={0x8, 0x3a, 0x800}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x1d80}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xfd}]}, 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x20018000) (async)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x300, 0x70bd28, 0x25dfdbfb, {{}, {@void, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x80}]]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4040011) (async)

14:16:25 executing program 4:
syz_open_dev$media(0x0, 0x0, 0x4040)

14:16:25 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:26 executing program 4:
syz_open_dev$media(0x0, 0x0, 0x4040)

14:16:26 executing program 3:
syz_open_dev$media(0x0, 0xffffffffffffffd5, 0x0)

14:16:26 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:26 executing program 4:
syz_open_dev$media(0x0, 0x0, 0x4040)

14:16:26 executing program 3:
syz_open_dev$media(0x0, 0xffffffffffffffd5, 0x0)

14:16:26 executing program 4:
syz_open_dev$media(&(0x7f00000000c0), 0x0, 0x0)

14:16:26 executing program 3:
syz_open_dev$media(&(0x7f00000000c0), 0x0, 0x0)

14:16:26 executing program 0:
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000e00)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x24, r1, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r4, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xcbace7137d9b09a}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x58, r5, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x3e}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x59}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x22}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x29}]}, 0x58}, 0x1, 0x0, 0x0, 0x40050}, 0x20040010)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', <r6=>0x0})
sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x68, r1, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x6}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x68}, 0x1, 0x0, 0x0, 0xc040}, 0x4)

14:16:26 executing program 4:
syz_open_dev$media(&(0x7f00000000c0), 0x0, 0x0)

14:16:26 executing program 3:
syz_open_dev$media(&(0x7f00000000c0), 0x0, 0x0)

14:16:26 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:26 executing program 4:
syz_open_dev$media(&(0x7f00000000c0), 0x0, 0x0)

14:16:26 executing program 3:
syz_open_dev$media(&(0x7f00000000c0), 0x0, 0x0)

14:16:26 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:26 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:26 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:26 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:26 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:26 executing program 0:
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000e00)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x24, r1, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r4, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xcbace7137d9b09a}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x58, r5, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x3e}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x59}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x22}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x29}]}, 0x58}, 0x1, 0x0, 0x0, 0x40050}, 0x20040010)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', <r6=>0x0})
sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x68, r1, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x6}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x68}, 0x1, 0x0, 0x0, 0xc040}, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000e00)) (async)
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x24, r1, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}}, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0) (async)
sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r4, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xcbace7137d9b09a}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x58, r5, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x3e}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x59}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x22}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x29}]}, 0x58}, 0x1, 0x0, 0x0, 0x40050}, 0x20040010) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00'}) (async)
sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x68, r1, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x6}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x68}, 0x1, 0x0, 0x0, 0xc040}, 0x4) (async)

14:16:27 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:27 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:27 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:27 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:27 executing program 0:
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000e00)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x24, r1, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}}, 0x0) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r4, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xcbace7137d9b09a}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x58, r5, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x3e}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x59}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x22}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x29}]}, 0x58}, 0x1, 0x0, 0x0, 0x40050}, 0x20040010) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', <r6=>0x0})
sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x68, r1, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x6}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x68}, 0x1, 0x0, 0x0, 0xc040}, 0x4)

14:16:27 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)

14:16:27 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:27 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)

14:16:27 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000f00)={&(0x7f0000000dc0), 0xc, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x30, r1, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local}]}, 0x30}}, 0x0)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000040)={@remote, @remote, <r3=>0x0}, &(0x7f0000000080)=0xc)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xe070}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x814}, 0x48891)
sendmsg$NL80211_CMD_GET_WOWLAN(r0, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, 0x0, 0x100, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void, @void}}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4080}, 0x8154)
sendmsg$NL80211_CMD_LEAVE_MESH(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, 0x0, 0x1, 0x70bd27, 0x25dfdbfb, {{}, {@void, @void}}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000000}, 0x50)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0)

14:16:27 executing program 4:
gettid()
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)

14:16:28 executing program 4:
gettid()
syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)

14:16:28 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000f00)={&(0x7f0000000dc0), 0xc, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x30, r1, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local}]}, 0x30}}, 0x0) (async, rerun: 64)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000040)={@remote, @remote, <r3=>0x0}, &(0x7f0000000080)=0xc) (rerun: 64)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xe070}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x814}, 0x48891)
sendmsg$NL80211_CMD_GET_WOWLAN(r0, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, 0x0, 0x100, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void, @void}}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4080}, 0x8154) (async)
sendmsg$NL80211_CMD_LEAVE_MESH(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, 0x0, 0x1, 0x70bd27, 0x25dfdbfb, {{}, {@void, @void}}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000000}, 0x50)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0)

14:16:28 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:28 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:28 executing program 4:
syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)

14:16:28 executing program 2:
gettid()
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)

14:16:28 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000f00)={&(0x7f0000000dc0), 0xc, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x30, r1, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local}]}, 0x30}}, 0x0) (async)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000040)={@remote, @remote, <r3=>0x0}, &(0x7f0000000080)=0xc)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xe070}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x814}, 0x48891) (async)
sendmsg$NL80211_CMD_GET_WOWLAN(r0, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, 0x0, 0x100, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void, @void}}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4080}, 0x8154) (async)
sendmsg$NL80211_CMD_LEAVE_MESH(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, 0x0, 0x1, 0x70bd27, 0x25dfdbfb, {{}, {@void, @void}}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000000}, 0x50) (async)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0)

14:16:28 executing program 4:
syz_open_dev$sg(0x0, 0x6, 0x11d040)

14:16:28 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:28 executing program 4:
syz_open_dev$sg(0x0, 0x6, 0x11d040)

14:16:28 executing program 2:
gettid()
syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)

14:16:28 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:28 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:29 executing program 4:
syz_open_dev$sg(0x0, 0x6, 0x11d040)

14:16:29 executing program 2:
syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)

14:16:29 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:29 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:29 executing program 4:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x11d040)

14:16:29 executing program 2:
syz_open_dev$sg(0x0, 0x6, 0x11d040)

14:16:29 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:29 executing program 4:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x11d040)

14:16:29 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:29 executing program 2:
syz_open_dev$sg(0x0, 0x6, 0x11d040)

14:16:29 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:30 executing program 4:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x11d040)

14:16:30 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:30 executing program 2:
syz_open_dev$sg(0x0, 0x6, 0x11d040)

14:16:30 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:30 executing program 4:
syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x0)

14:16:30 executing program 2:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x11d040)

14:16:30 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:30 executing program 4:
syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x0)

14:16:30 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:31 executing program 2:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x11d040)

14:16:31 executing program 4:
syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x0)

14:16:31 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:31 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:31 executing program 2:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x11d040)

14:16:31 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:31 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:31 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:31 executing program 2:
syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x0)

14:16:31 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:32 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:32 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:32 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:32 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:32 executing program 2:
syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x0)

14:16:32 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:33 executing program 2:
syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x0)

14:16:33 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:33 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:33 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:33 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:33 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:33 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:34 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:34 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:34 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r5, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:34 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:34 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:35 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:35 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:35 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r5, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:35 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:35 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:35 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:35 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:36 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:36 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:36 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r5, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:36 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:37 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:37 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:37 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:38 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:38 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:39 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:39 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:39 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:39 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:40 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:40 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:40 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:40 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:40 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:41 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:41 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:41 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:41 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:41 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:42 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:42 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:42 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r5, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:43 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  255.465155][ T1375] ieee802154 phy0 wpan0: encryption failed: -22
[  255.471487][ T1375] ieee802154 phy1 wpan1: encryption failed: -22
14:16:43 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:43 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:44 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:44 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r5, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:44 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:45 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:45 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:46 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:46 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:46 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r5, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:46 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:47 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:47 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:47 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:48 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:48 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:49 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:49 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:50 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:50 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:50 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:50 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:51 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:51 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:52 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:52 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:52 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:53 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:53 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:53 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:54 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r5, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:54 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:54 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:55 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:55 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r5, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:55 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:56 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:56 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:56 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:56 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r5, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:57 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:57 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:58 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:58 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:58 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:58 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:16:59 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:00 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:00 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:01 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:01 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:01 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:02 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:02 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:02 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:03 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:03 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:03 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r5, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:03 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:04 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:05 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:05 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:06 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r5, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:06 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:07 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:07 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r5, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:07 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:07 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:08 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:08 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:09 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:09 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:10 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:12 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:12 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:12 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:14 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:14 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:14 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:16 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:16 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0), 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:18 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0), 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:18 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:18 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0), 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  290.174707][  T753] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
14:17:20 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0), 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:20 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0), 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:21 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0), 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:21 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0), 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:22 executing program 0:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r2})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:23 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0), 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:23 executing program 2:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r2})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:23 executing program 0:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r2})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  296.448325][  T753] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
14:17:24 executing program 2:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r2})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:25 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0), 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:25 executing program 0:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r2})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  297.811388][ T3748] ODEBUG: Out of memory. ODEBUG disabled
14:17:26 executing program 2:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r2})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:26 executing program 4:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r2, r3, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:27 executing program 0:
r0 = gettid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, 0xffffffffffffffff, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:28 executing program 2:
r0 = gettid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, 0xffffffffffffffff, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  300.455063][  T753] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.674366][T19232] chnl_net:caif_netlink_parms(): no params data found
[  301.683616][ T3523] syz-executor.1 (3523) used greatest stack depth: 19672 bytes left
14:17:30 executing program 0:
r0 = gettid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, 0xffffffffffffffff, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:30 executing program 4:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r2, r3, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  301.943095][   T21] Bluetooth: hci3: command 0x0409 tx timeout
14:17:30 executing program 2:
r0 = gettid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, 0xffffffffffffffff, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:31 executing program 4:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r2, r3, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:31 executing program 2:
r0 = gettid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, 0xffffffffffffffff, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:31 executing program 0:
r0 = gettid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, 0xffffffffffffffff, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:31 executing program 4:
r0 = gettid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, 0xffffffffffffffff, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  304.033033][   T13] Bluetooth: hci3: command 0x041b tx timeout
14:17:32 executing program 2:
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  304.344037][  T753] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
14:17:32 executing program 4:
r0 = gettid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, 0xffffffffffffffff, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:32 executing program 0:
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:33 executing program 4:
r0 = gettid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, 0xffffffffffffffff, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  305.473023][ T3633] Bluetooth: hci4: command 0x0409 tx timeout
14:17:33 executing program 2:
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:34 executing program 0:
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  306.045656][T19232] bridge0: port 1(bridge_slave_0) entered blocking state
[  306.052768][T19232] bridge0: port 1(bridge_slave_0) entered disabled state
[  306.094408][T19232] device bridge_slave_0 entered promiscuous mode
[  306.103270][ T3525] Bluetooth: hci3: command 0x040f tx timeout
[  306.144085][T19232] bridge0: port 2(bridge_slave_1) entered blocking state
[  306.151193][T19232] bridge0: port 2(bridge_slave_1) entered disabled state
[  306.184736][T19232] device bridge_slave_1 entered promiscuous mode
14:17:34 executing program 4:
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:35 executing program 0:
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:35 executing program 2:
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:35 executing program 4:
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  307.564124][ T3525] Bluetooth: hci4: command 0x041b tx timeout
[  307.715257][T19232] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  307.770870][T19232] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
14:17:36 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  308.183141][ T3560] Bluetooth: hci3: command 0x0419 tx timeout
14:17:36 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:37 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:37 executing program 4:
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  309.623238][ T3561] Bluetooth: hci4: command 0x040f tx timeout
14:17:38 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:38 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:38 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:38 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  310.502029][T19232] team0: Port device team_slave_0 added
[  310.583722][T19232] team0: Port device team_slave_1 added
[  311.703173][ T3525] Bluetooth: hci4: command 0x0419 tx timeout
14:17:40 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:40 executing program 2:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r2})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:40 executing program 0:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r2})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  312.987000][T19260] chnl_net:caif_netlink_parms(): no params data found
[  313.017522][T19232] batman_adv: batadv0: Adding interface: batadv_slave_0
[  313.029815][T19232] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
14:17:41 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  313.154189][T19232] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
14:17:41 executing program 2:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r2})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:42 executing program 0:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r2})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:42 executing program 4:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r2, r3, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  314.533752][T19232] batman_adv: batadv0: Adding interface: batadv_slave_1
[  314.540738][T19232] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  314.665525][T19232] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
14:17:43 executing program 2:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r2})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:43 executing program 0:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r2})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:43 executing program 4:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r2, r3, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:44 executing program 2:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  316.906484][ T1375] ieee802154 phy0 wpan0: encryption failed: -22
[  316.912819][ T1375] ieee802154 phy1 wpan1: encryption failed: -22
14:17:45 executing program 2:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:45 executing program 4:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r2, r3, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:45 executing program 0:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:46 executing program 4:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:46 executing program 2:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:47 executing program 0:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:48 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:48 executing program 4:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:48 executing program 0:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:49 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:49 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  321.316206][T19232] device hsr_slave_0 entered promiscuous mode
[  321.344175][T19232] device hsr_slave_1 entered promiscuous mode
[  321.371025][T19232] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  321.380526][T19232] Cannot create hsr debugfs directory
[  321.387792][T19260] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.395771][T19260] bridge0: port 1(bridge_slave_0) entered disabled state
[  321.404298][T19260] device bridge_slave_0 entered promiscuous mode
[  321.447288][T19260] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.463746][T19260] bridge0: port 2(bridge_slave_1) entered disabled state
[  321.475680][T19260] device bridge_slave_1 entered promiscuous mode
14:17:50 executing program 4:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r1=>0x0}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r1}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  322.084195][T19260] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  322.373470][T19260] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
14:17:50 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:52 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:52 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x0, 0x0, <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  324.740922][T19260] team0: Port device team_slave_0 added
[  325.028862][T19318] syz-executor.4 (19318) used greatest stack depth: 19232 bytes left
14:17:54 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:54 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x0, 0x0, <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  326.430709][T19260] team0: Port device team_slave_1 added
14:17:55 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:57 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x0, 0x0, <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:17:59 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x0, 0x0, <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  331.853659][T19260] batman_adv: batadv0: Adding interface: batadv_slave_0
[  331.860683][T19260] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  331.962947][T19260] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  332.001509][T19260] batman_adv: batadv0: Adding interface: batadv_slave_1
[  332.025547][T19260] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  332.113394][T19260] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
14:18:00 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x0, 0x0, <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:18:01 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(0x0, 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:18:03 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(0x0, 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:18:05 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(0x0, 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:18:05 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:18:07 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  339.912279][T19260] device hsr_slave_0 entered promiscuous mode
14:18:08 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  340.122608][T19260] device hsr_slave_1 entered promiscuous mode
[  340.380642][T19260] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  340.423389][T19260] Cannot create hsr debugfs directory
14:18:09 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x0)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:18:11 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x0)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:18:13 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x0)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:18:14 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:18:15 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:18:16 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:18:18 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  350.183302][T17122] Bluetooth: hci0: command 0x0409 tx timeout
14:18:19 executing program 2:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x0, 0x0, <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:18:20 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, 0x0)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  352.263074][ T1280] Bluetooth: hci0: command 0x041b tx timeout
14:18:21 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, 0x0)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  354.353056][ T3633] Bluetooth: hci0: command 0x040f tx timeout
14:18:23 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, 0x0)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  355.153199][ T3633] Bluetooth: hci2: command 0x0409 tx timeout
[  356.136763][T19563] cgroup: fork rejected by pids controller in /syz4
[  356.433038][ T3633] Bluetooth: hci0: command 0x0419 tx timeout
14:18:25 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  357.223485][   T13] Bluetooth: hci2: command 0x041b tx timeout
[  359.263104][T19531] chnl_net:caif_netlink_parms(): no params data found
[  359.303275][   T13] Bluetooth: hci2: command 0x040f tx timeout
14:18:27 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  361.383298][ T3633] Bluetooth: hci2: command 0x0419 tx timeout
[  361.418330][T19546] chnl_net:caif_netlink_parms(): no params data found
14:18:30 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:18:33 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x10, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:18:35 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x10, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  368.033178][ T3530] Bluetooth: hci5: command 0x0409 tx timeout
[  370.103101][T17122] Bluetooth: hci5: command 0x041b tx timeout
14:18:39 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x10, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  371.793399][   T13] Bluetooth: hci6: command 0x0409 tx timeout
[  372.182964][   T13] Bluetooth: hci5: command 0x040f tx timeout
14:18:41 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, 0xffffffffffffffff, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  373.873436][ T1280] Bluetooth: hci6: command 0x041b tx timeout
[  374.263006][ T1280] Bluetooth: hci5: command 0x0419 tx timeout
[  374.557431][  T753] device hsr_slave_0 left promiscuous mode
[  375.079596][  T753] device hsr_slave_1 left promiscuous mode
[  375.717398][  T753] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  375.729606][  T753] batman_adv: batadv0: Removing interface: batadv_slave_0
[  375.933898][  T753] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  375.941358][  T753] batman_adv: batadv0: Removing interface: batadv_slave_1
[  375.950924][ T3633] Bluetooth: hci6: command 0x040f tx timeout
14:18:44 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, 0xffffffffffffffff, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  376.348956][  T753] device bridge_slave_1 left promiscuous mode
[  376.364053][  T753] bridge0: port 2(bridge_slave_1) entered disabled state
[  377.710497][  T753] device bridge_slave_0 left promiscuous mode
[  377.716814][  T753] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.033261][ T1280] Bluetooth: hci6: command 0x0419 tx timeout
[  378.355067][ T1375] ieee802154 phy0 wpan0: encryption failed: -22
[  378.361417][ T1375] ieee802154 phy1 wpan1: encryption failed: -22
14:18:46 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, 0xffffffffffffffff, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  380.193540][  T753] device veth1_macvtap left promiscuous mode
[  380.199963][  T753] device veth0_macvtap left promiscuous mode
[  380.223078][  T753] device veth1_vlan left promiscuous mode
[  380.229065][  T753] device veth0_vlan left promiscuous mode
14:18:49 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:18:50 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:18:54 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:18:56 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  388.539754][ T3516] syz-executor.0 (3516) used greatest stack depth: 18552 bytes left
14:18:58 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:19:00 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:19:01 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:19:03 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:19:08 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  403.818816][  T753] team0 (unregistering): Port device team_slave_1 removed
14:19:12 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  404.573917][  T753] team0 (unregistering): Port device team_slave_0 removed
[  405.424370][  T753] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  405.961024][  T753] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
14:19:16 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  408.828948][  T753] bond0 (unregistering): Released all slaves
14:19:18 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00'}, 0x30)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r2}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  409.779075][T19531] bridge0: port 1(bridge_slave_0) entered blocking state
[  409.791031][T19531] bridge0: port 1(bridge_slave_0) entered disabled state
[  409.833433][T19531] device bridge_slave_0 entered promiscuous mode
[  411.444231][T19546] bridge0: port 1(bridge_slave_0) entered blocking state
[  411.451436][T19546] bridge0: port 1(bridge_slave_0) entered disabled state
[  411.478024][T19546] device bridge_slave_0 entered promiscuous mode
[  412.683695][T19260] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  413.661916][T19260] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  413.927600][T19546] bridge0: port 2(bridge_slave_1) entered blocking state
[  413.942395][T19546] bridge0: port 2(bridge_slave_1) entered disabled state
[  413.974261][T19546] device bridge_slave_1 entered promiscuous mode
[  415.961005][T19260] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  416.113231][ T3530] Bluetooth: hci0: command 0x0409 tx timeout
[  416.348182][T19594] chnl_net:caif_netlink_parms(): no params data found
14:19:25 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  416.858860][T19664] chnl_net:caif_netlink_parms(): no params data found
[  418.000853][T19260] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.193413][ T3633] Bluetooth: hci0: command 0x041b tx timeout
[  418.527550][T19848] chnl_net:caif_netlink_parms(): no params data found
[  419.464359][ T1280] Bluetooth: hci2: command 0x0409 tx timeout
[  420.263002][ T3561] Bluetooth: hci0: command 0x040f tx timeout
[  420.557805][T19594] bridge0: port 1(bridge_slave_0) entered blocking state
[  420.573039][T19594] bridge0: port 1(bridge_slave_0) entered disabled state
[  420.589602][T19594] device bridge_slave_0 entered promiscuous mode
[  420.636139][T19664] bridge0: port 1(bridge_slave_0) entered blocking state
[  420.652951][T19664] bridge0: port 1(bridge_slave_0) entered disabled state
[  420.667165][T19664] device bridge_slave_0 entered promiscuous mode
[  421.094035][T19594] bridge0: port 2(bridge_slave_1) entered blocking state
[  421.101128][T19594] bridge0: port 2(bridge_slave_1) entered disabled state
[  421.143407][T19594] device bridge_slave_1 entered promiscuous mode
[  421.171798][T19664] bridge0: port 2(bridge_slave_1) entered blocking state
[  421.181649][T19664] bridge0: port 2(bridge_slave_1) entered disabled state
[  421.213997][T19664] device bridge_slave_1 entered promiscuous mode
[  421.549493][ T3561] Bluetooth: hci2: command 0x041b tx timeout
[  422.343036][ T3558] Bluetooth: hci0: command 0x0419 tx timeout
14:19:31 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  423.466965][T19594] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  423.623225][ T3558] Bluetooth: hci2: command 0x040f tx timeout
[  424.047803][T19664] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  424.065417][T19594] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  424.085791][T19848] bridge0: port 1(bridge_slave_0) entered blocking state
[  424.113206][T19848] bridge0: port 1(bridge_slave_0) entered disabled state
[  424.143395][T19848] device bridge_slave_0 entered promiscuous mode
[  424.174309][T19848] bridge0: port 2(bridge_slave_1) entered blocking state
[  424.182044][T19848] bridge0: port 2(bridge_slave_1) entered disabled state
[  424.214011][T19848] device bridge_slave_1 entered promiscuous mode
[  424.246081][T19664] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  425.018507][T19848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  425.057649][T19848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  425.289418][T19594] team0: Port device team_slave_0 added
[  425.703263][ T3561] Bluetooth: hci2: command 0x0419 tx timeout
[  425.885672][T19848] team0: Port device team_slave_0 added
[  425.894369][T19664] team0: Port device team_slave_0 added
[  425.901797][T19594] team0: Port device team_slave_1 added
[  425.938301][T19848] team0: Port device team_slave_1 added
[  426.370803][T19664] team0: Port device team_slave_1 added
[  426.505694][T19848] batman_adv: batadv0: Adding interface: batadv_slave_0
[  426.512719][T19848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  426.572050][T19848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  426.668024][T19848] batman_adv: batadv0: Adding interface: batadv_slave_1
[  426.678655][T19848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  426.721495][T19848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  426.837909][T19664] batman_adv: batadv0: Adding interface: batadv_slave_0
[  426.864390][T19664] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  426.973018][T19664] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  427.609533][T19664] batman_adv: batadv0: Adding interface: batadv_slave_1
[  427.622173][T19664] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  427.692017][T19664] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
14:19:36 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  428.569523][  T753] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.686671][T19848] device hsr_slave_0 entered promiscuous mode
[  428.705297][T19848] device hsr_slave_1 entered promiscuous mode
[  428.803282][T19848] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  428.810924][T19848] Cannot create hsr debugfs directory
[  429.187443][  T753] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  429.356413][T19874] chnl_net:caif_netlink_parms(): no params data found
[  430.480658][  T753] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  430.775363][  T753] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  430.983155][ T3530] Bluetooth: hci3: command 0x0409 tx timeout
[  431.334354][T19874] bridge0: port 1(bridge_slave_0) entered blocking state
[  431.341460][T19874] bridge0: port 1(bridge_slave_0) entered disabled state
[  431.353225][T19874] device bridge_slave_0 entered promiscuous mode
[  431.393545][T19874] bridge0: port 2(bridge_slave_1) entered blocking state
[  431.402245][T19874] bridge0: port 2(bridge_slave_1) entered disabled state
[  431.414199][T19874] device bridge_slave_1 entered promiscuous mode
14:19:40 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0), 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  432.239380][T19874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  432.342712][T19874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  432.515621][  T753] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.731017][  T753] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.764789][T19874] team0: Port device team_slave_0 added
[  432.782371][T19874] team0: Port device team_slave_1 added
14:19:41 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0), 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  433.063038][ T3525] Bluetooth: hci3: command 0x041b tx timeout
[  433.298902][T19511] syz-executor.4 (19511) used greatest stack depth: 17920 bytes left
[  433.330801][  T753] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  433.506969][T19973] chnl_net:caif_netlink_parms(): no params data found
[  434.183207][ T3561] Bluetooth: hci4: command 0x0409 tx timeout
[  434.224755][  T753] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  434.454025][T19874] batman_adv: batadv0: Adding interface: batadv_slave_0
[  434.461007][T19874] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  434.522916][T19874] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  434.573982][T19874] batman_adv: batadv0: Adding interface: batadv_slave_1
[  434.581051][T19874] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  434.653812][T19874] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  435.153207][   T13] Bluetooth: hci3: command 0x040f tx timeout
[  435.376430][T19874] device hsr_slave_0 entered promiscuous mode
[  435.403541][T19874] device hsr_slave_1 entered promiscuous mode
[  435.412618][T19874] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  435.427785][T19874] Cannot create hsr debugfs directory
[  435.437569][T19981] chnl_net:caif_netlink_parms(): no params data found
[  435.456645][T19973] bridge0: port 1(bridge_slave_0) entered blocking state
[  435.464484][T19973] bridge0: port 1(bridge_slave_0) entered disabled state
[  435.472742][T19973] device bridge_slave_0 entered promiscuous mode
[  435.499011][T19973] bridge0: port 2(bridge_slave_1) entered blocking state
[  435.523064][T19973] bridge0: port 2(bridge_slave_1) entered disabled state
[  435.531268][T19973] device bridge_slave_1 entered promiscuous mode
[  436.047405][T19973] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  436.232534][T19973] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  436.263566][ T3633] Bluetooth: hci4: command 0x041b tx timeout
[  436.768027][T19973] team0: Port device team_slave_0 added
[  437.054637][T19973] team0: Port device team_slave_1 added
[  437.060623][T19981] bridge0: port 1(bridge_slave_0) entered blocking state
[  437.073237][T19981] bridge0: port 1(bridge_slave_0) entered disabled state
[  437.093101][T19981] device bridge_slave_0 entered promiscuous mode
[  437.223215][ T3633] Bluetooth: hci3: command 0x0419 tx timeout
[  438.347887][T19981] bridge0: port 2(bridge_slave_1) entered blocking state
[  438.353221][   T13] Bluetooth: hci4: command 0x040f tx timeout
[  438.355259][T19981] bridge0: port 2(bridge_slave_1) entered disabled state
[  438.387438][T19981] device bridge_slave_1 entered promiscuous mode
[  438.420077][T19973] batman_adv: batadv0: Adding interface: batadv_slave_0
[  438.443235][T19973] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  438.484542][T19973] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
14:19:47 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0), 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  439.794621][ T1375] ieee802154 phy0 wpan0: encryption failed: -22
[  439.801042][ T1375] ieee802154 phy1 wpan1: encryption failed: -22
[  440.283430][T19973] batman_adv: batadv0: Adding interface: batadv_slave_1
[  440.290519][T19973] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  440.352566][T19973] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  440.423613][   T13] Bluetooth: hci4: command 0x0419 tx timeout
[  440.736365][T19981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  440.787147][T19981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  441.188173][T19514] syz-executor.4 (19514) used greatest stack depth: 17688 bytes left
14:19:49 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  441.935851][T19973] device hsr_slave_0 entered promiscuous mode
[  441.964145][T19973] device hsr_slave_1 entered promiscuous mode
[  441.983204][T19973] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  441.990811][T19973] Cannot create hsr debugfs directory
[  442.059664][T19981] team0: Port device team_slave_0 added
[  442.268103][T19981] team0: Port device team_slave_1 added
[  442.724298][T19981] batman_adv: batadv0: Adding interface: batadv_slave_0
[  442.733025][T19981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  442.813066][T19981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  442.847367][T19981] batman_adv: batadv0: Adding interface: batadv_slave_1
[  442.866489][T19981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  442.932937][T19981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  443.985628][T19981] device hsr_slave_0 entered promiscuous mode
[  444.003375][T19981] device hsr_slave_1 entered promiscuous mode
[  444.010855][T19981] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  444.047998][T19981] Cannot create hsr debugfs directory
[  444.544583][T19848] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  444.583769][T19848] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  444.602589][T19848] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  444.627853][T19848] netdevsim netdevsim0 netdevsim3: renamed from eth3
14:19:53 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:19:55 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:19:57 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  449.384802][T19848] 8021q: adding VLAN 0 to HW filter on device bond0
[  449.423943][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  449.431779][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  449.455496][T19848] 8021q: adding VLAN 0 to HW filter on device team0
[  449.484225][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  449.497308][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  449.511596][ T1280] bridge0: port 1(bridge_slave_0) entered blocking state
[  449.518752][ T1280] bridge0: port 1(bridge_slave_0) entered forwarding state
[  449.559000][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  449.573850][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  449.590488][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  449.599114][ T1280] bridge0: port 2(bridge_slave_1) entered blocking state
[  449.606262][ T1280] bridge0: port 2(bridge_slave_1) entered forwarding state
[  449.631616][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
14:19:58 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:19:58 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:00 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  452.424657][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  452.447590][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  452.462643][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  452.492382][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  452.503999][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  452.518879][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  452.533877][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  452.550277][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  452.571057][T19848] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  452.611688][T19848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  452.621089][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  452.633654][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
14:20:01 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  452.914939][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  452.927808][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  452.948768][T19848] 8021q: adding VLAN 0 to HW filter on device batadv0
[  453.008734][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  453.018225][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  453.066009][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  453.083698][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  453.105653][T19848] device veth0_vlan entered promiscuous mode
[  453.124365][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  453.132822][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  453.146899][T19848] device veth1_vlan entered promiscuous mode
[  453.203721][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  453.211947][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  453.234560][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  453.255828][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  453.302314][T19848] device veth0_macvtap entered promiscuous mode
[  453.319085][T19848] device veth1_macvtap entered promiscuous mode
[  453.357194][T19848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  453.392855][T19848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.402900][T19848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  453.425577][T19848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.444511][T19848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  453.466206][T19848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.494005][T19848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  453.512915][T19848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.533200][T19848] batman_adv: batadv0: Interface activated: batadv_slave_0
[  453.542706][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  453.563741][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  453.602745][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  453.623995][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  453.655663][T19848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  453.693260][T19848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.733169][T19848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  453.744080][T19848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.778846][T19848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  453.812922][T19848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.822772][T19848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  453.862114][T19848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.892990][T19848] batman_adv: batadv0: Interface activated: batadv_slave_1
[  453.900433][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  453.923683][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  453.940548][T19848] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  453.973144][T19848] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  453.993136][T19848] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  454.003302][T19848] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
14:20:03 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  457.208019][T19874] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  457.209260][T18812] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  457.243105][T18812] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  457.329214][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  457.353642][T19874] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  457.695260][T19874] netdevsim netdevsim2 netdevsim2: renamed from eth2
14:20:06 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={0x0}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  458.275601][T19874] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  458.685384][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  458.698332][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  458.723927][ T3560] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  458.738297][T19973] netdevsim netdevsim3 netdevsim0: renamed from eth0
14:20:07 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:07 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  458.886022][T19973] netdevsim netdevsim3 netdevsim1: renamed from eth1
14:20:07 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={0x0}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  459.013519][T19973] netdevsim netdevsim3 netdevsim2: renamed from eth2
14:20:07 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x0, 0x0, <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  459.128673][T19504] syz-executor.4 (19504) used greatest stack depth: 17464 bytes left
14:20:07 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x0, 0x0, <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:07 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x0, 0x0, <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:08 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(0x0, 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:08 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(0x0, 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:08 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(0x0, 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:09 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:09 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:09 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:10 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x0)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:10 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x0)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:10 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x0)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  462.737096][T19973] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  463.057753][T19981] netdevsim netdevsim1 netdevsim0: renamed from eth0
14:20:11 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  463.386270][T19981] netdevsim netdevsim1 netdevsim1: renamed from eth1
14:20:12 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  464.016460][T19981] netdevsim netdevsim1 netdevsim2: renamed from eth2
14:20:12 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  464.319298][T19981] netdevsim netdevsim1 netdevsim3: renamed from eth3
14:20:13 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, 0x0)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  465.158495][T19874] 8021q: adding VLAN 0 to HW filter on device bond0
[  465.297607][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  465.312499][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  465.384098][T19981] 8021q: adding VLAN 0 to HW filter on device bond0
[  465.395060][T19973] 8021q: adding VLAN 0 to HW filter on device bond0
[  465.406675][T19874] 8021q: adding VLAN 0 to HW filter on device team0
[  465.447388][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  465.463693][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  465.472229][ T3561] bridge0: port 1(bridge_slave_0) entered blocking state
[  465.479400][ T3561] bridge0: port 1(bridge_slave_0) entered forwarding state
[  465.545314][T20029] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  465.554978][T20029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  465.563254][T20029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  465.580393][T19981] 8021q: adding VLAN 0 to HW filter on device team0
[  465.617594][T19973] 8021q: adding VLAN 0 to HW filter on device team0
[  465.653051][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  465.661667][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  465.690020][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  465.703863][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  465.723621][ T3561] bridge0: port 2(bridge_slave_1) entered blocking state
[  465.730718][ T3561] bridge0: port 2(bridge_slave_1) entered forwarding state
[  465.768406][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  465.789952][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  465.823721][ T3561] bridge0: port 1(bridge_slave_0) entered blocking state
[  465.830851][ T3561] bridge0: port 1(bridge_slave_0) entered forwarding state
[  465.917974][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  465.926688][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  465.944190][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  465.973440][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  466.004782][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  466.023701][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  466.043655][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  466.064873][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
14:20:14 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, 0x0)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  466.093781][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  466.113236][ T3561] bridge0: port 1(bridge_slave_0) entered blocking state
[  466.120334][ T3561] bridge0: port 1(bridge_slave_0) entered forwarding state
[  466.143469][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  466.173964][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  466.184019][ T3561] bridge0: port 2(bridge_slave_1) entered blocking state
[  466.191100][ T3561] bridge0: port 2(bridge_slave_1) entered forwarding state
[  466.243474][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  466.255056][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  466.273765][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  466.293247][ T3561] bridge0: port 2(bridge_slave_1) entered blocking state
[  466.300340][ T3561] bridge0: port 2(bridge_slave_1) entered forwarding state
[  466.347637][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  466.357612][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  466.383676][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  466.413971][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  466.433526][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  466.463552][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  466.474138][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  466.494520][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  466.513996][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  466.527924][T19874] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  466.568053][T19874] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  466.623581][T20027] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  466.631892][T20027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  466.674518][T20027] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  466.693946][T20027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  466.733592][T20027] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  466.742377][T20027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  466.773719][T20027] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  466.803322][T20027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  466.811921][T20027] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  466.843975][T20027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  466.863234][T20027] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  466.871989][T20027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  466.884708][T20027] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  466.893840][T20027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  466.902443][T20027] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  466.919194][T19981] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  466.939543][T19973] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  466.952339][T19973] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  466.963277][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  466.971464][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  466.984181][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  467.190029][T19874] 8021q: adding VLAN 0 to HW filter on device batadv0
[  467.244994][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  467.252630][ T3633] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  467.315803][T20029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  467.325002][T20029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  467.416167][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  467.424409][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  467.431960][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
14:20:15 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, 0x0)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  467.469309][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  467.919355][T19973] 8021q: adding VLAN 0 to HW filter on device batadv0
[  467.973221][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  467.981672][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  468.005550][T19981] 8021q: adding VLAN 0 to HW filter on device batadv0
[  468.033676][T19874] device veth0_vlan entered promiscuous mode
[  468.040458][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  468.053803][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  468.083545][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  468.092321][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  468.136105][T19874] device veth1_vlan entered promiscuous mode
[  468.246346][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  468.274186][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  468.293653][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  468.303622][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  468.323738][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  468.345263][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  468.377280][T19973] device veth0_vlan entered promiscuous mode
[  468.410205][T19981] device veth0_vlan entered promiscuous mode
14:20:16 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:17 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={0x0}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:17 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:18 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:18 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:19 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x10, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  471.934009][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  471.941962][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  471.971522][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  472.004763][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  472.030248][T19874] device veth0_macvtap entered promiscuous mode
[  472.040056][T19874] device veth1_macvtap entered promiscuous mode
[  472.078794][T19973] device veth1_vlan entered promiscuous mode
[  472.086853][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  472.095721][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  472.118971][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  472.141468][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  472.163754][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  472.172792][T19981] device veth1_vlan entered promiscuous mode
[  472.233596][T20098] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  472.249233][T19874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  472.272554][T19874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  472.301479][T19874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  472.348780][T19874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  472.376452][T19874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  472.404736][T19874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  472.435413][T19874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  472.473512][T19874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  472.503277][T19874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
14:20:20 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x10, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  472.522885][T19874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  472.565841][T19874] batman_adv: batadv0: Interface activated: batadv_slave_0
[  472.594158][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  472.604293][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  472.630008][T19981] device veth0_macvtap entered promiscuous mode
[  472.693642][T19973] device veth0_macvtap entered promiscuous mode
[  472.707263][T19874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  472.737381][T19874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  472.751314][T19874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  472.792984][T19874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  472.817425][T19874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  472.833318][T19874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  472.847656][T19874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  472.873111][T19874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  472.885701][T19874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  472.902962][T19874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  472.919462][T19874] batman_adv: batadv0: Interface activated: batadv_slave_1
[  472.931659][T20029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  472.940680][T20029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  472.963742][T20029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  472.972479][T20029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  473.023657][T20029] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  473.063509][T20029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  473.075784][T19981] device veth1_macvtap entered promiscuous mode
[  473.100957][T20029] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  473.109885][T20029] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  473.133846][T20029] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  473.157643][T19874] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  473.179319][T19874] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  473.205213][T19874] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  473.227753][T19874] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  473.258379][T19973] device veth1_macvtap entered promiscuous mode
[  473.291085][T19981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  473.329024][T19981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  473.363098][T19981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  473.393088][T19981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  473.412967][T19981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  473.443300][T19981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  473.472997][T19981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  473.492989][T19981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  473.513046][T19981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  473.543222][T19981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  473.562915][T19981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  473.582968][T19981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  473.614798][T19981] batman_adv: batadv0: Interface activated: batadv_slave_0
14:20:22 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:22 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x10, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  474.198652][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  474.219195][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
14:20:22 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, 0xffffffffffffffff, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  474.258042][T19981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  474.283023][T19981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  474.305193][T19981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  474.331859][T19981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  474.372962][T19981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  474.403020][T19981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  474.443100][T19981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  474.461146][T19981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  474.482987][T19981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  474.513078][T19981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  474.543102][T19981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  474.563745][T19981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  474.603236][T19981] batman_adv: batadv0: Interface activated: batadv_slave_1
[  475.149477][T19973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  475.195697][T19973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.227779][T19973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  475.246901][T19973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.264964][T19973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  475.286243][T19973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.304224][T19973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  475.323354][T19973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.342716][T19973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  475.364653][T19973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.402158][T19973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  475.436331][T19973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.455144][T19973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  475.478023][T19973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.503185][T19973] batman_adv: batadv0: Interface activated: batadv_slave_0
[  475.510709][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  475.533849][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  475.583939][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  475.605095][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  475.630445][T19981] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  475.643060][T19981] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  475.651822][T19981] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  475.683045][T19981] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
14:20:24 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, 0xffffffffffffffff, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  475.745331][T19973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  475.769858][T19973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.843247][T19973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  475.866455][T19973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.909957][T19973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  475.933194][T19973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.945945][T19973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  475.960148][T19973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.984262][T19973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  475.998686][T19973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  476.012901][T19973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  476.035220][T19973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  476.052899][T19973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  476.075330][T19973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  476.101031][T19973] batman_adv: batadv0: Interface activated: batadv_slave_1
[  476.306337][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  476.327213][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  476.356912][T19973] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  476.372025][T19973] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
14:20:24 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  476.403067][T19973] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  476.412402][T19973] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  476.450055][ T3639] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  476.466068][ T3639] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  477.804255][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
14:20:26 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  478.646006][T19596] syz-executor.4 (19596) used greatest stack depth: 17336 bytes left
14:20:27 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, 0xffffffffffffffff, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  479.427632][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  479.439152][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  479.838091][ T1280] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
14:20:28 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:32 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  485.703178][T17122] Bluetooth: hci2: command 0x0409 tx timeout
[  486.041189][ T3639] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  486.049370][ T3639] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
14:20:34 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0x0)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  486.140281][T17122] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  486.160654][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  486.169453][ T3639] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  486.197717][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  486.207687][ T3639] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
14:20:34 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r5, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:34 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  486.252792][T17122] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  486.272340][T17122] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
14:20:34 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:34 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  486.476332][T20347] chnl_net:caif_netlink_parms(): no params data found
14:20:35 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:35 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:35 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:35 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:35 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:35 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0), 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r5, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:35 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:35 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0), 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r5, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  487.784013][T20098] Bluetooth: hci2: command 0x041b tx timeout
14:20:36 executing program 3:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0), 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r5, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:36 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r7, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:36 executing program 3:
gettid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r1, 0x1267, &(0x7f0000000040))
r2 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r0, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r2})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r1}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r3, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r4, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:36 executing program 1:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040))
r3 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r3})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0), 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, r6, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r3, r4, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:36 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, 0x0, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  489.872905][   T13] Bluetooth: hci2: command 0x040f tx timeout
14:20:39 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0x0)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:39 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, 0x0, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  491.456076][T20347] bridge0: port 1(bridge_slave_0) entered blocking state
[  491.469725][T20347] bridge0: port 1(bridge_slave_0) entered disabled state
[  491.484113][T20347] device bridge_slave_0 entered promiscuous mode
[  491.502926][T20347] bridge0: port 2(bridge_slave_1) entered blocking state
[  491.510014][T20347] bridge0: port 2(bridge_slave_1) entered disabled state
[  491.530912][T20347] device bridge_slave_1 entered promiscuous mode
[  491.943153][ T1066] Bluetooth: hci2: command 0x0419 tx timeout
14:20:40 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0x0)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:41 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, 0x0, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:42 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:42 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  494.116093][T20347] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  494.236581][T20347] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  494.327703][T20347] team0: Port device team_slave_0 added
[  494.395603][T20347] team0: Port device team_slave_1 added
[  494.436602][T20347] batman_adv: batadv0: Adding interface: batadv_slave_0
[  494.449536][T20347] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  494.542977][T20347] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
14:20:43 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:44 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={'\x00', 0x80, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:44 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:45 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:45 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  497.813772][T20347] batman_adv: batadv0: Adding interface: batadv_slave_1
[  497.820895][T20347] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  497.910178][T20347] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  498.103064][   T13] Bluetooth: hci3: command 0x0409 tx timeout
14:20:46 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480), 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  498.423341][T17122] Bluetooth: hci4: command 0x0409 tx timeout
14:20:47 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:48 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480), 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:48 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  500.193138][ T1280] Bluetooth: hci3: command 0x041b tx timeout
[  500.503185][ T1280] Bluetooth: hci4: command 0x041b tx timeout
[  501.234436][ T1375] ieee802154 phy0 wpan0: encryption failed: -22
[  501.240773][ T1375] ieee802154 phy1 wpan1: encryption failed: -22
14:20:49 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x0, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:50 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480), 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  502.273010][ T3633] Bluetooth: hci3: command 0x040f tx timeout
[  502.582992][ T3633] Bluetooth: hci4: command 0x040f tx timeout
14:20:51 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:20:52 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  504.343069][ T1066] Bluetooth: hci3: command 0x0419 tx timeout
[  504.663022][ T1066] Bluetooth: hci4: command 0x0419 tx timeout
14:20:53 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  505.600145][T20347] device hsr_slave_0 entered promiscuous mode
[  506.168961][T20347] device hsr_slave_1 entered promiscuous mode
14:20:54 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={0x0}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  506.687618][T20347] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  506.695460][T20347] Cannot create hsr debugfs directory
[  507.608197][  T753] device hsr_slave_0 left promiscuous mode
[  507.616418][  T753] device hsr_slave_1 left promiscuous mode
[  507.625182][  T753] batman_adv: batadv0: Removing interface: batadv_slave_0
[  507.669407][  T753] batman_adv: batadv0: Removing interface: batadv_slave_1
[  507.816415][T19529] syz-executor.4 (19529) used greatest stack depth: 17088 bytes left
[  507.829135][  T753] device bridge_slave_1 left promiscuous mode
[  507.849427][  T753] bridge0: port 2(bridge_slave_1) entered disabled state
[  508.470248][  T753] device bridge_slave_0 left promiscuous mode
[  508.483107][  T753] bridge0: port 1(bridge_slave_0) entered disabled state
14:20:56 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={0x0}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  509.371713][  T753] device bridge_slave_1 left promiscuous mode
[  509.383169][  T753] bridge0: port 2(bridge_slave_1) entered disabled state
14:20:57 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={0x0}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  510.024957][  T753] device bridge_slave_0 left promiscuous mode
[  510.031201][  T753] bridge0: port 1(bridge_slave_0) entered disabled state
14:20:59 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x0, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  512.103785][  T753] device hsr_slave_0 left promiscuous mode
14:21:00 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x0, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  512.614350][  T753] device hsr_slave_1 left promiscuous mode
[  512.936246][  T753] batman_adv: batadv0: Removing interface: batadv_slave_0
[  513.266606][  T753] batman_adv: batadv0: Removing interface: batadv_slave_1
[  513.527145][  T753] device bridge_slave_1 left promiscuous mode
[  513.553132][  T753] bridge0: port 2(bridge_slave_1) entered disabled state
[  514.194036][  T753] device bridge_slave_0 left promiscuous mode
[  514.200543][  T753] bridge0: port 1(bridge_slave_0) entered disabled state
14:21:03 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x0, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  514.834379][  T753] device bridge_slave_0 left promiscuous mode
[  514.853149][  T753] bridge0: port 1(bridge_slave_0) entered disabled state
14:21:04 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x0, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  516.628415][  T753] device hsr_slave_0 left promiscuous mode
[  517.313230][  T753] device hsr_slave_1 left promiscuous mode
14:21:05 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x0, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  517.704318][  T753] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  517.712004][  T753] batman_adv: batadv0: Removing interface: batadv_slave_0
[  517.750511][  T753] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  517.758676][  T753] batman_adv: batadv0: Removing interface: batadv_slave_1
[  517.786691][  T753] device bridge_slave_1 left promiscuous mode
[  517.833061][  T753] bridge0: port 2(bridge_slave_1) entered disabled state
[  518.634275][  T753] device bridge_slave_0 left promiscuous mode
[  518.643099][  T753] bridge0: port 1(bridge_slave_0) entered disabled state
14:21:07 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x0, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:21:08 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  520.493062][  T753] device hsr_slave_0 left promiscuous mode
[  520.999796][  T753] device hsr_slave_1 left promiscuous mode
[  521.719989][  T753] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  521.735649][  T753] batman_adv: batadv0: Removing interface: batadv_slave_0
[  521.926993][  T753] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  521.947640][  T753] batman_adv: batadv0: Removing interface: batadv_slave_1
[  522.214413][  T753] device bridge_slave_1 left promiscuous mode
[  522.220669][  T753] bridge0: port 2(bridge_slave_1) entered disabled state
[  522.603600][  T753] device bridge_slave_0 left promiscuous mode
[  522.609858][  T753] bridge0: port 1(bridge_slave_0) entered disabled state
14:21:11 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  522.862637][  T753] device hsr_slave_0 left promiscuous mode
[  522.874807][  T753] device hsr_slave_1 left promiscuous mode
[  522.884832][  T753] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  522.892371][  T753] batman_adv: batadv0: Removing interface: batadv_slave_0
[  522.903963][  T753] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  522.933256][  T753] batman_adv: batadv0: Removing interface: batadv_slave_1
[  523.775408][  T753] device bridge_slave_1 left promiscuous mode
[  523.781735][  T753] bridge0: port 2(bridge_slave_1) entered disabled state
[  524.565766][  T753] device bridge_slave_0 left promiscuous mode
[  524.572035][  T753] bridge0: port 1(bridge_slave_0) entered disabled state
14:21:13 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  526.539400][  T753] device veth1_macvtap left promiscuous mode
[  526.548782][  T753] device veth0_macvtap left promiscuous mode
[  526.562990][  T753] device veth1_vlan left promiscuous mode
[  526.579040][  T753] device veth0_vlan left promiscuous mode
14:21:15 executing program 0:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
ioctl$SG_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={'\x00', 0x0, 0x6, 0x1, 0x3f, 0x8, r4})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:21:15 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xc8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:21:16 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xc8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  528.005742][  T753] device veth1_macvtap left promiscuous mode
[  528.011803][  T753] device veth0_macvtap left promiscuous mode
[  528.021663][  T753] device veth1_vlan left promiscuous mode
[  528.073279][  T753] device veth0_vlan left promiscuous mode
[  530.353019][ T1280] Bluetooth: hci0: command 0x0409 tx timeout
14:21:18 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xc8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  530.743351][  T753] device veth1_macvtap left promiscuous mode
[  530.750659][  T753] device veth0_macvtap left promiscuous mode
[  530.780858][  T753] device veth1_vlan left promiscuous mode
[  530.786767][  T753] device veth0_vlan left promiscuous mode
14:21:20 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd4, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0xc, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  532.423552][   T13] Bluetooth: hci0: command 0x041b tx timeout
14:21:21 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd4, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0xc, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  534.513645][ T1280] Bluetooth: hci0: command 0x040f tx timeout
14:21:23 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd4, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0xc, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  536.592971][   T13] Bluetooth: hci0: command 0x0419 tx timeout
14:21:25 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd0, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x8, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:21:26 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd0, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x8, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:21:28 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd0, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x8, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:21:28 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd4, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0xc, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:21:31 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd4, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0xc, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:21:33 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd4, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0xc, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:21:34 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0x24, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:21:36 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0x24, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:21:37 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0x24, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:21:38 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd0, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xa9, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:21:39 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd0, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xa9, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  551.862903][ T3633] Bluetooth: hci5: command 0x0409 tx timeout
14:21:41 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd0, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xa9, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:21:42 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0x50, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x2b, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  553.943142][ T1900] Bluetooth: hci5: command 0x041b tx timeout
14:21:43 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0x50, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x2b, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  556.023122][ T1900] Bluetooth: hci5: command 0x040f tx timeout
14:21:44 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0x50, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x2b, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  557.800633][T19834] syz-executor.4 (19834) used greatest stack depth: 15896 bytes left
14:21:46 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x0, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  558.113035][T17122] Bluetooth: hci5: command 0x0419 tx timeout
14:21:47 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x0, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:21:48 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x0, 0x84, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e70"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:21:50 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0x54, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x2d, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  562.675235][ T1375] ieee802154 phy0 wpan0: encryption failed: -22
[  562.681645][ T1375] ieee802154 phy1 wpan1: encryption failed: -22
14:21:52 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0x54, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x2d, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  564.263163][ T1900] Bluetooth: hci6: command 0x0409 tx timeout
[  564.582942][ T1280] Bluetooth: hci7: command 0x0409 tx timeout
14:21:54 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0x54, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x2d, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  566.343222][T17122] Bluetooth: hci6: command 0x041b tx timeout
[  566.672975][ T1280] Bluetooth: hci7: command 0x041b tx timeout
14:21:55 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0x94, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x6f, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x42, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb758"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:21:56 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0x94, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x6f, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x42, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb758"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  568.433741][ T1280] Bluetooth: hci6: command 0x040f tx timeout
[  568.752946][ T3633] Bluetooth: hci7: command 0x040f tx timeout
14:21:58 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0x94, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x6f, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x42, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb758"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  570.503126][ T3633] Bluetooth: hci6: command 0x0419 tx timeout
[  570.832906][ T3633] Bluetooth: hci7: command 0x0419 tx timeout
14:21:59 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xb4, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x90, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x63, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:22:00 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xb4, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x90, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x63, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:22:02 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xb4, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0x90, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x63, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:22:04 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xc8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xa1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x74, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed18247"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:22:06 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xc8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xa1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x74, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed18247"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:22:07 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xc8, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xa1, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x74, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed18247"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:22:08 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd0, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xa9, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x7c, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:22:09 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd0, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xa9, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x7c, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:22:11 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd0, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xa9, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x7c, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

14:22:13 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd4, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xad, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x80, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  585.044199][  T753] team0 (unregistering): Port device team_slave_1 removed
[  585.976332][  T753] team0 (unregistering): Port device team_slave_0 removed
14:22:14 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd4, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xad, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x80, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  586.393399][  T753] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  588.332703][  T753] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
14:22:20 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd4, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xad, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x80, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  594.583668][  T753] bond0 (unregistering): Released all slaves
[  596.343274][T20027] Bluetooth: hci8: command 0x0409 tx timeout
[  598.423007][ T1280] Bluetooth: hci8: command 0x041b tx timeout
14:22:28 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd4, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xaf, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x82, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  600.503111][ T3633] Bluetooth: hci8: command 0x040f tx timeout
[  601.273791][  T753] bond0 (unregistering): Released all slaves
14:22:30 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd4, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xaf, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x82, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  602.583008][ T3633] Bluetooth: hci8: command 0x0419 tx timeout
[  610.822985][ T3633] Bluetooth: hci2: command 0x0406 tx timeout
[  617.927421][  T753] team0 (unregistering): Port device team_slave_1 removed
[  618.022988][T20027] Bluetooth: hci9: command 0x0409 tx timeout
[  619.964259][  T753] team0 (unregistering): Port device team_slave_0 removed
[  620.112902][ T3633] Bluetooth: hci9: command 0x041b tx timeout
[  621.072897][ T1280] Bluetooth: hci4: command 0x0406 tx timeout
[  621.072990][ T1900] Bluetooth: hci3: command 0x0406 tx timeout
[  621.190953][  T753] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
14:22:50 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd4, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xaf, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x82, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  622.183015][ T3633] Bluetooth: hci9: command 0x040f tx timeout
[  623.283386][  T753] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  624.107448][ T1375] ieee802154 phy0 wpan0: encryption failed: -22
[  624.114038][ T1375] ieee802154 phy1 wpan1: encryption failed: -22
[  624.262920][ T1280] Bluetooth: hci9: command 0x0419 tx timeout
[  630.423093][ T1280] Bluetooth: hci10: command 0x0409 tx timeout
[  630.752919][ T1280] Bluetooth: hci11: command 0x0409 tx timeout
[  632.483616][  T753] bond0 (unregistering): Released all slaves
[  632.502955][ T1066] Bluetooth: hci10: command 0x041b tx timeout
[  632.832936][ T1066] Bluetooth: hci11: command 0x041b tx timeout
[  634.593019][ T1066] Bluetooth: hci10: command 0x040f tx timeout
[  634.902905][ T1066] Bluetooth: hci11: command 0x040f tx timeout
[  636.663511][ T1280] Bluetooth: hci10: command 0x0419 tx timeout
[  636.982899][ T1066] Bluetooth: hci11: command 0x0419 tx timeout
[  639.383609][  T753] bond0 (unregistering): Released all slaves
14:23:09 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd4, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb0, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x83, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  651.793011][ T3633] Bluetooth: hci0: command 0x0406 tx timeout
[  653.881167][  T753] team0 (unregistering): Port device team_slave_1 removed
[  653.908201][  T753] team0 (unregistering): Port device team_slave_0 removed
[  654.445759][  T753] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  655.673299][  T753] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  662.533641][  T753] bond0 (unregistering): Released all slaves
[  662.662976][ T1066] Bluetooth: hci12: command 0x0409 tx timeout
14:23:32 executing program 4:
r0 = gettid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x9, &(0x7f0000000140)='/dev/sg#\x00', <r2=>0x0}, 0x30)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x6, 0x11d040)
ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f0000000040))
r4 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2ad6639740b25915, 0x2010, r1, 0xc73b3000)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x20004844)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r2}, 0x4)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000006c0)={0x0, r3}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xd4, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb0, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xa, 0x5}}, @mic={0x8c, 0x18, {0x989, "20581a28940c", @long="20ea15365d6cd3fb6bb61cb95cfd7baf"}}, @random={0x7, 0x83, "b45961fec35ba1579a4e5cafa33ac1680ebeacfe9ea4c33fcc80f55971cf33b5580dd9b8776f90102b0fc26c5c173f85f97f1c866e5724deb24b81d9dbce280cb7584351f414b0e6ec10771b7ab36052ac7d7fe34f546835ba2ef5e0d82b275f1801c0cfb1a8d226237a83ef74f299aa8ed1824752705c63656c7878cecfb7ed86ab8e"}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'e'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x24000000}, 0x8880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r4, r5, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
syz_clone(0x2088080, &(0x7f0000000280)="f2bc138c27781ba03d61d7a4c7fc3b7767a681ea4d7a3bfe75a16567933acb5a3c535726fff992fb321886de24e6cd876f70a6b4f39b6113670f81e1f5f21b75d02ec44e0b865d8244ddb9b22c28378619e02f4b7900023e567d1706717bd72feb86fab1aa77cefc04a17e6f50b9b446c6306f9e8c2c078959858e91d7f2f280b2146fc6cbf24f28e1d3f4cc0677873500bea3eb80f21d55576d6d4f8ec12e2cc9f5657e870248e7489f2b0c8b0b1c1666428fb68ee9511c56e53d1d103d0a", 0xbf, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="32941c886dfc7378fc7e706278540e90b2cb87e32902d751388211ebf9cd19ba9c7f75dbe7f7433496680484407b6e73705dac4e48c81a96f2c058cf35b202fbb37a3af54a19f0bd1c1cd6cae1b18dc1bfff7cd8c71b56bad730b1393585a29eae82e928df6655a49da41316043675a2c6a0ff74bbc4136f4a8ab42fc07da99a87b667966cc25f42dcf467a5eb3634293cfa11fbd7ff72c52c9657067db4574803cd0a")

[  664.752878][ T1280] Bluetooth: hci12: command 0x041b tx timeout
[  666.832898][ T1280] Bluetooth: hci12: command 0x040f tx timeout
[  668.912916][   T27] INFO: task kworker/1:1:25 blocked for more than 143 seconds.
[  668.921028][   T27]       Not tainted 5.15.148-syzkaller #0
[  668.927085][ T3633] Bluetooth: hci12: command 0x0419 tx timeout
[  668.945031][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  668.982998][   T27] task:kworker/1:1     state:D stack:23392 pid:   25 ppid:     2 flags:0x00004000
[  668.992366][   T27] Workqueue: events linkwatch_event
[  669.000607][   T27] Call Trace:
[  669.004272][   T27]  <TASK>
[  669.007238][   T27]  __schedule+0x12c4/0x45b0
[  669.011901][   T27]  ? mark_lock+0x98/0x340
[  669.032867][   T27]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  669.038981][   T27]  ? release_firmware_map_entry+0x18b/0x18b
[  669.052818][   T27]  ? __mutex_trylock_common+0x8d/0x2e0
[  669.058345][   T27]  ? do_raw_spin_unlock+0x137/0x8b0
[  669.072898][   T27]  ? _raw_spin_unlock_irq+0x1f/0x40
[  669.078240][   T27]  ? lockdep_hardirqs_on+0x94/0x130
[  669.092873][   T27]  schedule+0x11b/0x1f0
[  669.097084][   T27]  schedule_preempt_disabled+0xf/0x20
[  669.102478][   T27]  __mutex_lock_common+0xe34/0x25a0
[  669.115012][   T27]  ? linkwatch_event+0xa/0x50
[  669.142251][   T27]  ? mutex_lock_io_nested+0x60/0x60
[  669.152803][   T27]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  669.158833][   T27]  ? print_irqtrace_events+0x210/0x210
[  669.176866][   T27]  ? do_raw_spin_unlock+0x137/0x8b0
[  669.182128][   T27]  mutex_lock_nested+0x17/0x20
[  669.198569][   T27]  linkwatch_event+0xa/0x50
[  669.223019][   T27]  process_one_work+0x8a1/0x10c0
[  669.228366][   T27]  ? worker_detach_from_pool+0x260/0x260
[  669.249986][   T27]  ? _raw_spin_lock_irqsave+0x120/0x120
[  669.262803][   T27]  ? kthread_data+0x4e/0xc0
[  669.278815][   T27]  ? wq_worker_running+0x97/0x170
[  669.284607][   T27]  worker_thread+0xaca/0x1280
[  669.289346][   T27]  kthread+0x3f6/0x4f0
[  669.298017][   T27]  ? rcu_lock_release+0x20/0x20
[  669.313555][   T27]  ? kthread_blkcg+0xd0/0xd0
[  669.318376][   T27]  ret_from_fork+0x1f/0x30
[  669.323327][   T27]  </TASK>
[  669.326475][   T27] INFO: task kworker/1:14:20029 blocked for more than 143 seconds.
[  669.342931][   T27]       Not tainted 5.15.148-syzkaller #0
[  669.348673][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  669.357778][   T27] task:kworker/1:14    state:D stack:21816 pid:20029 ppid:     2 flags:0x00004000
[  669.367359][   T27] Workqueue: events switchdev_deferred_process_work
[  669.383719][   T27] Call Trace:
[  669.387029][   T27]  <TASK>
[  669.389980][   T27]  __schedule+0x12c4/0x45b0
[  669.395020][   T27]  ? mark_lock+0x98/0x340
[  669.399393][   T27]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  669.405802][   T27]  ? release_firmware_map_entry+0x18b/0x18b
[  669.411726][   T27]  ? __mutex_trylock_common+0x8d/0x2e0
[  669.422803][   T27]  ? do_raw_spin_unlock+0x137/0x8b0
[  669.428046][   T27]  ? _raw_spin_unlock_irq+0x1f/0x40
[  669.462798][   T27]  ? lockdep_hardirqs_on+0x94/0x130
[  669.468055][   T27]  schedule+0x11b/0x1f0
[  669.472249][   T27]  schedule_preempt_disabled+0xf/0x20
[  669.492805][   T27]  __mutex_lock_common+0xe34/0x25a0
[  669.498073][   T27]  ? switchdev_deferred_process_work+0xa/0x20
[  669.512822][   T27]  ? mutex_lock_io_nested+0x60/0x60
[  669.518064][   T27]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  669.542866][   T27]  ? print_irqtrace_events+0x210/0x210
[  669.548384][   T27]  ? do_raw_spin_unlock+0x137/0x8b0
[  669.567256][   T27]  mutex_lock_nested+0x17/0x20
[  669.572079][   T27]  switchdev_deferred_process_work+0xa/0x20
[  669.614161][   T27]  process_one_work+0x8a1/0x10c0
[  669.619178][   T27]  ? worker_detach_from_pool+0x260/0x260
[  669.635511][   T27]  ? _raw_spin_lock_irqsave+0x120/0x120
[  669.641135][   T27]  ? kthread_data+0x4e/0xc0
[  669.662953][   T27]  ? wq_worker_running+0x97/0x170
[  669.668039][   T27]  worker_thread+0xaca/0x1280
[  669.672742][   T27]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  669.698110][   T27]  kthread+0x3f6/0x4f0
[  669.702226][   T27]  ? rcu_lock_release+0x20/0x20
[  669.727996][   T27]  ? kthread_blkcg+0xd0/0xd0
[  669.732738][   T27]  ret_from_fork+0x1f/0x30
[  669.739802][   T27]  </TASK>
[  669.752916][   T27] INFO: task syz-executor.2:20347 blocked for more than 144 seconds.
[  669.761014][   T27]       Not tainted 5.15.148-syzkaller #0
[  669.767186][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  669.802829][   T27] task:syz-executor.2  state:D stack:21360 pid:20347 ppid:     1 flags:0x00004006
[  669.812113][   T27] Call Trace:
[  669.834136][   T27]  <TASK>
[  669.837134][   T27]  __schedule+0x12c4/0x45b0
[  669.852930][   T27]  ? release_firmware_map_entry+0x18b/0x18b
[  669.858883][   T27]  ? __mutex_trylock_common+0x8d/0x2e0
[  669.878769][   T27]  ? do_raw_spin_unlock+0x137/0x8b0
[  669.889004][   T27]  schedule+0x11b/0x1f0
[  669.902840][   T27]  schedule_preempt_disabled+0xf/0x20
[  669.908269][   T27]  __mutex_lock_common+0xe34/0x25a0
[  669.934098][   T27]  ? rtnetlink_rcv_msg+0x94c/0xee0
[  669.939375][   T27]  ? mutex_lock_io_nested+0x60/0x60
[  669.962918][   T27]  mutex_lock_nested+0x17/0x20
[  669.967788][   T27]  rtnetlink_rcv_msg+0x94c/0xee0
[  669.982909][   T27]  ? reacquire_held_locks+0x660/0x660
[  669.988345][   T27]  ? rtnetlink_bind+0x80/0x80
[  670.002852][   T27]  ? is_bpf_text_address+0x24f/0x260
[  670.008321][   T27]  ? stack_trace_save+0x1c0/0x1c0
[  670.023157][   T27]  ? __kernel_text_address+0x94/0x100
[  670.028604][   T27]  ? unwind_get_return_address+0x49/0x80
[  670.041717][   T27]  ? arch_stack_walk+0xf3/0x140
[  670.082965][   T27]  ? mark_lock+0x98/0x340
[  670.087448][   T27]  ? mark_lock+0x98/0x340
[  670.091803][   T27]  ? __lock_acquire+0x1295/0x1ff0
[  670.112839][   T27]  netlink_rcv_skb+0x1cf/0x410
[  670.117735][   T27]  ? rtnetlink_bind+0x80/0x80
[  670.122557][   T27]  ? netlink_ack+0xb10/0xb10
[  670.164067][   T27]  netlink_unicast+0x7b6/0x980
[  670.169004][   T27]  ? netlink_detachskb+0x90/0x90
[  670.192863][   T27]  ? 0xffffffff81000000
[  670.197083][   T27]  ? __check_object_size+0x300/0x410
[  670.202621][   T27]  ? bpf_lsm_netlink_send+0x5/0x10
[  670.232888][   T27]  netlink_sendmsg+0xa30/0xd60
[  670.237825][   T27]  ? netlink_getsockopt+0x5b0/0x5b0
[  670.274042][   T27]  ? aa_sock_msg_perm+0x91/0x150
[  670.279170][   T27]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  670.296851][   T27]  ? security_socket_sendmsg+0x7d/0xa0
[  670.302596][   T27]  ? netlink_getsockopt+0x5b0/0x5b0
[  670.324530][   T27]  __sys_sendto+0x564/0x720
[  670.343055][   T27]  ? __ia32_sys_getpeername+0x80/0x80
[  670.349073][   T27]  ? print_irqtrace_events+0x210/0x210
[  670.374138][   T27]  ? vtime_user_exit+0x2d1/0x400
[  670.379207][   T27]  __x64_sys_sendto+0xda/0xf0
[  670.401997][   T27]  do_syscall_64+0x3d/0xb0
[  670.412885][   T27]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  670.441659][   T27] RIP: 0033:0x7efd34b2aa9c
[  670.448280][   T27] RSP: 002b:00007ffd26839a50 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  670.472892][   T27] RAX: ffffffffffffffda RBX: 00007efd3577f620 RCX: 00007efd34b2aa9c
[  670.480917][   T27] RDX: 0000000000000058 RSI: 00007efd3577f670 RDI: 0000000000000003
[  670.513944][   T27] RBP: 0000000000000000 R08: 00007ffd26839aa4 R09: 000000000000000c
[  670.522211][   T27] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  670.556658][   T27] R13: 0000000000000000 R14: 00007efd3577f670 R15: 0000000000000000
[  670.583096][   T27]  </TASK>
[  670.586209][   T27] INFO: task syz-executor.3:20440 blocked for more than 145 seconds.
[  670.596061][   T27]       Not tainted 5.15.148-syzkaller #0
[  670.612849][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  670.621555][   T27] task:syz-executor.3  state:D stack:21624 pid:20440 ppid:     1 flags:0x00004006
[  670.662958][   T27] Call Trace:
[  670.666287][   T27]  <TASK>
[  670.669255][   T27]  __schedule+0x12c4/0x45b0
[  670.682864][   T27]  ? release_firmware_map_entry+0x18b/0x18b
[  670.688971][   T27]  ? __mutex_trylock_common+0x8d/0x2e0
[  670.714308][   T27]  ? do_raw_spin_unlock+0x137/0x8b0
[  670.719585][   T27]  schedule+0x11b/0x1f0
[  670.732923][   T27]  schedule_preempt_disabled+0xf/0x20
[  670.738357][   T27]  __mutex_lock_common+0xe34/0x25a0
[  670.752836][   T27]  ? rtnetlink_rcv_msg+0x94c/0xee0
[  670.772930][   T27]  ? mutex_lock_io_nested+0x60/0x60
[  670.778212][   T27]  mutex_lock_nested+0x17/0x20
[  670.792864][   T27]  rtnetlink_rcv_msg+0x94c/0xee0
[  670.798495][   T27]  ? reacquire_held_locks+0x660/0x660
[  670.814002][   T27]  ? rtnetlink_bind+0x80/0x80
[  670.818816][   T27]  ? is_bpf_text_address+0x24f/0x260
[  670.832825][   T27]  ? stack_trace_save+0x1c0/0x1c0
[  670.843207][   T27]  ? __kernel_text_address+0x94/0x100
[  670.848632][   T27]  ? unwind_get_return_address+0x49/0x80
[  670.882950][   T27]  ? arch_stack_walk+0xf3/0x140
[  670.887864][   T27]  ? mark_lock+0x98/0x340
[  670.892231][   T27]  ? mark_lock+0x98/0x340
[  670.924123][   T27]  ? __lock_acquire+0x1295/0x1ff0
[  670.929241][   T27]  netlink_rcv_skb+0x1cf/0x410
[  670.942886][   T27]  ? rtnetlink_bind+0x80/0x80
[  670.953208][   T27]  ? netlink_ack+0xb10/0xb10
[  670.957862][   T27]  netlink_unicast+0x7b6/0x980
[  670.972871][   T27]  ? netlink_detachskb+0x90/0x90
[  670.977879][   T27]  ? 0xffffffff81000000
[  670.982062][   T27]  ? __check_object_size+0x300/0x410
[  671.002942][   T27]  ? bpf_lsm_netlink_send+0x5/0x10
[  671.008205][   T27]  netlink_sendmsg+0xa30/0xd60
[  671.022845][   T27]  ? netlink_getsockopt+0x5b0/0x5b0
[  671.028096][   T27]  ? aa_sock_msg_perm+0x91/0x150
[  671.052863][   T27]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  671.058207][   T27]  ? security_socket_sendmsg+0x7d/0xa0
[  671.082924][   T27]  ? netlink_getsockopt+0x5b0/0x5b0
[  671.088640][   T27]  __sys_sendto+0x564/0x720
[  671.093798][   T27]  ? __ia32_sys_getpeername+0x80/0x80
[  671.099251][   T27]  ? rcu_is_watching+0x11/0xa0
[  671.123568][   T27]  ? print_irqtrace_events+0x210/0x210
[  671.144393][   T27]  ? vtime_user_exit+0x2d1/0x400
[  671.149415][   T27]  __x64_sys_sendto+0xda/0xf0
[  671.162852][   T27]  do_syscall_64+0x3d/0xb0
[  671.167319][   T27]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  671.182900][   T27] RIP: 0033:0x7f55f2d06a9c
[  671.187351][   T27] RSP: 002b:00007ffee793aed0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  671.212905][   T27] RAX: ffffffffffffffda RBX: 00007f55f395b620 RCX: 00007f55f2d06a9c
[  671.220926][   T27] RDX: 0000000000000038 RSI: 00007f55f395b670 RDI: 0000000000000003
[  671.242675][   T27] RBP: 0000000000000000 R08: 00007ffee793af24 R09: 000000000000000c
[  671.264076][   T27] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  671.272104][   T27] R13: 0000000000000000 R14: 00007f55f395b670 R15: 0000000000000000
[  671.303201][   T27]  </TASK>
[  671.313443][   T27] INFO: task syz-executor.1:20443 blocked for more than 145 seconds.
[  671.321879][   T27]       Not tainted 5.15.148-syzkaller #0
[  671.332853][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  671.352884][   T27] task:syz-executor.1  state:D stack:21624 pid:20443 ppid:     1 flags:0x00004006
[  671.362246][   T27] Call Trace:
[  671.380072][   T27]  <TASK>
[  671.392901][   T27]  __schedule+0x12c4/0x45b0
[  671.397489][   T27]  ? release_firmware_map_entry+0x18b/0x18b
[  671.419730][   T27]  ? __mutex_trylock_common+0x8d/0x2e0
[  671.425524][   T27]  ? do_raw_spin_unlock+0x137/0x8b0
[  671.430759][   T27]  schedule+0x11b/0x1f0
[  671.463657][   T27]  schedule_preempt_disabled+0xf/0x20
[  671.469202][   T27]  __mutex_lock_common+0xe34/0x25a0
[  671.476189][   T27]  ? rtnetlink_rcv_msg+0x94c/0xee0
[  671.492836][   T27]  ? mutex_lock_io_nested+0x60/0x60
[  671.498134][   T27]  mutex_lock_nested+0x17/0x20
[  671.512923][   T27]  rtnetlink_rcv_msg+0x94c/0xee0
[  671.517914][   T27]  ? reacquire_held_locks+0x660/0x660
[  671.532925][   T27]  ? rtnetlink_bind+0x80/0x80
[  671.537656][   T27]  ? is_bpf_text_address+0x24f/0x260
[  671.562871][   T27]  ? stack_trace_save+0x1c0/0x1c0
[  671.568050][   T27]  ? __kernel_text_address+0x94/0x100
[  671.594190][   T27]  ? unwind_get_return_address+0x49/0x80
[  671.612869][   T27]  ? arch_stack_walk+0xf3/0x140
[  671.617795][   T27]  ? mark_lock+0x98/0x340
[  671.622150][   T27]  ? mark_lock+0x98/0x340
[  671.646447][   T27]  ? __lock_acquire+0x1295/0x1ff0
[  671.651561][   T27]  netlink_rcv_skb+0x1cf/0x410
[  671.683907][   T27]  ? rtnetlink_bind+0x80/0x80
[  671.688659][   T27]  ? netlink_ack+0xb10/0xb10
[  671.705371][   T27]  netlink_unicast+0x7b6/0x980
[  671.710207][   T27]  ? netlink_detachskb+0x90/0x90
[  671.732815][   T27]  ? 0xffffffff81000000
[  671.737645][   T27]  ? __check_object_size+0x300/0x410
[  671.751238][   T27]  ? bpf_lsm_netlink_send+0x5/0x10
[  671.772851][   T27]  netlink_sendmsg+0xa30/0xd60
[  671.777696][   T27]  ? netlink_getsockopt+0x5b0/0x5b0
[  671.788695][   T27]  ? aa_sock_msg_perm+0x91/0x150
[  671.804059][   T27]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  671.809398][   T27]  ? security_socket_sendmsg+0x7d/0xa0
[  671.842858][   T27]  ? netlink_getsockopt+0x5b0/0x5b0
[  671.848128][   T27]  __sys_sendto+0x564/0x720
[  671.852667][   T27]  ? __ia32_sys_getpeername+0x80/0x80
[  671.872926][   T27]  ? rcu_is_watching+0x11/0xa0
[  671.877762][   T27]  ? print_irqtrace_events+0x210/0x210
[  671.892890][   T27]  ? vtime_user_exit+0x2d1/0x400
[  671.897918][   T27]  __x64_sys_sendto+0xda/0xf0
[  671.902641][   T27]  do_syscall_64+0x3d/0xb0
[  671.932953][   T27]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  671.938925][   T27] RIP: 0033:0x7fd966241a9c
[  671.952852][   T27] RSP: 002b:00007ffd681e3020 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  671.961328][   T27] RAX: ffffffffffffffda RBX: 00007fd966e96620 RCX: 00007fd966241a9c
[  671.984916][   T27] RDX: 0000000000000038 RSI: 00007fd966e96670 RDI: 0000000000000003
[  672.010336][   T27] RBP: 0000000000000000 R08: 00007ffd681e3074 R09: 000000000000000c
[  672.024252][   T27] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  672.032270][   T27] R13: 0000000000000000 R14: 00007fd966e96670 R15: 0000000000000000
[  672.062939][   T27]  </TASK>
[  672.066113][   T27] 
[  672.066113][   T27] Showing all locks held in the system:
[  672.082875][   T27] 3 locks held by kworker/0:1/13:
[  672.093649][   T27]  #0: ffff888011c71d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  672.123000][   T27]  #1: ffffc90000d27d20 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  672.162930][   T27]  #2: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x7f/0xb70
[  672.172666][   T27] 3 locks held by kworker/1:1/25:
[  672.202939][   T27]  #0: ffff888011c70d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  672.232954][   T27]  #1: ffffc90000dffd20 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  672.263016][T20027] Bluetooth: hci5: command 0x0406 tx timeout
[  672.269113][   T27]  #2: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50
[  672.285711][   T27] 1 lock held by khungtaskd/27:
[  672.291362][   T27]  #0: ffffffff8c91f220 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
[  672.313627][   T27] 5 locks held by kworker/u4:3/753:
[  672.318873][   T27]  #0: ffff888011dcd138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  672.329734][   T27]  #1: ffffc90002a07d20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  672.364088][   T27]  #2: ffffffff8d9cead0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf1/0xb60
[  672.392881][   T27]  #3: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0x1ac/0x3f0
[  672.426119][   T27]  #4: ffffffff8c9237e8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x280/0x740
[  672.442835][   T27] 2 locks held by kworker/0:2/1066:
[  672.448071][   T27]  #0: ffff888011c72538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  672.482997][   T27]  #1: ffffc90004467d20 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  672.522871][   T27] 3 locks held by kworker/1:2/1900:
[  672.528117][   T27]  #0: ffff888023c50d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  672.551653][   T27]  #1: ffffc90005ca7d20 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  672.568122][   T27]  #2: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20
[  672.584373][   T27] 2 locks held by getty/3257:
[  672.589089][   T27]  #0: ffff88814ad40098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70
[  672.642955][   T27]  #1: ffffc90002bab2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0
[  672.672909][   T27] 4 locks held by kworker/u4:6/13257:
[  672.678388][   T27] 3 locks held by kworker/u4:7/18812:
[  672.687192][   T27] 3 locks held by kworker/1:14/20029:
[  672.692613][   T27]  #0: ffff888011c70d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  672.707385][   T27]  #1: ffffc90003557d20 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  672.719971][   T27]  #2: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20
[  672.772975][   T27] 1 lock held by syz-executor.0/20217:
[  672.778486][   T27] 1 lock held by syz-executor.0/20229:
[  672.794037][   T27] 1 lock held by syz-executor.0/20238:
[  672.799546][   T27] 2 locks held by syz-executor.0/20241:
[  672.822951][   T27] 2 locks held by syz-executor.0/20244:
[  672.828544][   T27] 1 lock held by syz-executor.0/20247:
[  672.842832][   T27] 1 lock held by syz-executor.0/20250:
[  672.848326][   T27] 1 lock held by syz-executor.0/20253:
[  672.872669][   T27] 2 locks held by syz-executor.0/20256:
[  672.878734][   T27] 1 lock held by syz-executor.0/20259:
[  672.904337][   T27] 2 locks held by syz-executor.0/20262:
[  672.918670][   T27] 1 lock held by syz-executor.2/20347:
[  672.942849][   T27]  #0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  672.952506][   T27] 1 lock held by syz-executor.3/20440:
[  672.979986][   T27]  #0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  673.003375][   T27] 1 lock held by syz-executor.1/20443:
[  673.008888][   T27]  #0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  673.042958][   T27] 1 lock held by syz-executor.4/20473:
[  673.048467][   T27] 2 locks held by syz-executor.4/20476:
[  673.062895][   T27] 2 locks held by syz-executor.4/20479:
[  673.068475][   T27] 3 locks held by syz-executor.4/20482:
[  673.082882][   T27] 1 lock held by syz-executor.4/20488:
[  673.088381][   T27] 2 locks held by syz-executor.4/20491:
[  673.112933][   T27] 2 locks held by syz-executor.4/20494:
[  673.119942][   T27] 1 lock held by syz-executor.0/20649:
[  673.132869][   T27]  #0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  673.162907][   T27] 3 locks held by syz-executor.4/20693:
[  673.168505][   T27] 2 locks held by syz-executor.4/20745:
[  673.193029][   T27] 3 locks held by syz-executor.4/20748:
[  673.198622][   T27] 3 locks held by syz-executor.4/20751:
[  673.219673][   T27] 2 locks held by syz-executor.4/20756:
[  673.232114][   T27] 1 lock held by syz-executor.2/20757:
[  673.242893][   T27]  #0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  673.252373][   T27] 2 locks held by syz-executor.4/20762:
[  673.286480][   T27] 2 locks held by syz-executor.4/20765:
[  673.308392][   T27] 2 locks held by syz-executor.4/20769:
[  673.328314][   T27] 2 locks held by syz-executor.4/20772:
[  673.342160][   T27] 2 locks held by syz-executor.4/20775:
[  673.352924][   T27]  #0: ffff888024768460 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1825/0x31e0
[  673.362310][   T27]  #1: ffff88805b74b5c8 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_buffered_write_iter+0xa0/0x360
[  673.432855][   T27] 2 locks held by syz-executor.4/20781:
[  673.438450][   T27] 3 locks held by syz-executor.4/20784:
[  673.454057][   T27] 3 locks held by syz-executor.4/20787:
[  673.459649][   T27] 1 lock held by syz-executor.3/20791:
[  673.484141][   T27]  #0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  673.512885][   T27] 1 lock held by syz-executor.1/20793:
[  673.518458][   T27]  #0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  673.532846][   T27] 2 locks held by syz-executor.4/20802:
[  673.552904][   T27] 2 locks held by syz-executor.4/20805:
[  673.564530][   T27] 2 locks held by syz-executor.4/20809:
[  673.594335][   T27]  #0: ffff888024768460 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1825/0x31e0
[  673.612900][   T27]  #1: ffff88805b58d3b0 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_buffered_write_iter+0xa0/0x360
[  673.632877][   T27] 2 locks held by syz-executor.4/20817:
[  673.638826][   T27] 2 locks held by syz-executor.4/20824:
[  673.661460][   T27] 2 locks held by syz-executor.4/20831:
[  673.682897][   T27]  #0: ffff888024768460 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1825/0x31e0
[  673.692213][   T27]  #1: ffff88805b74d3b0 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_buffered_write_iter+0xa0/0x360
[  673.722911][   T27] 2 locks held by syz-executor.4/20834:
[  673.728515][   T27] 1 lock held by syz-executor.0/20851:
[  673.752884][   T27]  #0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  673.762368][   T27] 1 lock held by syz-executor.2/20875:
[  673.793078][   T27]  #0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  673.802564][   T27] 1 lock held by syz-executor.3/20883:
[  673.822999][   T27]  #0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  673.832473][   T27] 1 lock held by syz-executor.1/20888:
[  673.852947][   T27]  #0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  673.862429][   T27] 1 lock held by syz-executor.0/20896:
[  673.882927][   T27]  #0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  673.902887][   T27] 
[  673.912937][   T27] =============================================
[  673.912937][   T27] 
[  673.921381][   T27] NMI backtrace for cpu 1
[  673.925728][   T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.148-syzkaller #0
[  673.933814][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  673.943886][   T27] Call Trace:
[  673.947179][   T27]  <TASK>
[  673.950125][   T27]  dump_stack_lvl+0x1e3/0x2cb
[  673.954853][   T27]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[  673.960512][   T27]  ? panic+0x84d/0x84d
[  673.964635][   T27]  ? nmi_cpu_backtrace+0x23b/0x4a0
[  673.969852][   T27]  nmi_cpu_backtrace+0x46a/0x4a0
[  673.974830][   T27]  ? __wake_up_klogd+0xd5/0x100
[  673.979735][   T27]  ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0
[  673.985907][   T27]  ? _printk+0xd1/0x111
[  673.990086][   T27]  ? panic+0x84d/0x84d
[  673.994170][   T27]  ? __wake_up_klogd+0xcc/0x100
[  673.999058][   T27]  ? panic+0x84d/0x84d
[  674.003145][   T27]  ? __rcu_read_unlock+0x92/0x100
[  674.008191][   T27]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  674.014342][   T27]  nmi_trigger_cpumask_backtrace+0x181/0x2a0
[  674.020345][   T27]  watchdog+0xe72/0xeb0
[  674.024591][   T27]  kthread+0x3f6/0x4f0
[  674.028673][   T27]  ? hungtask_pm_notify+0x50/0x50
[  674.033709][   T27]  ? kthread_blkcg+0xd0/0xd0
[  674.038319][   T27]  ret_from_fork+0x1f/0x30
[  674.042765][   T27]  </TASK>
[  674.046866][   T27] Sending NMI from CPU 1 to CPUs 0:
[  674.052100][    C0] NMI backtrace for cpu 0
[  674.052112][    C0] CPU: 0 PID: 20769 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller #0
[  674.052129][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  674.052138][    C0] RIP: 0010:isolate_lru_pages+0x2a6/0x1630
[  674.052235][    C0] Code: 3c 38 00 74 08 4c 89 e7 e8 17 2e 1a 00 49 8b 1c 24 48 c7 c7 ff ff ff ff 48 89 de e8 94 7b d0 ff 48 83 fb ff 0f 84 b4 11 00 00 <4c> 89 6c 24 10 4c 89 e7 be 08 00 00 00 e8 78 2f 1a 00 48 8b 44 24
[  674.052248][    C0] RSP: 0018:ffffc900044f5860 EFLAGS: 00000017
[  674.052263][    C0] RAX: 0000000000000000 RBX: 00fff0000004207c RCX: ffff88807d691dc0
[  674.052275][    C0] RDX: 0000000000000000 RSI: 00fff0000004207c RDI: ffffffffffffffff
[  674.052287][    C0] RBP: ffffc900044f5a70 R08: ffffffff81afb60c R09: fffff9400018da19
[  674.052299][    C0] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffea0000a7bbc0
[  674.052310][    C0] R13: ffffea0000a7bbc8 R14: 000000000000001b R15: dffffc0000000000
[  674.052327][    C0] FS:  00000000200003c0(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[  674.052342][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  674.052353][    C0] CR2: 00007f740c78a978 CR3: 0000000039f19000 CR4: 00000000003506f0
[  674.052367][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  674.052376][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  674.052386][    C0] Call Trace:
[  674.052391][    C0]  <NMI>
[  674.052397][    C0]  ? nmi_cpu_backtrace+0x39f/0x4a0
[  674.052418][    C0]  ? read_lock_is_recursive+0x10/0x10
[  674.052436][    C0]  ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0
[  674.052455][    C0]  ? unknown_nmi_error+0xd0/0xd0
[  674.052506][    C0]  ? nmi_cpu_backtrace_handler+0x8/0x10
[  674.052523][    C0]  ? nmi_handle+0xf7/0x370
[  674.052540][    C0]  ? isolate_lru_pages+0x2a6/0x1630
[  674.052559][    C0]  ? default_do_nmi+0x62/0x150
[  674.052579][    C0]  ? exc_nmi+0xab/0x120
[  674.052596][    C0]  ? end_repeat_nmi+0x16/0x31
[  674.052618][    C0]  ? isolate_lru_pages+0x29c/0x1630
[  674.052637][    C0]  ? isolate_lru_pages+0x2a6/0x1630
[  674.052657][    C0]  ? isolate_lru_pages+0x2a6/0x1630
[  674.052676][    C0]  ? isolate_lru_pages+0x2a6/0x1630
[  674.052695][    C0]  </NMI>
[  674.052699][    C0]  <TASK>
[  674.052715][    C0]  ? shrink_active_list+0x1250/0x1250
[  674.052735][    C0]  ? _raw_spin_lock_irq+0xa9/0x110
[  674.052753][    C0]  ? lockdep_hardirqs_off+0x70/0x100
[  674.052772][    C0]  ? _raw_spin_lock_irq+0xdb/0x110
[  674.052789][    C0]  ? _raw_spin_lock_irqsave+0x120/0x120
[  674.052813][    C0]  shrink_active_list+0x2a8/0x1250
[  674.052842][    C0]  ? shrink_node+0x25d0/0x25d0
[  674.052862][    C0]  ? __might_sleep+0xc0/0xc0
[  674.052882][    C0]  ? __wakeup_flusher_threads_bdi+0x264/0x290
[  674.052931][    C0]  shrink_lruvec+0x1012/0x2b90
[  674.052975][    C0]  ? mem_cgroup_shrink_node+0x8e0/0x8e0
[  674.053012][    C0]  ? __might_sleep+0xc0/0xc0
[  674.053036][    C0]  ? mem_cgroup_iter+0x3b4/0x520
[  674.053078][    C0]  shrink_node+0x10a7/0x25d0
[  674.053129][    C0]  do_try_to_free_pages+0x650/0x1670
[  674.053164][    C0]  ? try_to_free_pages+0xfd0/0xfd0
[  674.053185][    C0]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  674.053214][    C0]  try_to_free_mem_cgroup_pages+0x44c/0xa60
[  674.053236][    C0]  ? do_raw_spin_unlock+0x137/0x8b0
[  674.053258][    C0]  ? shrink_lruvec+0x2b90/0x2b90
[  674.053284][    C0]  ? psi_task_switch+0x810/0x810
[  674.053305][    C0]  ? cgroup_file_notify+0x10d/0x190
[  674.053354][    C0]  try_charge_memcg+0x4f4/0x1530
[  674.053386][    C0]  ? get_mem_cgroup_from_objcg+0x120/0x120
[  674.053417][    C0]  ? rcu_lock_acquire+0x30/0x30
[  674.053436][    C0]  ? __lock_acquire+0x1ff0/0x1ff0
[  674.053455][    C0]  charge_memcg+0x10b/0x340
[  674.053473][    C0]  ? __mem_cgroup_charge+0x80/0x80
[  674.053494][    C0]  __mem_cgroup_charge+0x23/0x80
[  674.053511][    C0]  __add_to_page_cache_locked+0xbdb/0x11a0
[  674.053533][    C0]  ? __rmqueue_pcplist+0x2030/0x2030
[  674.053559][    C0]  ? put_page+0x1e0/0x1e0
[  674.053575][    C0]  ? workingset_activation+0x750/0x750
[  674.053609][    C0]  ? alloc_pages+0x458/0x570
[  674.053645][    C0]  add_to_page_cache_lru+0x1b3/0x560
[  674.053665][    C0]  ? add_to_page_cache_locked+0x40/0x40
[  674.053683][    C0]  ? xas_load+0x128/0x140
[  674.053708][    C0]  pagecache_get_page+0xbe0/0x1010
[  674.053728][    C0]  ? page_cache_prev_miss+0x500/0x500
[  674.053748][    C0]  ? up_read+0x20/0x20
[  674.053765][    C0]  ? get_nr_dirty_inodes+0x25f/0x2e0
[  674.053818][    C0]  grab_cache_page_write_begin+0x57/0x90
[  674.053837][    C0]  ext4_da_write_begin+0x599/0xb60
[  674.053878][    C0]  ? ext4_set_page_dirty+0x340/0x340
[  674.053892][    C0]  ? current_time+0x1af/0x2f0
[  674.053909][    C0]  ? atime_needs_update+0x7b0/0x7b0
[  674.053927][    C0]  generic_perform_write+0x2bf/0x5b0
[  674.053951][    C0]  ? grab_cache_page_write_begin+0x90/0x90
[  674.053973][    C0]  ? ext4_write_checks+0x255/0x2c0
[  674.053992][    C0]  ext4_buffered_write_iter+0x227/0x360
[  674.054013][    C0]  ext4_file_write_iter+0x87c/0x1990
[  674.054029][    C0]  ? _raw_spin_unlock+0x24/0x40
[  674.054045][    C0]  ? follow_page_pte+0xad5/0xb60
[  674.054067][    C0]  ? follow_page_mask+0xb59/0x13f0
[  674.054085][    C0]  ? ext4_file_read_iter+0x6c0/0x6c0
[  674.054101][    C0]  ? follow_page+0x130/0x130
[  674.054116][    C0]  ? find_vma+0xd3/0x230
[  674.054146][    C0]  ? check_vma_flags+0x407/0x490
[  674.054160][    C0]  ? iov_iter_kvec+0x4a/0x170
[  674.054182][    C0]  __kernel_write+0x5b1/0xa60
[  674.054204][    C0]  ? vfs_read+0xe10/0xe10
[  674.054219][    C0]  ? __lock_acquire+0x1ff0/0x1ff0
[  674.054240][    C0]  ? down_read_killable+0x1d2/0x350
[  674.054260][    C0]  __dump_emit+0x264/0x3a0
[  674.054282][    C0]  ? wait_for_dump_helpers+0x3d0/0x3d0
[  674.054301][    C0]  ? dump_emit+0x152/0x3f0
[  674.054325][    C0]  dump_user_range+0x91/0x320
[  674.054346][    C0]  elf_core_dump+0x3c7d/0x4570
[  674.054363][    C0]  ? reacquire_held_locks+0x660/0x660
[  674.054391][    C0]  ? load_elf_library+0xa40/0xa40
[  674.054408][    C0]  ? mark_lock+0x98/0x340
[  674.054424][    C0]  ? __lock_acquire+0x1295/0x1ff0
[  674.054459][    C0]  ? rcu_read_lock_any_held+0xb3/0x160
[  674.054502][    C0]  ? kmem_cache_alloc+0x128/0x280
[  674.054538][    C0]  do_coredump+0x1852/0x31e0
[  674.054554][    C0]  ? ____kasan_slab_free+0xd8/0x120
[  674.054572][    C0]  ? slab_free_freelist_hook+0xdd/0x160
[  674.054601][    C0]  ? nfs_ssc_unregister+0x30/0x30
[  674.054633][    C0]  ? get_signal+0x8ac/0x14e0
[  674.054688][    C0]  ? do_raw_spin_unlock+0x137/0x8b0
[  674.054705][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[  674.054721][    C0]  ? lockdep_hardirqs_on+0x94/0x130
[  674.054738][    C0]  get_signal+0xc06/0x14e0
[  674.054764][    C0]  arch_do_signal_or_restart+0xc3/0x1890
[  674.054793][    C0]  ? lockdep_hardirqs_on+0x94/0x130
[  674.054809][    C0]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  674.054827][    C0]  ? _raw_spin_unlock+0x40/0x40
[  674.054846][    C0]  ? get_sigframe_size+0x10/0x10
[  674.054864][    C0]  ? force_sig_info_to_task+0x34a/0x470
[  674.054888][    C0]  ? force_sig+0x114/0x1d0
[  674.054908][    C0]  ? exit_to_user_mode_loop+0x39/0x130
[  674.054926][    C0]  exit_to_user_mode_loop+0x97/0x130
[  674.054942][    C0]  exit_to_user_mode_prepare+0xb1/0x140
[  674.054959][    C0]  irqentry_exit_to_user_mode+0x5/0x40
[  674.054975][    C0]  exc_general_protection+0x358/0x4f0
[  674.054996][    C0]  ? vtime_user_enter+0x1eb/0x2d0
[  674.055014][    C0]  ? __context_tracking_enter+0x5f/0x90
[  674.055040][    C0]  asm_exc_general_protection+0x22/0x30
[  674.055058][    C0] RIP: 0033:0x7f740c68cdb1
[  674.055073][    C0] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
[  674.055087][    C0] RSP: 002b:0000000020000330 EFLAGS: 00010217
[  674.055102][    C0] RAX: 0000000000000000 RBX: 00007f740c7baf80 RCX: 00007f740c68cda9
[  674.055113][    C0] RDX: 0000000020000340 RSI: 0000000020000330 RDI: 0000000002088080
[  674.055124][    C0] RBP: 00007f740c6d947a R08: 00000000200003c0 R09: 00000000200003c0
[  674.055135][    C0] R10: 0000000020000380 R11: 0000000000000202 R12: 0000000000000000
[  674.055145][    C0] R13: 000000000000000b R14: 00007f740c7baf80 R15: 00007fffb5c085d8
[  674.055163][    C0]  </TASK>
[  674.174865][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[  674.852335][   T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.148-syzkaller #0
[  674.860329][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  674.870401][   T27] Call Trace:
[  674.873692][   T27]  <TASK>
[  674.876642][   T27]  dump_stack_lvl+0x1e3/0x2cb
[  674.881344][   T27]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[  674.887003][   T27]  ? panic+0x84d/0x84d
[  674.891099][   T27]  panic+0x318/0x84d
[  674.895015][   T27]  ? schedule_preempt_disabled+0x20/0x20
[  674.900667][   T27]  ? nmi_trigger_cpumask_backtrace+0x221/0x2a0
[  674.906840][   T27]  ? fb_is_primary_device+0xcc/0xcc
[  674.912057][   T27]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  674.918140][   T27]  ? nmi_trigger_cpumask_backtrace+0x221/0x2a0
[  674.924317][   T27]  ? nmi_trigger_cpumask_backtrace+0x281/0x2a0
[  674.930494][   T27]  ? nmi_trigger_cpumask_backtrace+0x286/0x2a0
[  674.936671][   T27]  watchdog+0xeb0/0xeb0
[  674.940867][   T27]  kthread+0x3f6/0x4f0
[  674.944951][   T27]  ? hungtask_pm_notify+0x50/0x50
[  674.949995][   T27]  ? kthread_blkcg+0xd0/0xd0
[  674.954606][   T27]  ret_from_fork+0x1f/0x30
[  674.959064][   T27]  </TASK>
[  674.962391][   T27] Kernel Offset: disabled
[  674.966728][   T27] Rebooting in 86400 seconds..