169a068c849d4d3dff24decec2438dc36e0929c48d2f515cea92731c5e8c929b578763be6e495c3bb035deff8ec0fae3cdb76d077071c4c8cc31493ef57e39b221c3befd6733d346dff354e9826672f90335b1c0a2118b587f3bb709916ca12533c6e16a17836665e8cca7159dd51c00a4f743184d8a7bb5f2d9e308fa7b8492a8b9a88f06ceae89f21a863b1e98da969d343a6fb2e307c7df634fa0d91a93960cdfd4019a697d7aeb9ff454efdd4150c9bd68696a34f94a177569b9e2b0b52bbd48c5544d044e584d337068cad5db3dd5ba524ec6812b6701d7491884501be16cf57c250265525556d4692cd040377ca0b72b9446d480c20b57ac3ff3f345c1271bf5528e37b9aa3b3db53d5af59543f9c665dec32fed869dd4ade6f7119abf2d4e0177ea5181d54a38047217b10ae27abd394c69585db7fadc3077196d47c1c0c0cc683fafef00368abac55d5c21289ce45d398befa3283158d92e07168926aefa7558ea1d3c25b6c8764e4cbf69a77dad9f671668e3ce9160192c9b02314e9e97b944a302aa1430d1e20e4a286fc03a34867696e3de622e29353099b3fa57158c01c185a5f2c093dccfe069ac74db75772407ce80f128054ef2757d9dbedffd5f64a3059049264c60f79965a99fdfaca4310e6d04e2cd92e9e06af1eb37ee76072bad61b2eac87c66c9bcd19eeb611d07e0d6e9682a36c078d12e2e11690428a07e732b63c99e8a4e01ee2aa26b71bd45fc9cde0c4fbf1fed2e1e10705c0a420461d535e0863d31c8e4f90483bb4696d3a4c9078668f5ce8ccd39a9b06043d9d757f2c3cd2891a3c42ef2ad5ffceb5bc72ca8d53d532fb76c7680a224ca37c29370d1d6d92da24d00179b6184d9e72fd8bef2884b6a16b829d4d4daef4ab12ee15bfda072a493f4705f97ed95e60f060baf39b667db66458a10e78c73da9193e931edba7a3aae557302c7971cbcfd9cd75ca3e3010e720c5ad6514d1ac1b89256d13b9b34f6e9f4bc54805a899e63d73077b22d81564c003f79f214fa3c3889552347cd1b8ee4d82914fef3cc81c512a066de90697aba2bbc17a2c77534e830e1097b4066e305c6b4cdc10b6f6222c19119d8a814add103e3f7e49edfce18ba72aa39a11c649ce28045f8f3ebae31b494433856615798048ad169591075283c1308b72e59ebbfca37b9ad79e12d00fb057b9ec7448f33e94ff412e5e31124074119bae08ed78e5d6ca9d1764768b40e28623401b45fbb76faf70ebd0c3407253140a9541a10b45eccabec85e5c1c57e682dc555fe3aaf7034f778f53567b6dfc263ded9a56801f1004f7e33adac7785e122cddd5da26c072ea109de10435be8022036c11f36c53a72991310b6b24f6621cdf7a47f03984a0dd8ff829bd83d0b90751ab4d795871de24db41a84ca767d1fdbba2bab7dad0e1d59beb2ee2397511471fc84932a1e96fb9c714f4c40aa5f64e8d80c419ef854c93a4b5eba4f6f8236342f78f13afa420b8d6d8e3ebf6accfb71073e93ea0776c2fb47d42bca2438d041b4eb3129c3fede37b308347182202cf9f22f5890ac28ab65d7bee2e555b17978970290e31971fb2e1eb55154de69f3ede7c7203de76b8b8aba41d241bac87ffda82487e191845bf3fb926842daead9fa482fbd0fef311bf645acf629abacc65ae1828e9fde639f27a4d8f210b38e0c6b391c3cd51f7e6780f192fde56f1af6c2f9970affef6c1eca129eb7f77324a6f4b8723b35eeff1f4773f26b67d120c22f6e6a5912f818a995c695789ade48aada3b72803deb112ec9ca27e5165e6fbefd86245659c32010d4e0db6febc07eadc8550d930536696d4ce99c0104d30130a0741cf32b83b4a94994d4fd2e169ff9e861a0cf3d4b39bbfda257ca7748cfe0334e12cd78b2209bc1ff1455f0dcc4afbee21e65fb558016710f283d2cb26339983a59126e5760f66c61372115b6e6db5210abb071f70d79efccee837a1f41042d8f043bbd2077b1748e95f014065f0ba844097c1ff61c55c54d1c07907eede38128920b7cda26fab97026c9f724a11855223611b2891e67b21d97ea16180497b74bc7e3bb328c184907390bb1f3978d3ac4bde6b676ea632d871ed2cf2ca4754048c292ef84ab9afbdd59c420d6495e87756ca4f8832d00229afbfd3f7aa0ac89b3d0ea922eeb509d0d67c46cac4f827cdae3d6c250f1d11ab2f12ebbc3d29ed4897434584fa902806d905e506b04cf3854f3108b75818da8dc30ad3a29b715149d3936564b2d777018271240f4589baa6ef9807a86df7a5a74dd47fd41f146ac4375487482412c97b05b78e77c175c11a47be81ab310ab31cb2b7680a7ed2afadb11e6bab3f28ad77dfbadfe370ac20b6c12ee3333e3630958ba60144ce6a0c0838533401ec44418cd819d89c0abd7d5b07132b795859cc278531c1fb89e19bf67b3192b24743c76776efcb8801be28f8e7c05db26be16c28ae97ac67a6395255f5c9f884ad2de6ecfff61ada9f6aebd7005d2722090a1e098d3736fcd9c944019f3fc736c1254b4fb9d1ca0bd771be595e0b60a00967c52300b4d337793028c13d5d3c63e7fbbe3b97af891e06ac75756b4aa23475ef07682c9083f712d243d92ae0618942f27543e44db8b72c48140972d77217779f73197fd4d70a0a35621dec543539a97a45b35d4b9086bffb99ba9d68a7eedff9e1623c1505be8bcc7d02ea7a76bcf6c6a4006c8499d20a1d58cabaa4f21e47ff03d2f4872e6be274e102e299ba053cfb5521dbeab4ce8fc9582eef97088d0253543410aae5ffcfa34123ec2df8a189be20e099968d30683f03a6b182500289e53f964fae90c0984397183ba392642d83295687afd8115860be93edb6c8594a0981b7ad78fe08b9d87c75f8b72bca91b5a121762daa800e5f1b6762bb68581c3c4724ce5a334a5553e67ad899be89618ef738b3bcd30caf4ddc73a0a9c4aa091ad42f28c3a253655bb1029f9a42edee25addd046e9ee78dfa4a99a37a68945a441c2402b74463c1f4e352171bfa60cc806f4a96c69e9b033202105a587a4557bb2675c54908cdb0ad4430fde2eca27e07ffba67211bb50b7e51cc34f231cfd5d053670b3f2735435b662c5e1f08a5f5be008543189673f59d1ad09be94127fce2a2a3f55abfd3e2f98e8f8377df2d9fcbcf59eb9e22a67591be89e16dd82aab3ddbd39802a00c0218ecb4c41c2e902b375d1f502e91016db9fa59471ed7d09b5d18b4fd89f4a67b6569f6e621b8b59e8b965ad1851408c637338488233183235ddc265338283362a9569798f56eb09ce3a3be1399e234087d4bce3a354c296bceb6a6d05f24794602a2d13d982d71d7ef07d326429e41be5033b260c7bc4cf70c2f3a143b6b78b0d1fcead96bb02abaa694d5f6cdc21bd5804e425d78bb04c791a370fe69fe18cc2bf3406e96bb624115f6bd254e670f7a2622af7ba017629286702b4bea192d884f587bac967c73c24a1437b4c4f6537d5764d903d036804568d8805a1a22a0a857bb0625d023eba2429500ef86e17ecf7cb32bf82a65bf26802e0b6ff05dae73f294a8035829cef04f3e475731d4aa295be2a658b73b75902e0951a67e9974764ebbddf2012313cbf17ff39fb1578370d393588deeaebb08f3bfa704b685e4ac075a1fb181c4bb42433d76bde0689173654f0719e8f8f796db7af36ca45a7b78a0968672cd9a7aad94253e55a8717dda0495908806f1777b59a7b44b244b57193ac62b698b914d01982da568bebb79d8cc385fa542c3cc6601cb62302917176ebcfa27db1b021d92bfca572cd276ad65a99f93e93241c47d15451e80c7a2cd6b2c28c149be8d05873f63759aead1a628d2e9fcf6152ad7b8df6e17eff927b74861a97cf4fd300300b4b36e47f8b625d3ab68155e9f157ba6c8b85a4af854922b13adb10de5cde4c7263b962d8aa5692cc4bfc99b", @generic="1ce5b97e4fc2096864e237410e19f4690a4b1046400b0294add3aec9bdb6f8e07781eaed6e640fa54ccbcdd32890f0990786adde3c4a83ad3547171f09e953d8bdcc0747595a4abf248c6bf686ae849cd06dfee08cbaba43a925fafa7c844e6e0fbecdda4db0cbc69c865bc532713a7c36f61f292a1ec349ba09e547a02d7ab84b344f049315b16abcc049459ead9132", @generic="6f5a3319e322cfffeadcc039732a8aa269b381d876f88a23b1a528abf8ec1c603e45681ba76864badd1dfbb4a3d10ba37ea8cd86ecae07920354411d25aead9e12da699913f1633c8519475df2d3d56505bd64e8ddc16e6eae7f1daf1e79346cb2e920dc0e8a3997867cfe529e17a2037732268f0fe694f66319f98f6c861e7b582b8d345c896e842cbb91cc57fe6ec487d51932c672a9ffac5ce39067c053d47a0ed7dccab5ca29fcab15ee39bbd7325044796f023fd54dde4843c73825ad117be980cea024c87d397f8c07a1b65ca8c4563dbab154184486d27ec61ae3637657cc0f52bb823bc373c0d840da9b4734b499a5e9aea50a55d17134096fd253d62705452baa42623054ecdf0232d995d6eedcca042d3a73c8e83f58227f96900d149f303b258180c64faed0ab0186c3dd8c7e436a134a5b66cc65d93fdd72f7cde816acb0a47bce79ee3c89d1ca9bd04882dc237db367fe807be1fc7eca710e241589206913506754b75d64acabe8fdee9f716943d3dc1ef2f783ce82a1918ecef4d2082f7dee6500cc201f9fdbecf91a5c6839741387580d53d9a8021f44df6f65080b9bbcb6d374b878c748c69bdb99ed616c601dcb97227677041c0deb6b1e81333a5dac68066969c402c117fb2e16765e21c1dcb91831878590d247adb8f15598040678684cf9bc07bd6c357ff309c32399e27b4b73d5caf96db67c251ef469fbb0c5f397f8e3139d797c62ca1d12fab4713cb159c7ff00c1ebc08eec94d87f13d6c580b189e1d8a70c33702f6156aa9afaf66e96bcfdfd45cdf9d61f4a0c9796638b0b40c413b201b5ded2f3236289a960f24f520c01a0c2ae1d8e88a040a3b6f507a08266e85c3c1b70a8551377d7976196619e7418fadf085c99c8483b33078c11ab3796fc10f2377253ad340c77c159f4dd848069550e3d444d898a0bf5c6014c6677c3de269b379ad5f4a9e52ccaf1e95c2b2582f3d527e6c1fa088e830d3e7aea57621e9e74c9a234afeee351a8c34a43415f6a8363546e473676864104937d4b4a3e44ed1851e7d1b6713fc66fcbcb782168f9569f97242d88536d179aff649846757081e0e7a77154576f39e26bb205c8e5d72b5665b2a210dc98fc7b8211607ad6007e8dc88c76eb94592ebdcd881999f60fb3566d2617d3a5b923b9edb578aa5a2fbdd585a8951d53fea53d7f113016969585e70a25b026c94a68ced40a35b28360ed80c5e0f7235e8e1d6dba2241134b4e28b55e9a063963281608d38717e264c3c7ca8b0ae35ca5d4ba76729f5b079e6361e93114e44b7b1c222372fd6facfe6fa5dee008e01ed20de71944b5b465f73fc02319010ce319bf6e4c330439c480dcdf5881d3cebfe8a7ffec50125609495aa26df76b33c27ee2b559d74038a8412b8aa302305a4051d3ef7a79a605a357921d951a702bb125d748d20a88824c9520711ee85ebf092240cf84fb1d303068ebe785fcf492dd72d9a2733f181b0b324e9c2d177dadd12652f71d3d5fcb78ac5e860e5f103a2edceaf133c345f16693b31770c3a2a50adc69dcbd9c6801ec7f25292b8b02cdb411bcfa550273a929f9aa33ff636defcd39c4ffd90a8563fcb18421d84154cd8bfbdea1f4333bd4caf523f534e8ceca688f0ec311fe411ed4df610895c461292d683d6a1e017ee01f1b506417c7040708ad04c68216c2507cad9f3153fb6e90815e75c3dd21e5381a4e547bdb93c257205af057d0e295a2addd7abce8b41a9b17fb1caf8cfdfc49ed055a4cd9df4b1967cff5a40e4eb5c5b912963ac8e750b9e44b479af1c7df1dc8817e2d5530f065d59651a139bb67b3a7ce89f59904a959c897a54e0efee574934f0660b12831a381c1c38165bd82597a75b5b2f19b5eb4245868578a9b88aa09bd9976d7f531c6ac6ea359bcfe3b665960e953af95f02bf978f404db2235ae765c010510d2fd5624234a9f6508083b8f01240099b1067dcb66353f81ea6bff3afd3011ea65b73f61e4299b6f7c4cd4cbdaa979635a00a27021b3c8b0c777eb78039d378e3d5a7f7d2b0e7aea30329477b5a1376e3c772bd15316d39a8d4b74d3dd9b20f634f391ef0f7be37e0062f983697609da7599fcba4971f82a57fa780770a54547f2987741ecb592212c5804e85067437eedc4979484f118170cbd61c428b7741ad0c86e8bf13360dfa67b45150741a146573cd37e94049ed53ef52c3383aee1776cd269416f97929f2055eebeedf174581c5bf42164761d58a6f52b9ba60058b421f69f05f847e3d031a02b029bdb2e914821e3eb84b67663448188fc7ad1073b0d54f94d3a4878fff9526516624486020565dbc9fdc6bede7d24136ddd9d5218165ed7a41e5d527de0b5e3ab98833f71fba0e61c4cd65c5fb46eb3687ef11a3c06000a7fd9fd706418c8636b9d2dc8c3910a0e903926647d5dd95b8d21e8a09bdc2b45649552efde20f0482658ff73614a017e8dcdb16f16b9d52deea65faaf2a940018bc80c82f76b75ce5869793b0aa91bc5df7e57d394a00d781f38b57e0a83f5cc45984a742ed95d390f645a0b70896149cd01b51182c5de969369831d3409ae5d2e6febd5816be0a20aad3f96969207ea655d1e24909b6a43f4183aca54a335c2c31608856b0e6caf3d32e0c84005dbdaeb4d", @typed={0x8, 0x6c, 0x0, 0x0, @fd}]}]}, 0x1784}, 0x1, 0x0, 0x0, 0x8000}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f000023c000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r6=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_clone3(&(0x7f0000000400)={0x1c0004000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

02:38:05 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x26, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:38:05 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
r1 = dup(r0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0)
r3 = dup(r1)
sendfile(r2, r3, 0x0, 0x8000b)

02:38:05 executing program 3:
clock_settime(0x0, &(0x7f0000000000)={0x0, 0xffffffff7ffffffc})

02:38:05 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a8ffad}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x5}]}}}]}, 0x3c}}, 0x0)

[ 1185.822718][T21266] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1185.913240][T21267] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:38:05 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
r1 = dup(r0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0)
r3 = dup(r1)
sendfile(r2, r3, 0x0, 0x8000b)

[ 1186.051652][T21267] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
02:38:06 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
r1 = dup(r0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0)
r3 = dup(r1)
sendfile(r2, r3, 0x0, 0x8000b)

02:38:06 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
r1 = dup(r0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0)
r3 = dup(r1)
sendfile(r2, r3, 0x0, 0x8000b)

[ 1187.273272][    C0] net_ratelimit: 10004 callbacks suppressed
[ 1187.273292][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1187.291899][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1187.304615][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1187.317347][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1187.330037][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1187.342738][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1187.355644][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1187.368345][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1187.381052][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1187.393713][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1192.283259][    C0] net_ratelimit: 8073 callbacks suppressed
[ 1192.283279][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1192.301797][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1192.314484][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1192.327206][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1192.339955][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1192.352650][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1192.365358][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1192.378095][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1192.390762][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1192.403465][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1197.293220][    C0] net_ratelimit: 7870 callbacks suppressed
[ 1197.293243][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1197.311728][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1197.324391][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1197.337044][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1197.349715][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1197.362362][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1197.375039][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1197.387728][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1197.400405][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1197.413118][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1202.303028][    C0] net_ratelimit: 8028 callbacks suppressed
[ 1202.303048][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1202.321548][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1202.334258][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1202.346961][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1202.359622][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1202.372290][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1202.384947][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1202.397619][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1202.410493][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1202.423233][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1207.313119][    C0] net_ratelimit: 8060 callbacks suppressed
[ 1207.313142][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1207.331653][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1207.344354][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1207.357234][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1207.369922][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1207.382640][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1207.395398][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1207.408064][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1207.420780][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1207.433468][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1212.323108][    C0] net_ratelimit: 7926 callbacks suppressed
[ 1212.323128][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1212.341642][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1212.354307][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1212.366968][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1212.379659][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1212.392308][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1212.404959][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1212.417716][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1212.430348][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1212.443265][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1217.333294][    C0] net_ratelimit: 7991 callbacks suppressed
[ 1217.333316][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1217.351828][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1217.364658][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1217.377367][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1217.390000][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1217.402636][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1217.415310][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1217.427918][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1217.440637][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1217.453331][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1222.343135][    C0] net_ratelimit: 7893 callbacks suppressed
[ 1222.343156][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1222.361560][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1222.374189][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1222.386843][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1222.399419][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1222.412004][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1222.424613][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1222.437483][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1222.450103][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1222.462684][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1227.353510][    C0] net_ratelimit: 7976 callbacks suppressed
[ 1227.353531][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1227.372175][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1227.384841][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1227.397460][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1227.410054][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1227.422650][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1227.435247][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1227.447871][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1227.460482][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1227.473085][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1232.363204][    C0] net_ratelimit: 7961 callbacks suppressed
[ 1232.363226][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1232.381648][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1232.394318][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1232.406946][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1232.419553][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1232.432138][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1232.445076][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1232.457670][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1232.470254][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1232.482876][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1237.372968][    C0] net_ratelimit: 7823 callbacks suppressed
[ 1237.372988][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1237.391479][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1237.404114][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1237.416780][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1237.429468][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1237.442088][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1237.454770][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1237.467703][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1237.480356][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1237.493013][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
02:38:57 executing program 5:
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, <r2=>0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000200)={r1, r2, r3, 0x0, 0x0, 0x0, 0xffffff7f})

02:38:57 executing program 4:
syz_usb_connect$cdc_ncm(0x0, 0x176, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x164, 0x2, 0x1, 0x0, 0x90, 0x3, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xa, 0x24, 0x6, 0x0, 0x1, "f0b6c71a37"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x200, 0x1000, 0xfff, 0x4}, {0x6, 0x24, 0x1a, 0x101, 0x1}, [@call_mgmt={0x5, 0x24, 0x1, 0x2}, @mdlm={0x15, 0x24, 0x12, 0x6134}, @mbim_extended={0x8, 0x24, 0x1c, 0x1, 0xff, 0x8001}, @network_terminal={0x7, 0x24, 0xa, 0x4, 0x9a, 0x0, 0xc0}, @mdlm_detail={0xd3, 0x24, 0x13, 0x1c, "f141d4ccc42e33cf2e27fe3363361086483b361ca6cba2a857e956c58d7289eb34076c708b68b2179e633c20bb2cda9e4af4ba5db4109ef46b9051176ddbad4cba492eaae74f99c8e3b6747822fc6c8e2f92e3a2245e673655d0112d092df595a3c974f72533e5d03e3e7b649b79ac49a0baa8b8ce1f4247961776e40315d10bfc8a007fc8189a344eef83d0fb1d45198fb7730722c622e8e61dd1d0d906058a1ac9bf3e9e678337e88bdd702612b025010c380594a346dac02699100c01487c50af54d5b692ca4eb01b5de441c62c"}, @dmm={0x7, 0x24, 0x14, 0x101, 0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x248, 0x1, 0x7, 0x7f}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x0, 0xcf, 0x6, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x5, 0x8, 0x77}}}}}}}]}}, &(0x7f0000000300)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x201, 0x0, 0xb2, 0x1, 0x8, 0x7}, 0x5, &(0x7f00000001c0)={0x5, 0xf, 0x5}, 0x1, [{0xc7, &(0x7f0000000200)=@string={0xc7, 0x3, "0e7cf6013ff7b48ed55aad5f288dbff698f7ff585456a0549e48fbb7ea96533e4512de8a5ac44e743863f02fba79693f41e6fde79caeca64cb1d010866e5ed82d2801044f15f8bb6a79e796804ef3fb04ceccbed9c140ac44505ba126f667dbc14672283d915cfe0705a640d9ad2ebc6feb90edda67d6045b7e2c8cc3e2154cb36aec62bf8f4f77c194a268625210e611cb05277e03f02c007f5e41a8d3c32b0bfe40931976b1eef1cc4c1c64e6657064af1bcc83ccfeb3a15df1c3608c20d09d9550410fe"}}]})
getsockopt$MRT(0xffffffffffffffff, 0x0, 0x4f67a3d5c3e5c8a, &(0x7f0000000340), &(0x7f0000000380)=0x4)
sendmsg$DEVLINK_CMD_TRAP_SET(0xffffffffffffffff, 0x0, 0x0)

02:38:57 executing program 2:
r0 = syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000040))

[ 1237.953137][ T3516] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[ 1238.193146][ T3516] usb 5-1: Using ep0 maxpacket: 8
[ 1238.313376][ T3516] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1238.342481][ T3516] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[ 1238.406238][ T3516] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8
[ 1238.623991][ T3516] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1238.647606][ T3516] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1238.695001][ T3516] usb 5-1: Product: syz
[ 1238.724230][ T3516] usb 5-1: Manufacturer: syz
[ 1238.750307][ T3516] usb 5-1: SerialNumber: syz
[ 1239.063593][ T1232] ieee802154 phy0 wpan0: encryption failed: -22
[ 1239.069926][ T1232] ieee802154 phy1 wpan1: encryption failed: -22
[ 1239.083157][ T3516] cdc_ncm 5-1:1.0: bind() failure
[ 1239.116359][ T3516] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[ 1239.174286][ T3516] cdc_ncm 5-1:1.1: bind() failure
[ 1239.231148][ T3516] usb 5-1: USB disconnect, device number 42
02:38:59 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x54, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x54}}, 0x0)

02:39:00 executing program 0:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000140)='ns/ipc\x00')
setns(r0, 0x0)

02:39:00 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x28, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

02:39:00 executing program 4:
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000980))

02:39:00 executing program 3:
r0 = syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
r2 = syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000340)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000280)={0x0, 0x2, r1, r4, 0x0, 0x0, 0x0, 0x81, {0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "f580385a451abb07cf79cb5e61532625d58b4759d5b536263c354a4bc975ebc9"}})

02:39:00 executing program 4:
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x1, @broadcast, 'vcan0\x00'}}, 0x1e)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x1, @broadcast, 'macvlan1\x00'}}, 0x1e)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x1, @broadcast, 'macvlan1\x00'}}, 0x1e)
connect$pppoe(r2, &(0x7f00000000c0)={0x18, 0x0, {0x0, @multicast, 'dummy0\x00'}}, 0x1e)
connect$pppoe(r1, &(0x7f00000000c0)={0x18, 0x0, {0x0, @multicast, 'batadv_slave_0\x00'}}, 0x1e)

02:39:01 executing program 4:
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x1, @broadcast, 'vcan0\x00'}}, 0x1e)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x1, @broadcast, 'macvlan1\x00'}}, 0x1e)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x1, @broadcast, 'macvlan1\x00'}}, 0x1e)
connect$pppoe(r2, &(0x7f00000000c0)={0x18, 0x0, {0x0, @multicast, 'dummy0\x00'}}, 0x1e)
connect$pppoe(r1, &(0x7f00000000c0)={0x18, 0x0, {0x0, @multicast, 'batadv_slave_0\x00'}}, 0x1e)

[ 1241.560013][ T5065] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1241.569494][ T5066] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1241.578161][ T5065] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1241.586171][ T5066] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[ 1241.593938][ T5065] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
02:39:01 executing program 4:
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x1, @broadcast, 'vcan0\x00'}}, 0x1e)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x1, @broadcast, 'macvlan1\x00'}}, 0x1e)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x1, @broadcast, 'macvlan1\x00'}}, 0x1e)
connect$pppoe(r2, &(0x7f00000000c0)={0x18, 0x0, {0x0, @multicast, 'dummy0\x00'}}, 0x1e)
connect$pppoe(r1, &(0x7f00000000c0)={0x18, 0x0, {0x0, @multicast, 'batadv_slave_0\x00'}}, 0x1e)

02:39:01 executing program 4:
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x1, @broadcast, 'vcan0\x00'}}, 0x1e)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x1, @broadcast, 'macvlan1\x00'}}, 0x1e)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x1, @broadcast, 'macvlan1\x00'}}, 0x1e)
connect$pppoe(r2, &(0x7f00000000c0)={0x18, 0x0, {0x0, @multicast, 'dummy0\x00'}}, 0x1e)
connect$pppoe(r1, &(0x7f00000000c0)={0x18, 0x0, {0x0, @multicast, 'batadv_slave_0\x00'}}, 0x1e)

[ 1242.343521][ T5063] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 1242.353145][ T5063] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 1242.361854][ T5066] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 1242.370083][ T5063] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[ 1242.377861][ T5066] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 1242.385076][    C0] net_ratelimit: 8294 callbacks suppressed
[ 1242.385092][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1242.385873][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1242.415555][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1242.428214][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1242.440847][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1242.453483][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1242.465974][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1242.478562][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1242.491079][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1242.503689][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1243.474297][ T5065] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[ 1243.482657][ T5065] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[ 1243.496175][ T5066] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[ 1243.504790][ T5066] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3
[ 1243.512054][ T5066] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[ 1243.663123][T21312] Bluetooth: hci6: command 0x0409 tx timeout
[ 1244.463183][T21312] Bluetooth: hci7: command 0x0409 tx timeout
[ 1244.576282][ T5065] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[ 1244.586274][ T5066] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[ 1244.595869][ T5065] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[ 1244.604411][ T5065] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3
[ 1244.611823][ T5065] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[ 1244.683923][T21312] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[ 1244.692379][T21312] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[ 1244.704459][ T5065] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[ 1244.712212][ T5065] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3
[ 1244.723457][T21312] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[ 1245.583450][T21312] Bluetooth: hci8: command 0x0409 tx timeout
[ 1245.743126][T21312] Bluetooth: hci6: command 0x041b tx timeout
[ 1246.543123][T21312] Bluetooth: hci7: command 0x041b tx timeout
[ 1246.703982][T21312] Bluetooth: hci9: command 0x0409 tx timeout
[ 1246.784674][T21312] Bluetooth: hci10: command 0x0409 tx timeout
[ 1247.393292][    C0] net_ratelimit: 7969 callbacks suppressed
[ 1247.393314][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1247.411825][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1247.424442][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1247.437108][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1247.449727][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1247.462332][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1247.474933][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1247.487551][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1247.500119][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1247.514519][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1247.663382][T21312] Bluetooth: hci8: command 0x041b tx timeout
[ 1247.823073][T21312] Bluetooth: hci6: command 0x040f tx timeout
[ 1248.623977][T21312] Bluetooth: hci7: command 0x040f tx timeout
[ 1248.783152][T21312] Bluetooth: hci9: command 0x041b tx timeout
[ 1248.863296][T21312] Bluetooth: hci10: command 0x041b tx timeout
[ 1249.743207][T21312] Bluetooth: hci8: command 0x040f tx timeout
[ 1249.903161][T21312] Bluetooth: hci6: command 0x0419 tx timeout
[ 1250.703267][T21312] Bluetooth: hci7: command 0x0419 tx timeout
[ 1250.864055][T21312] Bluetooth: hci9: command 0x040f tx timeout
[ 1250.943128][T21312] Bluetooth: hci10: command 0x040f tx timeout
[ 1251.823065][T21312] Bluetooth: hci8: command 0x0419 tx timeout
[ 1252.403224][    C0] net_ratelimit: 7971 callbacks suppressed
[ 1252.403244][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1252.421825][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1252.434465][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1252.447111][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1252.459754][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1252.472338][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1252.484963][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1252.497585][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1252.510191][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1252.522827][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1252.944655][T21312] Bluetooth: hci9: command 0x0419 tx timeout
[ 1253.023152][T21312] Bluetooth: hci10: command 0x0419 tx timeout
[ 1257.413351][    C0] net_ratelimit: 7917 callbacks suppressed
[ 1257.413372][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1257.431850][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1257.444600][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1257.457666][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1257.470316][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1257.483008][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1257.495816][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1257.508477][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1257.521114][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1257.533747][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1261.583135][ T5066] Bluetooth: hci1: command 0x0406 tx timeout
[ 1262.423112][    C0] net_ratelimit: 7905 callbacks suppressed
[ 1262.423132][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1262.441541][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1262.454185][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1262.466821][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1262.479416][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1262.492006][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1262.504582][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1262.517195][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1262.529872][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1262.542448][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1267.433232][    C0] net_ratelimit: 7922 callbacks suppressed
[ 1267.433252][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1267.451747][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1267.464402][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1267.477068][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1267.489765][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1267.502431][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1267.515162][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1267.527847][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1267.540810][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1267.553552][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1272.443462][    C0] net_ratelimit: 8043 callbacks suppressed
[ 1272.443483][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1272.461883][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1272.474526][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1272.487153][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1272.499782][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1272.512381][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1272.525064][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1272.537692][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1272.550330][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1272.562994][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1277.453152][    C0] net_ratelimit: 7991 callbacks suppressed
[ 1277.453173][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1277.471684][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1277.484402][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1277.497034][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1277.509655][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1277.522309][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1277.535037][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1277.547670][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1277.560384][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1277.573060][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1282.463444][    C0] net_ratelimit: 8013 callbacks suppressed
[ 1282.463466][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1282.481896][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1282.494556][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1282.507196][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1282.519848][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1282.532469][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1282.545100][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1282.557720][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1282.570307][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1282.583084][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1287.473494][    C0] net_ratelimit: 9083 callbacks suppressed
[ 1287.473516][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1287.491717][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1287.504381][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1287.516794][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1287.529502][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1287.541905][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1287.554587][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1287.566973][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1287.579686][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1287.592046][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1292.482999][    C0] net_ratelimit: 10532 callbacks suppressed
[ 1292.483020][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1292.501351][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1292.514028][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1292.526410][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1292.538989][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1292.551475][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1292.564112][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1292.576487][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1292.589176][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1292.601542][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1297.493047][    C0] net_ratelimit: 10702 callbacks suppressed
[ 1297.493067][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1297.511702][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1297.524562][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1297.536887][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1297.549552][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1297.561868][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1297.574589][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1297.586939][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1297.599600][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1297.611921][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1300.471014][ T1232] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.477541][ T1232] ieee802154 phy1 wpan1: encryption failed: -22
[ 1302.503506][    C0] net_ratelimit: 10648 callbacks suppressed
[ 1302.503528][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1302.521820][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1302.534504][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1302.546876][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1302.559658][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1302.572081][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1302.584805][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1302.597131][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1302.610323][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1302.622729][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1307.512906][    C0] net_ratelimit: 10705 callbacks suppressed
[ 1307.512925][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1307.531524][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1307.543844][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1307.556495][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1307.568793][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1307.581385][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1307.593658][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1307.606287][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1307.618614][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1307.631253][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1308.108425][T21312] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[ 1308.117944][ T5065] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[ 1308.127375][T21312] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[ 1308.135221][ T5065] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3
[ 1308.142596][ T5065] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[ 1309.032027][ T5066] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[ 1309.040823][ T5065] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[ 1309.049932][ T5066] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[ 1309.058951][ T5065] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3
[ 1309.068275][ T5066] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[ 1310.224150][T21312] Bluetooth: hci11: command 0x0409 tx timeout
[ 1310.542034][ T5065] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[ 1310.551315][ T5066] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[ 1310.560260][ T5065] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[ 1310.569218][ T5066] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3
[ 1310.578010][ T5065] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[ 1311.103332][T21312] Bluetooth: hci12: command 0x0409 tx timeout
[ 1311.543515][ T5066] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9
[ 1311.552346][ T5066] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9
[ 1311.561703][ T5065] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4
[ 1311.570019][ T5065] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3
[ 1311.578019][ T5066] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2
[ 1311.663248][T21312] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9
[ 1311.671669][T21312] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9
[ 1311.681112][ T5065] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4
[ 1311.688812][ T5065] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3
[ 1311.697083][T21312] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2
[ 1312.303264][ T5066] Bluetooth: hci11: command 0x041b tx timeout
[ 1312.522914][    C0] net_ratelimit: 10755 callbacks suppressed
[ 1312.522934][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1312.541136][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1312.553916][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1312.566213][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1312.578831][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1312.591264][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1312.603886][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1312.616283][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1312.623219][ T5066] Bluetooth: hci13: command 0x0409 tx timeout
[ 1312.628805][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1312.646950][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1313.183108][ T5066] Bluetooth: hci12: command 0x041b tx timeout
[ 1313.663186][ T5066] Bluetooth: hci14: command 0x0409 tx timeout
[ 1313.743111][ T5066] Bluetooth: hci15: command 0x0409 tx timeout
[ 1314.383140][ T5066] Bluetooth: hci11: command 0x040f tx timeout
[ 1314.703056][ T5066] Bluetooth: hci13: command 0x041b tx timeout
[ 1315.263050][ T5066] Bluetooth: hci12: command 0x040f tx timeout
[ 1315.743091][ T5066] Bluetooth: hci14: command 0x041b tx timeout
[ 1315.823409][ T5066] Bluetooth: hci15: command 0x041b tx timeout
[ 1316.464015][ T5065] Bluetooth: hci11: command 0x0419 tx timeout
[ 1316.783295][ T5066] Bluetooth: hci13: command 0x040f tx timeout
[ 1317.343155][ T5066] Bluetooth: hci12: command 0x0419 tx timeout
[ 1317.533286][    C0] net_ratelimit: 10526 callbacks suppressed
[ 1317.533315][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1317.551626][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1317.564281][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1317.576787][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1317.589446][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1317.601787][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1317.614484][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1317.626850][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1317.639554][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1317.652271][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1317.823057][ T5066] Bluetooth: hci14: command 0x040f tx timeout
[ 1317.903313][ T5066] Bluetooth: hci15: command 0x040f tx timeout
[ 1318.863206][ T5066] Bluetooth: hci13: command 0x0419 tx timeout
[ 1319.903125][ T5066] Bluetooth: hci14: command 0x0419 tx timeout
[ 1319.983123][ T5066] Bluetooth: hci15: command 0x0419 tx timeout
[ 1322.543062][    C0] net_ratelimit: 10527 callbacks suppressed
[ 1322.543083][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1322.561677][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1322.574045][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1322.586819][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1322.599179][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1322.611860][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1322.624188][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1322.636838][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1322.649165][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1322.661852][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1327.552891][    C0] net_ratelimit: 10630 callbacks suppressed
[ 1327.552910][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1327.571407][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1327.583732][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1327.596307][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1327.608584][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1327.621221][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1327.633546][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1327.646269][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1327.658600][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1327.671542][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1327.983305][   T28] INFO: task kworker/u4:6:2880 blocked for more than 143 seconds.
[ 1327.991174][   T28]       Not tainted 6.5.0-rc2-syzkaller-00184-g57f1f9dd3abe #0
[ 1328.025847][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1328.065527][   T28] task:kworker/u4:6    state:D stack:24880 pid:2880  ppid:2      flags:0x00004000
[ 1328.095624][   T28] Workqueue: netns cleanup_net
[ 1328.100467][   T28] Call Trace:
[ 1328.126623][   T28]  <TASK>
[ 1328.129616][   T28]  __schedule+0xee1/0x59f0
[ 1328.154501][   T28]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 1328.160561][   T28]  ? kasan_save_stack+0x10/0x50
[ 1328.197812][   T28]  ? ____kasan_slab_free+0x15e/0x1b0
[ 1328.211734][   T28]  ? ops_exit_list+0xb0/0x170
[ 1328.235914][   T28]  ? cleanup_net+0x505/0xb20
[ 1328.240573][   T28]  ? io_schedule_timeout+0x150/0x150
[ 1328.269698][   T28]  ? __mutex_lock+0x962/0x1340
[ 1328.295018][   T28]  ? kthread_data+0x53/0xc0
[ 1328.299588][   T28]  schedule+0xe7/0x1b0
[ 1328.317704][   T28]  schedule_preempt_disabled+0x13/0x20
[ 1328.336346][   T28]  __mutex_lock+0x967/0x1340
[ 1328.341000][   T28]  ? cangw_pernet_exit_batch+0x15/0xa0
[ 1328.377271][   T28]  ? mutex_lock_io_nested+0x11a0/0x11a0
[ 1328.407965][   T28]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1328.426039][   T28]  ? ops_exit_list+0xb0/0x170
[ 1328.430799][   T28]  ? cgw_remove_all_jobs+0x350/0x350
[ 1328.466524][   T28]  ? cangw_pernet_exit_batch+0x15/0xa0
[ 1328.472066][   T28]  ? rtnl_lock+0x9/0x20
[ 1328.503836][   T28]  cangw_pernet_exit_batch+0x15/0xa0
[ 1328.509197][   T28]  ? cgw_remove_all_jobs+0x350/0x350
[ 1328.541150][   T28]  ops_exit_list+0x125/0x170
[ 1328.555655][   T28]  cleanup_net+0x505/0xb20
[ 1328.560142][   T28]  ? unregister_pernet_device+0x80/0x80
[ 1328.592754][   T28]  ? spin_bug+0x1d0/0x1d0
[ 1328.609420][   T28]  process_one_work+0xaa2/0x16f0
[ 1328.632605][   T28]  ? ieee80211_run_deferred_scan+0x340/0x340
[ 1328.659718][   T28]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 1328.675137][   T28]  ? spin_bug+0x1d0/0x1d0
[ 1328.679550][   T28]  worker_thread+0x687/0x1110
[ 1328.709154][   T28]  ? __kthread_parkme+0x152/0x220
[ 1328.730042][   T28]  ? process_one_work+0x16f0/0x16f0
[ 1328.747859][   T28]  kthread+0x33a/0x430
[ 1328.751994][   T28]  ? kthread_complete_and_exit+0x40/0x40
[ 1328.794065][   T28]  ret_from_fork+0x2c/0x70
[ 1328.818598][   T28]  ? kthread_complete_and_exit+0x40/0x40
[ 1328.841521][   T28]  ret_from_fork_asm+0x11/0x20
[ 1328.864952][   T28] RIP: 0000:0x0
[ 1328.875745][   T28] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 1328.903904][   T28] RSP: 0000:0000000000000000 EFLAGS: 00000000 ORIG_RAX: 0000000000000000
[ 1328.912639][   T28] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 1328.962363][   T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1328.994342][   T28] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1329.025073][   T28] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 1329.054239][   T28] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1329.062294][   T28]  </TASK>
[ 1329.098406][   T28] INFO: task syz-executor.5:21252 blocked for more than 144 seconds.
[ 1329.134237][   T28]       Not tainted 6.5.0-rc2-syzkaller-00184-g57f1f9dd3abe #0
[ 1329.141832][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1329.190701][   T28] task:syz-executor.5  state:D stack:26880 pid:21252 ppid:6255   flags:0x20000006
[ 1329.225907][   T28] Call Trace:
[ 1329.229239][   T28]  <TASK>
[ 1329.232190][   T28]  __schedule+0xee1/0x59f0
[ 1329.285364][   T28]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 1329.291547][   T28]  ? io_schedule_timeout+0x150/0x150
[ 1329.324075][   T28]  ? __mutex_lock+0x962/0x1340
[ 1329.328925][   T28]  schedule+0xe7/0x1b0
[ 1329.356033][   T28]  schedule_preempt_disabled+0x13/0x20
[ 1329.361564][   T28]  __mutex_lock+0x967/0x1340
[ 1329.390295][   T28]  ? nl80211_new_interface+0xa6/0x1070
[ 1329.410522][   T28]  ? preempt_count_sub+0x150/0x150
[ 1329.440211][   T28]  ? mutex_lock_io_nested+0x11a0/0x11a0
[ 1329.463062][   T28]  ? trace_contention_end+0xd6/0x100
[ 1329.468425][   T28]  ? __mutex_lock+0x25b/0x1340
[ 1329.497996][   T28]  ? mutex_is_locked+0x12/0x40
[ 1329.502840][   T28]  ? nl80211_new_interface+0xa6/0x1070
[ 1329.521467][   T28]  nl80211_new_interface+0xa6/0x1070
[ 1329.558342][   T28]  ? __cfg80211_wdev_from_attrs+0x710/0x710
[ 1329.577876][   T28]  ? nl80211_get_interface+0x230/0x230
[ 1329.600128][   T28]  ? nl80211_pre_doit+0x1b0/0xb00
[ 1329.623470][   T28]  genl_family_rcv_msg_doit.isra.0+0x1ef/0x2d0
[ 1329.629723][   T28]  ? genl_start+0x650/0x650
[ 1329.658042][   T28]  ? ns_capable+0xd5/0x110
[ 1329.662548][   T28]  genl_rcv_msg+0x559/0x800
[ 1329.692303][   T28]  ? genl_family_rcv_msg_doit.isra.0+0x2d0/0x2d0
[ 1329.719442][   T28]  ? nl80211_post_doit+0x2f0/0x2f0
[ 1329.734987][   T28]  ? nl80211_get_interface+0x230/0x230
[ 1329.740522][   T28]  ? nl80211_parse_sta_wme+0x3d0/0x3d0
[ 1329.780623][   T28]  netlink_rcv_skb+0x16b/0x440
[ 1329.802946][   T28]  ? genl_family_rcv_msg_doit.isra.0+0x2d0/0x2d0
[ 1329.809361][   T28]  ? netlink_ack+0x1370/0x1370
[ 1329.845116][   T28]  ? down_write+0x200/0x200
[ 1329.849697][   T28]  ? netlink_deliver_tap+0x1b1/0xd00
[ 1329.877875][   T28]  genl_rcv+0x28/0x40
[ 1329.881930][   T28]  netlink_unicast+0x539/0x800
[ 1329.911768][   T28]  ? netlink_attachskb+0x880/0x880
[ 1329.935048][   T28]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1329.941015][   T28]  ? __phys_addr_symbol+0x30/0x70
[ 1329.972778][   T28]  ? __check_object_size+0x323/0x740
[ 1329.998990][   T28]  netlink_sendmsg+0x93c/0xe30
[ 1330.011603][   T28]  ? netlink_unicast+0x800/0x800
[ 1330.042808][   T28]  ? __might_fault+0xe5/0x190
[ 1330.048004][   T28]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1330.067609][   T28]  ? netlink_unicast+0x800/0x800
[ 1330.072612][   T28]  sock_sendmsg+0xd9/0x180
[ 1330.102576][   T28]  ____sys_sendmsg+0x6ac/0x940
[ 1330.125346][   T28]  ? kernel_sendmsg+0x50/0x50
[ 1330.130100][   T28]  ? get_compat_msghdr+0x11b/0x170
[ 1330.159236][   T28]  ___sys_sendmsg+0x135/0x1d0
[ 1330.174998][   T28]  ? do_recvmmsg+0x740/0x740
[ 1330.179693][   T28]  ? __fget_light+0xe6/0x260
[ 1330.215647][   T28]  __sys_sendmsg+0x117/0x1e0
[ 1330.220307][   T28]  ? __sys_sendmsg_sock+0x30/0x30
[ 1330.248742][   T28]  ? xfd_validate_state+0x5d/0x180
[ 1330.265753][   T28]  __do_fast_syscall_32+0x61/0xe0
[ 1330.270844][   T28]  do_fast_syscall_32+0x33/0x70
[ 1330.307412][   T28]  entry_SYSENTER_compat_after_hwframe+0x70/0x82
[ 1330.332011][   T28] RIP: 0023:0xf7f91579
[ 1330.344083][   T28] RSP: 002b:00000000f7f8c5ac EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[ 1330.352556][   T28] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200011c0
[ 1330.403757][   T28] RDX: 0000000000004080 RSI: 0000000000000000 RDI: 0000000000000000
[ 1330.411789][   T28] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1330.473455][   T28] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1330.481484][   T28] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1330.532671][   T28]  </TASK>
[ 1330.547083][   T28] INFO: task syz-executor.2:21257 blocked for more than 145 seconds.
[ 1330.580074][   T28]       Not tainted 6.5.0-rc2-syzkaller-00184-g57f1f9dd3abe #0
[ 1330.606941][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1330.642560][   T28] task:syz-executor.2  state:D stack:27920 pid:21257 ppid:5068   flags:0x20000006
[ 1330.677373][   T28] Call Trace:
[ 1330.680719][   T28]  <TASK>
[ 1330.712665][   T28]  __schedule+0xee1/0x59f0
[ 1330.728770][   T28]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 1330.756996][   T28]  ? io_schedule_timeout+0x150/0x150
[ 1330.762364][   T28]  ? __mutex_lock+0x962/0x1340
[ 1330.792108][   T28]  schedule+0xe7/0x1b0
[ 1330.804177][   T28]  schedule_preempt_disabled+0x13/0x20
[ 1330.809711][   T28]  __mutex_lock+0x967/0x1340
[ 1330.845359][   T28]  ? rtnetlink_rcv_msg+0x3e2/0xd30
[ 1330.850553][   T28]  ? mutex_lock_io_nested+0x11a0/0x11a0
[ 1330.885071][   T28]  ? rtnetlink_rcv_msg+0x3b2/0xd30
[ 1330.890277][   T28]  ? rtnetlink_rcv_msg+0x3e2/0xd30
[ 1330.925038][   T28]  rtnetlink_rcv_msg+0x3e2/0xd30
[ 1330.930053][   T28]  ? rtnl_getlink+0xb40/0xb40
[ 1330.959831][   T28]  ? netdev_core_pick_tx+0x390/0x390
[ 1330.985579][   T28]  netlink_rcv_skb+0x16b/0x440
[ 1330.990420][   T28]  ? rtnl_getlink+0xb40/0xb40
[ 1331.017754][   T28]  ? netlink_ack+0x1370/0x1370
[ 1331.022628][   T28]  ? netlink_deliver_tap+0x1b1/0xd00
[ 1331.051292][   T28]  netlink_unicast+0x539/0x800
[ 1331.074890][   T28]  ? netlink_attachskb+0x880/0x880
[ 1331.080080][   T28]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1331.112179][   T28]  ? __phys_addr_symbol+0x30/0x70
[ 1331.135352][   T28]  ? __check_object_size+0x323/0x740
[ 1331.145958][   T28]  netlink_sendmsg+0x93c/0xe30
[ 1331.162125][   T28]  ? netlink_unicast+0x800/0x800
[ 1331.181155][   T28]  ? __might_fault+0xe5/0x190
[ 1331.204749][   T28]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1331.210374][   T28]  ? netlink_unicast+0x800/0x800
[ 1331.247349][   T28]  sock_sendmsg+0xd9/0x180
[ 1331.258328][   T28]  ____sys_sendmsg+0x6ac/0x940
[ 1331.277348][   T28]  ? kernel_sendmsg+0x50/0x50
[ 1331.282100][   T28]  ? get_compat_msghdr+0x11b/0x170
[ 1331.314481][   T28]  ___sys_sendmsg+0x135/0x1d0
[ 1331.319234][   T28]  ? do_recvmmsg+0x740/0x740
[ 1331.355817][   T28]  ? __fget_light+0xe6/0x260
[ 1331.360494][   T28]  __sys_sendmsg+0x117/0x1e0
[ 1331.385056][   T28]  ? __sys_sendmsg_sock+0x30/0x30
[ 1331.390157][   T28]  ? xfd_validate_state+0x5d/0x180
[ 1331.420788][   T28]  __do_fast_syscall_32+0x61/0xe0
[ 1331.439104][   T28]  do_fast_syscall_32+0x33/0x70
[ 1331.460093][   T28]  entry_SYSENTER_compat_after_hwframe+0x70/0x82
[ 1331.486872][   T28] RIP: 0023:0xf7f2c579
[ 1331.490996][   T28] RSP: 002b:00000000f7f275ac EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[ 1331.538217][   T28] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000080
[ 1331.564974][   T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1331.596185][   T28] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1331.632991][   T28] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[ 1331.641019][   T28] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1331.685021][   T28]  </TASK>
[ 1331.697008][   T28] 
[ 1331.697008][   T28] Showing all locks held in the system:
[ 1331.735018][   T28] 1 lock held by rcu_tasks_kthre/13:
[ 1331.740357][   T28]  #0: ffffffff8c9a5830 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x2c/0xe20
[ 1331.790316][   T28] 1 lock held by rcu_tasks_trace/14:
[ 1331.831414][   T28]  #0: ffffffff8c9a5530 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x2c/0xe20
[ 1331.872993][   T28] 1 lock held by khungtaskd/28:
[ 1331.877893][   T28]  #0: ffffffff8c9a6440 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x340
[ 1331.927634][   T28] 4 locks held by kworker/0:2/917:
[ 1331.932816][   T28] 4 locks held by kworker/u4:6/2880:
[ 1331.963219][   T28]  #0: ffff888014667938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x96a/0x16f0
[ 1332.003042][   T28]  #1: ffffc9000d16fd80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x99e/0x16f0
[ 1332.038663][   T28]  #2: ffffffff8e3ca2d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9f/0xb20
[ 1332.074165][   T28]  #3: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: cangw_pernet_exit_batch+0x15/0xa0
[ 1332.113672][   T28] 3 locks held by kworker/1:2/3516:
[ 1332.118923][   T28]  #0: ffff88814a27cd38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x96a/0x16f0
[ 1332.172266][   T28]  #1: ffffc9000ec1fd80 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x99e/0x16f0
[ 1332.225923][   T28]  #2: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x12/0x30
[ 1332.256825][   T28] 2 locks held by getty/4777:
[ 1332.261549][   T28]  #0: ffff88802d0b8098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[ 1332.310909][   T28]  #1: ffffc900015902f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfcb/0x1480
[ 1332.347467][   T28] 4 locks held by kworker/0:4/5115:
[ 1332.352718][   T28] 3 locks held by kworker/0:12/7594:
[ 1332.385665][   T28]  #0: ffff888012871d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x96a/0x16f0
[ 1332.433651][   T28]  #1: ffffc90016487d80 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x99e/0x16f0
[ 1332.475854][   T28]  #2: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x7d/0x1060
[ 1332.511130][   T28] 3 locks held by kworker/u4:8/8083:
[ 1332.535904][   T28] 4 locks held by kworker/0:13/13165:
[ 1332.541332][   T28] 4 locks held by kworker/0:15/13169:
[ 1332.563399][    C0] net_ratelimit: 10867 callbacks suppressed
[ 1332.563419][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1332.579472][   T28] 3 locks held by kworker/0:16/13170:
[ 1332.581659][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1332.599314][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1332.608688][   T28]  #0: ffff888012870d38 (
[ 1332.611637][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1332.616632][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1332.640340][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1332.653000][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1332.665325][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1332.667606][   T28] (wq_completion)events
[ 1332.677951][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1332.694431][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[ 1332.723026][   T28] ){+.+.}-{0:0}, at: process_one_work+0x96a/0x16f0
[ 1332.729607][   T28]  #1: ffffc90005107d80 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x99e/0x16f0
[ 1332.776966][   T28]  #2: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20
[ 1332.823275][   T28] 2 locks held by kworker/u4:2/16810:
[ 1332.828709][   T28] 3 locks held by kworker/0:0/21162:
[ 1332.859776][   T28]  #0: ffff88814a27cd38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x96a/0x16f0
[ 1332.905038][   T28]  #1: ffffc9000d14fd80 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x99e/0x16f0
[ 1332.948824][   T28]  #2: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x12/0x30
[ 1332.985451][   T28] 4 locks held by kworker/0:1/21233:
[ 1332.990792][   T28] 3 locks held by syz-executor.5/21252:
[ 1333.027448][   T28]  #0: ffffffff8e478ff0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[ 1333.058252][   T28]  #1: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0xb4/0xb00
[ 1333.095808][   T28]  #2: ffff888076ab8768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: nl80211_new_interface+0xa6/0x1070
[ 1333.130886][   T28] 1 lock held by syz-executor.2/21257:
[ 1333.153249][   T28]  #0: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e2/0xd30
[ 1333.162745][   T28] 2 locks held by syz-executor.1/21264:
[ 1333.208483][   T28]  #0: ffffffff8e478ff0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[ 1333.238473][   T28]  #1: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0xb4/0xb00
[ 1333.274212][   T28] 2 locks held by syz-executor.1/21266:
[ 1333.279816][   T28]  #0: ffffffff8e478ff0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[ 1333.326188][   T28]  #1: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0xb4/0xb00
[ 1333.365412][   T28] 2 locks held by syz-executor.0/21279:
[ 1333.371007][   T28]  #0: ffffffff8e3ca2d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2d5/0x670
[ 1333.424193][   T28]  #1: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x136/0x230
[ 1333.455808][   T28] 1 lock held by syz-executor.3/21273:
[ 1333.461325][   T28]  #0: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e2/0xd30
[ 1333.509121][   T28] 3 locks held by kworker/0:5/21284:
[ 1333.530585][   T28] 2 locks held by syz-executor.5/21303:
[ 1333.557217][   T28]  #0: ffffffff8e3ca2d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2d5/0x670
[ 1333.593174][   T28]  #1: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x136/0x230
[ 1333.634805][   T28] 2 locks held by syz-executor.2/21309:
[ 1333.640404][   T28]  #0: ffffffff8e3ca2d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2d5/0x670
[ 1333.683768][   T28]  #1: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x136/0x230
[ 1333.725659][   T28] 2 locks held by syz-executor.0/21315:
[ 1333.731262][   T28]  #0: ffffffff8e3ca2d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2d5/0x670
[ 1333.773937][   T28]  #1: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x136/0x230
[ 1333.812370][   T28] 2 locks held by syz-executor.3/21317:
[ 1333.837503][   T28]  #0: ffffffff8e3ca2d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2d5/0x670
[ 1333.868780][   T28]  #1: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x136/0x230
[ 1333.903219][   T28] 2 locks held by syz-executor.1/21319:
[ 1333.908819][   T28]  #0: ffffffff8e3ca2d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2d5/0x670
[ 1333.959405][   T28]  #1: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x136/0x230
[ 1333.995226][   T28] 2 locks held by syz-executor.5/21336:
[ 1334.000827][   T28]  #0: ffffffff8e3ca2d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2d5/0x670
[ 1334.051525][   T28]  #1: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x136/0x230
[ 1334.087816][   T28] 2 locks held by syz-executor.2/21339:
[ 1334.107181][   T28]  #0: ffffffff8e3ca2d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2d5/0x670
[ 1334.140320][   T28]  #1: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x136/0x230
[ 1334.176900][   T28] 2 locks held by syz-executor.0/21344:
[ 1334.182500][   T28]  #0: ffffffff8e3ca2d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2d5/0x670
[ 1334.235437][   T28]  #1: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x136/0x230
[ 1334.270218][   T28] 2 locks held by syz-executor.1/21346:
[ 1334.295868][   T28]  #0: ffffffff8e3ca2d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2d5/0x670
[ 1334.333924][   T28]  #1: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x136/0x230
[ 1334.359510][   T28] 2 locks held by syz-executor.3/21348:
[ 1334.381751][   T28]  #0: ffffffff8e3ca2d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2d5/0x670
[ 1334.424061][   T28]  #1: ffffffff8e3df2a8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x136/0x230
[ 1334.460469][   T28] 
[ 1334.462841][   T28] =============================================
[ 1334.462841][   T28] 
[ 1334.478087][   T28] NMI backtrace for cpu 1
[ 1334.482450][   T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.5.0-rc2-syzkaller-00184-g57f1f9dd3abe #0
[ 1334.492276][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 1334.502352][   T28] Call Trace:
[ 1334.505641][   T28]  <TASK>
[ 1334.508584][   T28]  dump_stack_lvl+0xd9/0x1b0
[ 1334.513202][   T28]  nmi_cpu_backtrace+0x277/0x380
[ 1334.518305][   T28]  ? lapic_can_unplug_cpu+0xa0/0xa0
[ 1334.523535][   T28]  nmi_trigger_cpumask_backtrace+0x2ac/0x310
[ 1334.529554][   T28]  watchdog+0xf29/0x11b0
[ 1334.533838][   T28]  ? proc_dohung_task_timeout_secs+0x90/0x90
[ 1334.539858][   T28]  ? proc_dohung_task_timeout_secs+0x90/0x90
[ 1334.545871][   T28]  kthread+0x33a/0x430
[ 1334.549959][   T28]  ? kthread_complete_and_exit+0x40/0x40
[ 1334.555616][   T28]  ret_from_fork+0x2c/0x70
[ 1334.560068][   T28]  ? kthread_complete_and_exit+0x40/0x40
[ 1334.565719][   T28]  ret_from_fork_asm+0x11/0x20
[ 1334.570507][   T28] RIP: 0000:0x0
[ 1334.573985][   T28] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 1334.581358][   T28] RSP: 0000:0000000000000000 EFLAGS: 00000000 ORIG_RAX: 0000000000000000
[ 1334.589790][   T28] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 1334.597779][   T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1334.605767][   T28] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1334.613752][   T28] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 1334.621736][   T28] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1334.629737][   T28]  </TASK>
[ 1334.633710][   T28] Sending NMI from CPU 1 to CPUs 0:
[ 1334.638950][    C0] NMI backtrace for cpu 0
[ 1334.638961][    C0] CPU: 0 PID: 21284 Comm: kworker/0:5 Not tainted 6.5.0-rc2-syzkaller-00184-g57f1f9dd3abe #0
[ 1334.638984][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 1334.638998][    C0] Workqueue: events nsim_dev_trap_report_work
[ 1334.639099][    C0] RIP: 0010:unwind_next_frame+0x19/0x2020
[ 1334.639134][    C0] Code: e8 cc 7c a0 00 e9 3a ff ff ff 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 b8 00 00 00 00 00 fc ff df 48 89 fa 41 57 48 c1 ea 03 41 56 <41> 55 49 89 fd 41 54 55 53 48 83 ec 38 0f b6 04 02 84 c0 74 08 3c
[ 1334.639155][    C0] RSP: 0018:ffffc90000006820 EFLAGS: 00000a02
[ 1334.639170][    C0] RAX: dffffc0000000000 RBX: ffffc90000006838 RCX: 0000000000000000
[ 1334.639184][    C0] RDX: 1ffff92000000d07 RSI: ffffffff8a35c6c8 RDI: ffffc90000006838
[ 1334.639198][    C0] RBP: ffffc900000068c8 R08: ffffc9000000686c R09: ffffffff8fb4afd8
[ 1334.639213][    C0] R10: ffffc90000006838 R11: 0000000000072945 R12: ffffffff817445d0
[ 1334.639228][    C0] R13: ffffc900000068f8 R14: 0000000000000000 R15: ffff888028121dc0
[ 1334.639242][    C0] FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 1334.639263][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1334.639278][    C0] CR2: 0000000020015018 CR3: 000000000c776000 CR4: 00000000003506f0
[ 1334.639291][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1334.639303][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1334.639316][    C0] Call Trace:
[ 1334.639322][    C0]  <NMI>
[ 1334.639329][    C0]  ? nmi_cpu_backtrace+0x1d4/0x380
[ 1334.639361][    C0]  ? unwind_next_frame+0x19/0x2020
[ 1334.639391][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x10
[ 1334.639419][    C0]  ? nmi_handle+0x145/0x400
[ 1334.639444][    C0]  ? irqentry_nmi_enter+0x7f/0x90
[ 1334.639468][    C0]  ? unwind_next_frame+0x19/0x2020
[ 1334.639498][    C0]  ? default_do_nmi+0x69/0x160
[ 1334.639520][    C0]  ? exc_nmi+0x171/0x1e0
[ 1334.639540][    C0]  ? end_repeat_nmi+0x16/0x31
[ 1334.639568][    C0]  ? write_profile+0x450/0x450
[ 1334.639597][    C0]  ? __do_softirq+0x218/0x965
[ 1334.639647][    C0]  ? unwind_next_frame+0x19/0x2020
[ 1334.639678][    C0]  ? unwind_next_frame+0x19/0x2020
[ 1334.639708][    C0]  ? unwind_next_frame+0x19/0x2020
[ 1334.639738][    C0]  </NMI>
[ 1334.639744][    C0]  <IRQ>
[ 1334.639750][    C0]  arch_stack_walk+0x8b/0xf0
[ 1334.639772][    C0]  ? __do_softirq+0x218/0x965
[ 1334.639802][    C0]  ? kmem_cache_free+0xf0/0x490
[ 1334.639826][    C0]  stack_trace_save+0x96/0xd0
[ 1334.639852][    C0]  ? filter_irq_stacks+0x90/0x90
[ 1334.639881][    C0]  kasan_save_stack+0x33/0x50
[ 1334.639905][    C0]  ? kasan_save_stack+0x33/0x50
[ 1334.639929][    C0]  ? kasan_set_track+0x25/0x30
[ 1334.639952][    C0]  ? kasan_save_free_info+0x2b/0x40
[ 1334.639979][    C0]  ? ____kasan_slab_free+0x15e/0x1b0
[ 1334.640003][    C0]  ? slab_free_freelist_hook+0x10b/0x1e0
[ 1334.640024][    C0]  ? kmem_cache_free+0xf0/0x490
[ 1334.640046][    C0]  ? __skb_ext_put+0x129/0x2e0
[ 1334.640070][    C0]  ? __skb_ext_del+0xf3/0x360
[ 1334.640092][    C0]  ? br_nf_dev_queue_xmit+0x6ea/0x1d80
[ 1334.640159][    C0]  ? br_nf_post_routing+0xb60/0x15c0
[ 1334.640188][    C0]  ? nf_hook_slow+0xbf/0x1e0
[ 1334.640231][    C0]  ? br_forward_finish+0x266/0x480
[ 1334.640259][    C0]  ? br_nf_hook_thresh+0x2ff/0x410
[ 1334.640287][    C0]  ? br_nf_forward_finish+0x431/0xa70
[ 1334.640316][    C0]  ? br_nf_forward_ip+0xf6c/0x1760
[ 1334.640345][    C0]  ? nf_hook_slow+0xbf/0x1e0
[ 1334.640372][    C0]  ? __br_forward+0x2d9/0x900
[ 1334.640393][    C0]  ? maybe_deliver+0x354/0x450
[ 1334.640414][    C0]  ? br_flood+0x17e/0x640
[ 1334.640435][    C0]  ? br_handle_frame_finish+0xfcb/0x1dd0
[ 1334.640459][    C0]  ? br_nf_hook_thresh+0x2ff/0x410
[ 1334.640488][    C0]  ? br_nf_pre_routing_finish_ipv6+0x683/0xf20
[ 1334.640518][    C0]  ? br_nf_pre_routing_ipv6+0x41b/0x850
[ 1334.640556][    C0]  ? br_nf_pre_routing+0x8d8/0x1950
[ 1334.640585][    C0]  ? br_handle_frame+0x9da/0x16d0
[ 1334.640608][    C0]  ? __netif_receive_skb_core.constprop.0+0xa78/0x3df0
[ 1334.640632][    C0]  ? __netif_receive_skb_one_core+0xaf/0x180
[ 1334.640654][    C0]  ? __netif_receive_skb+0x1f/0x1b0
[ 1334.640675][    C0]  ? process_backlog+0x101/0x6c0
[ 1334.640695][    C0]  ? __napi_poll.constprop.0+0xb4/0x530
[ 1334.640716][    C0]  ? net_rx_action+0x956/0xe90
[ 1334.640736][    C0]  ? __do_softirq+0x218/0x965
[ 1334.640776][    C0]  kasan_set_track+0x25/0x30
[ 1334.640800][    C0]  kasan_save_free_info+0x2b/0x40
[ 1334.640828][    C0]  ____kasan_slab_free+0x15e/0x1b0
[ 1334.640854][    C0]  slab_free_freelist_hook+0x10b/0x1e0
[ 1334.640878][    C0]  ? __skb_ext_put+0x129/0x2e0
[ 1334.640900][    C0]  kmem_cache_free+0xf0/0x490
[ 1334.640923][    C0]  ? lock_acquire+0x1ae/0x510
[ 1334.640949][    C0]  ? nf_nat_ipv6_fn+0x107/0x2e0
[ 1334.641000][    C0]  __skb_ext_put+0x129/0x2e0
[ 1334.641025][    C0]  __skb_ext_del+0xf3/0x360
[ 1334.641049][    C0]  br_nf_dev_queue_xmit+0x6ea/0x1d80
[ 1334.641081][    C0]  ? br_nf_pre_routing_finish_bridge+0x9b0/0x9b0
[ 1334.641113][    C0]  ? nf_hook_slow+0xf0/0x1e0
[ 1334.641143][    C0]  br_nf_post_routing+0xb60/0x15c0
[ 1334.641174][    C0]  ? br_nf_dev_queue_xmit+0x1d80/0x1d80
[ 1334.641206][    C0]  ? br_nf_pre_routing_finish_bridge+0x9b0/0x9b0
[ 1334.641240][    C0]  ? br_nf_dev_queue_xmit+0x1d80/0x1d80
[ 1334.641271][    C0]  nf_hook_slow+0xbf/0x1e0
[ 1334.641300][    C0]  br_forward_finish+0x266/0x480
[ 1334.641324][    C0]  ? br_dev_queue_push_xmit+0x7b0/0x7b0
[ 1334.641347][    C0]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 1334.641375][    C0]  ? br_fdb_offloaded_set+0xd0/0xd0
[ 1334.641399][    C0]  ? nf_hook_slow+0xf0/0x1e0
[ 1334.641429][    C0]  br_nf_hook_thresh+0x2ff/0x410
[ 1334.641459][    C0]  ? br_dev_queue_push_xmit+0x7b0/0x7b0
[ 1334.641484][    C0]  ? setup_pre_routing+0x480/0x480
[ 1334.641513][    C0]  ? reacquire_held_locks+0x4b0/0x4b0
[ 1334.641538][    C0]  ? find_held_lock+0x2d/0x110
[ 1334.641565][    C0]  ? br_dev_queue_push_xmit+0x7b0/0x7b0
[ 1334.641593][    C0]  br_nf_forward_finish+0x431/0xa70
[ 1334.641622][    C0]  ? br_dev_queue_push_xmit+0x7b0/0x7b0
[ 1334.641648][    C0]  br_nf_forward_ip+0xf6c/0x1760
[ 1334.641679][    C0]  ? br_nf_forward_finish+0xa70/0xa70
[ 1334.641711][    C0]  ? br_nf_pre_routing+0x1950/0x1950
[ 1334.641744][    C0]  ? br_nf_forward_finish+0xa70/0xa70
[ 1334.641773][    C0]  nf_hook_slow+0xbf/0x1e0
[ 1334.641803][    C0]  __br_forward+0x2d9/0x900
[ 1334.641826][    C0]  ? br_forward_finish+0x480/0x480
[ 1334.641851][    C0]  ? br_dev_queue_push_xmit+0x7b0/0x7b0
[ 1334.641874][    C0]  ? __skb_clone+0x570/0x760
[ 1334.641901][    C0]  maybe_deliver+0x354/0x450
[ 1334.641925][    C0]  br_flood+0x17e/0x640
[ 1334.641951][    C0]  br_handle_frame_finish+0xfcb/0x1dd0
[ 1334.641979][    C0]  ? br_handle_local_finish+0x20/0x20
[ 1334.642007][    C0]  ? nf_conntrack_icmpv6_packet+0x4b0/0x4b0
[ 1334.642047][    C0]  ? ip6t_do_table+0xcfa/0x1d20
[ 1334.642087][    C0]  ? __local_bh_enable_ip+0xa4/0x120
[ 1334.642108][    C0]  ? ip6t_do_table+0xd40/0x1d20
[ 1334.642130][    C0]  ? __do_replace+0x9c0/0x9c0
[ 1334.642151][    C0]  ? nf_hook_slow+0xf0/0x1e0
[ 1334.642180][    C0]  br_nf_hook_thresh+0x2ff/0x410
[ 1334.642210][    C0]  ? br_handle_local_finish+0x20/0x20
[ 1334.642237][    C0]  ? setup_pre_routing+0x480/0x480
[ 1334.642267][    C0]  ? br_handle_local_finish+0x20/0x20
[ 1334.642293][    C0]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1334.642322][    C0]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1334.642352][    C0]  br_nf_pre_routing_finish_ipv6+0x683/0xf20
[ 1334.642383][    C0]  ? br_handle_local_finish+0x20/0x20
[ 1334.642411][    C0]  br_nf_pre_routing_ipv6+0x41b/0x850
[ 1334.642442][    C0]  ? br_validate_ipv6+0x730/0x730
[ 1334.642471][    C0]  ? reacquire_held_locks+0x4b0/0x4b0
[ 1334.642498][    C0]  ? br_nf_forward_arp+0x10a0/0x10a0
[ 1334.642532][    C0]  br_nf_pre_routing+0x8d8/0x1950
[ 1334.642568][    C0]  ? br_nf_pre_routing_finish+0x1c20/0x1c20
[ 1334.642599][    C0]  ? compat_copy_ebt_replace_from_user+0x420/0x420
[ 1334.642628][    C0]  br_handle_frame+0x9da/0x16d0
[ 1334.642655][    C0]  ? br_handle_frame_finish+0x1dd0/0x1dd0
[ 1334.642682][    C0]  ? br_handle_local_finish+0x20/0x20
[ 1334.642706][    C0]  ? kfree_skbmem+0xef/0x1b0
[ 1334.642731][    C0]  ? br_handle_frame_finish+0x1dd0/0x1dd0
[ 1334.642756][    C0]  __netif_receive_skb_core.constprop.0+0xa78/0x3df0
[ 1334.642781][    C0]  ? __lock_acquire+0xc8f/0x5de0
[ 1334.642808][    C0]  ? do_xdp_generic+0x770/0x770
[ 1334.642830][    C0]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 1334.642859][    C0]  ? ip6_rcv_core+0x1e20/0x1e20
[ 1334.642912][    C0]  ? print_usage_bug.part.0+0x670/0x670
[ 1334.642944][    C0]  ? __netif_receive_skb_one_core+0xaf/0x180
[ 1334.642968][    C0]  __netif_receive_skb_one_core+0xaf/0x180
[ 1334.642988][    C0]  ? __netif_receive_skb_list_core+0x8a0/0x8a0
[ 1334.643010][    C0]  ? process_backlog+0x119/0x6c0
[ 1334.643032][    C0]  ? reacquire_held_locks+0x4b0/0x4b0
[ 1334.643059][    C0]  ? mark_held_locks+0x9f/0xe0
[ 1334.643085][    C0]  __netif_receive_skb+0x1f/0x1b0
[ 1334.643107][    C0]  process_backlog+0x101/0x6c0
[ 1334.643132][    C0]  __napi_poll.constprop.0+0xb4/0x530
[ 1334.643156][    C0]  net_rx_action+0x956/0xe90
[ 1334.643178][    C0]  ? call_timer_fn+0x580/0x580
[ 1334.643203][    C0]  ? __napi_poll.constprop.0+0x530/0x530
[ 1334.643225][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x70
[ 1334.643259][    C0]  ? mark_held_locks+0x9f/0xe0
[ 1334.643286][    C0]  __do_softirq+0x218/0x965
[ 1334.643317][    C0]  ? __lock_text_end+0x5/0x5
[ 1334.643346][    C0]  ? nsim_dev_trap_report_work+0x86a/0xc70
[ 1334.643372][    C0]  do_softirq+0xaa/0xe0
[ 1334.643390][    C0]  </IRQ>
[ 1334.643396][    C0]  <TASK>
[ 1334.643402][    C0]  __local_bh_enable_ip+0xf8/0x120
[ 1334.643423][    C0]  nsim_dev_trap_report_work+0x86a/0xc70
[ 1334.643455][    C0]  process_one_work+0xaa2/0x16f0
[ 1334.643482][    C0]  ? wg_packet_rx_poll+0x2140/0x2140
[ 1334.643545][    C0]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 1334.643576][    C0]  ? spin_bug+0x1d0/0x1d0
[ 1334.643605][    C0]  worker_thread+0x687/0x1110
[ 1334.643635][    C0]  ? process_one_work+0x16f0/0x16f0
[ 1334.643658][    C0]  kthread+0x33a/0x430
[ 1334.643678][    C0]  ? kthread_complete_and_exit+0x40/0x40
[ 1334.643701][    C0]  ret_from_fork+0x2c/0x70
[ 1334.643722][    C0]  ? kthread_complete_and_exit+0x40/0x40
[ 1334.643745][    C0]  ret_from_fork_asm+0x11/0x20
[ 1334.643771][    C0] RIP: 0000:0x0
[ 1334.643789][    C0] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 1334.643798][    C0] RSP: 0000:0000000000000000 EFLAGS: 00000000 ORIG_RAX: 0000000000000000
[ 1334.643816][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 1334.643828][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1334.643840][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1334.643852][    C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 1334.643865][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1334.643884][    C0]  </TASK>
[ 1336.230085][   T28] Kernel panic - not syncing: hung_task: blocked tasks
[ 1336.236980][   T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.5.0-rc2-syzkaller-00184-g57f1f9dd3abe #0
[ 1336.246807][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 1336.256875][   T28] Call Trace:
[ 1336.260167][   T28]  <TASK>
[ 1336.263112][   T28]  dump_stack_lvl+0xd9/0x1b0
[ 1336.267723][   T28]  panic+0x6a4/0x750
[ 1336.271637][   T28]  ? panic_smp_self_stop+0xa0/0xa0
[ 1336.276785][   T28]  ? lapic_can_unplug_cpu+0xa0/0xa0
[ 1336.282007][   T28]  ? preempt_schedule_thunk+0x1a/0x30
[ 1336.287416][   T28]  ? watchdog+0xce1/0x11b0
[ 1336.291865][   T28]  watchdog+0xcf2/0x11b0
[ 1336.296139][   T28]  ? proc_dohung_task_timeout_secs+0x90/0x90
[ 1336.302151][   T28]  ? proc_dohung_task_timeout_secs+0x90/0x90
[ 1336.308160][   T28]  kthread+0x33a/0x430
[ 1336.312248][   T28]  ? kthread_complete_and_exit+0x40/0x40
[ 1336.317901][   T28]  ret_from_fork+0x2c/0x70
[ 1336.322335][   T28]  ? kthread_complete_and_exit+0x40/0x40
[ 1336.327984][   T28]  ret_from_fork_asm+0x11/0x20
[ 1336.332794][   T28] RIP: 0000:0x0
[ 1336.336273][   T28] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 1336.343647][   T28] RSP: 0000:0000000000000000 EFLAGS: 00000000 ORIG_RAX: 0000000000000000
[ 1336.352076][   T28] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 1336.360058][   T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1336.368128][   T28] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1336.376110][   T28] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 1336.384093][   T28] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1336.392094][   T28]  </TASK>
[ 1336.395308][   T28] Kernel Offset: disabled
[ 1336.399623][   T28] Rebooting in 86400 seconds..