50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:23 executing program 2: socketpair(0x23, 0x0, 0x2, &(0x7f0000000040)) 00:11:23 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f000000150003"], 0x50}}, 0x0) 00:11:23 executing program 5: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$FOU_CMD_DEL(r0, &(0x7f00000008c0)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000840)={0x4c, 0x0, 0x10, 0x70bd27, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback}, @FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_PEER_V4={0x8, 0x8, @multicast2}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x41}, 0xc0) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_qos_setup_complete={{0xd, 0x14}, {0x7, 0xc8, {0x9, 0x1f, 0x1, 0x3ff, 0x7}}}}, 0x17) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, 0x0, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:23 executing program 3: socketpair(0x23, 0x0, 0x2, &(0x7f0000000040)) 00:11:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f000000150003"], 0x50}}, 0x0) 00:11:23 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:23 executing program 2: socketpair(0x23, 0x0, 0x2, &(0x7f0000000040)) 00:11:23 executing program 3: socketpair(0x23, 0x0, 0x2, &(0x7f0000000040)) 00:11:23 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f000000150003"], 0x50}}, 0x0) 00:11:23 executing program 5: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$FOU_CMD_DEL(r0, &(0x7f00000008c0)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000840)={0x4c, 0x0, 0x10, 0x70bd27, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback}, @FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_PEER_V4={0x8, 0x8, @multicast2}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x41}, 0xc0) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_qos_setup_complete={{0xd, 0x14}, {0x7, 0xc8, {0x9, 0x1f, 0x1, 0x3ff, 0x7}}}}, 0x17) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, 0x0, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:23 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f000000150003"], 0x50}}, 0x0) 00:11:23 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f000000150003"], 0x50}}, 0x0) 00:11:23 executing program 2: socketpair(0x23, 0x5, 0x0, &(0x7f0000000040)) 00:11:23 executing program 5: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$FOU_CMD_DEL(r0, &(0x7f00000008c0)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000840)={0x4c, 0x0, 0x10, 0x70bd27, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback}, @FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_PEER_V4={0x8, 0x8, @multicast2}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x41}, 0xc0) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_qos_setup_complete={{0xd, 0x14}, {0x7, 0xc8, {0x9, 0x1f, 0x1, 0x3ff, 0x7}}}}, 0x17) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, 0x0, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:23 executing program 3: socketpair(0x23, 0x0, 0x2, &(0x7f0000000040)) 00:11:23 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f000000150003"], 0x50}}, 0x0) 00:11:23 executing program 5: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$FOU_CMD_DEL(r0, &(0x7f00000008c0)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000840)={0x4c, 0x0, 0x10, 0x70bd27, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback}, @FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_PEER_V4={0x8, 0x8, @multicast2}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x41}, 0xc0) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_qos_setup_complete={{0xd, 0x14}, {0x7, 0xc8, {0x9, 0x1f, 0x1, 0x3ff, 0x7}}}}, 0x17) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:23 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:23 executing program 2: socketpair(0x23, 0x5, 0x0, 0x0) 00:11:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f000000150003"], 0x50}}, 0x0) 00:11:23 executing program 3: socketpair(0x0, 0x0, 0x2, &(0x7f0000000040)) 00:11:24 executing program 2: socketpair(0x23, 0x5, 0x0, 0x0) 00:11:24 executing program 5: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$FOU_CMD_DEL(r0, &(0x7f00000008c0)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000840)={0x4c, 0x0, 0x10, 0x70bd27, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback}, @FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_PEER_V4={0x8, 0x8, @multicast2}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x41}, 0xc0) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_qos_setup_complete={{0xd, 0x14}, {0x7, 0xc8, {0x9, 0x1f, 0x1, 0x3ff, 0x7}}}}, 0x17) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:24 executing program 1: socketpair(0x23, 0x5, 0x0, &(0x7f0000000040)) 00:11:24 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f000000150003"], 0x50}}, 0x0) 00:11:24 executing program 2: socketpair(0x23, 0x5, 0x0, 0x0) 00:11:24 executing program 5: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$FOU_CMD_DEL(r0, &(0x7f00000008c0)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000840)={0x4c, 0x0, 0x10, 0x70bd27, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback}, @FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_PEER_V4={0x8, 0x8, @multicast2}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x41}, 0xc0) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_qos_setup_complete={{0xd, 0x14}, {0x7, 0xc8, {0x9, 0x1f, 0x1, 0x3ff, 0x7}}}}, 0x17) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:24 executing program 3: socketpair(0x0, 0x0, 0x2, &(0x7f0000000040)) 00:11:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:24 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:24 executing program 1: socketpair(0x23, 0x5, 0x0, &(0x7f0000000040)) 00:11:24 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f0000000380)={0x8, 0x6, 0x9, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r4, 0x40106437, &(0x7f0000000040)={0x0, 0x80000000}) mkdirat$cgroup(r4, &(0x7f0000000200)='syz0\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) bind$can_j1939(r6, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0xff}, 0xfc}, 0x18) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x6, 0x1f, 0x21261f3c, 0x1ff, 0x7, 0x3f, 0x6, 0x2755, 0xfffffffc], 0x9, 0x800, 0x0, 0xffffffffffffffff}) openat$cgroup_procs(r7, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) ioctl$IMCLEAR_L2(r4, 0x80044946, &(0x7f0000000000)=0x7f) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000300)={'syztnl0\x00', 0x0, 0x5e, 0x7f, 0x1f, 0x7, 0x0, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x7800, 0x4}}) r8 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000004c0), 0x100, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r6, 0xc01064c2, &(0x7f0000000500)={0x0, 0x1, r5}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r2, 0xc01064c2, &(0x7f0000000540)={0x0, 0x1, r5}) socket$vsock_stream(0x28, 0x1, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r8, 0xc01864cd, &(0x7f0000000600)={&(0x7f0000000580)=[0x0, 0x0, r9, r10], &(0x7f00000005c0), 0x4, 0x1}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0) 00:11:24 executing program 5: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$FOU_CMD_DEL(r0, &(0x7f00000008c0)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000840)={0x4c, 0x0, 0x10, 0x70bd27, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback}, @FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_PEER_V4={0x8, 0x8, @multicast2}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x41}, 0xc0) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_qos_setup_complete={{0xd, 0x14}, {0x7, 0xc8, {0x9, 0x1f, 0x1, 0x3ff, 0x7}}}}, 0x17) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r2, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:24 executing program 4: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) ioctl$DRM_IOCTL_RM_MAP(r1, 0x4028641b, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x48, 0x0, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@L2TP_ATTR_IP_DADDR={0x8, 0x19, @loopback}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0xfa}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x9}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'hsr0\x00'}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x7}]}, 0x48}, 0x1, 0x0, 0x0, 0x8800}, 0x4000000) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000100)={0x80000000, 0x0, 0x10000}) ioctl$IMCTRLREQ(0xffffffffffffffff, 0x80044945, &(0x7f0000000040)={0x4005, 0x7f, 0x4, 0x5}) 00:11:24 executing program 3: socketpair(0x0, 0x0, 0x2, &(0x7f0000000040)) 00:11:24 executing program 5: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$FOU_CMD_DEL(r0, &(0x7f00000008c0)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000840)={0x4c, 0x0, 0x10, 0x70bd27, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback}, @FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_PEER_V4={0x8, 0x8, @multicast2}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x41}, 0xc0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r2, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:24 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f0000000380)={0x8, 0x6, 0x9, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r4, 0x40106437, &(0x7f0000000040)={0x0, 0x80000000}) mkdirat$cgroup(r4, &(0x7f0000000200)='syz0\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) bind$can_j1939(r6, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0xff}, 0xfc}, 0x18) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x6, 0x1f, 0x21261f3c, 0x1ff, 0x7, 0x3f, 0x6, 0x2755, 0xfffffffc], 0x9, 0x800, 0x0, 0xffffffffffffffff}) openat$cgroup_procs(r7, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) ioctl$IMCLEAR_L2(r4, 0x80044946, &(0x7f0000000000)=0x7f) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000300)={'syztnl0\x00', 0x0, 0x5e, 0x7f, 0x1f, 0x7, 0x0, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x7800, 0x4}}) r8 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000004c0), 0x100, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r6, 0xc01064c2, &(0x7f0000000500)={0x0, 0x1, r5}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r2, 0xc01064c2, &(0x7f0000000540)={0x0, 0x1, r5}) socket$vsock_stream(0x28, 0x1, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r8, 0xc01864cd, &(0x7f0000000600)={&(0x7f0000000580)=[0x0, 0x0, r9, r10], &(0x7f00000005c0), 0x4, 0x1}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0) 00:11:24 executing program 3: socketpair(0x23, 0x0, 0x0, &(0x7f0000000040)) 00:11:24 executing program 1: socketpair(0x23, 0x5, 0x0, &(0x7f0000000040)) 00:11:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:24 executing program 5: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r2, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:24 executing program 3: socketpair(0x23, 0x0, 0x0, &(0x7f0000000040)) 00:11:24 executing program 4: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) ioctl$DRM_IOCTL_RM_MAP(r1, 0x4028641b, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x48, 0x0, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@L2TP_ATTR_IP_DADDR={0x8, 0x19, @loopback}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0xfa}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x9}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'hsr0\x00'}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x7}]}, 0x48}, 0x1, 0x0, 0x0, 0x8800}, 0x4000000) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000100)={0x80000000, 0x0, 0x10000}) ioctl$IMCTRLREQ(0xffffffffffffffff, 0x80044945, &(0x7f0000000040)={0x4005, 0x7f, 0x4, 0x5}) 00:11:24 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f0000000380)={0x8, 0x6, 0x9, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r4, 0x40106437, &(0x7f0000000040)={0x0, 0x80000000}) mkdirat$cgroup(r4, &(0x7f0000000200)='syz0\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) bind$can_j1939(r6, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0xff}, 0xfc}, 0x18) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x6, 0x1f, 0x21261f3c, 0x1ff, 0x7, 0x3f, 0x6, 0x2755, 0xfffffffc], 0x9, 0x800, 0x0, 0xffffffffffffffff}) openat$cgroup_procs(r7, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) ioctl$IMCLEAR_L2(r4, 0x80044946, &(0x7f0000000000)=0x7f) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000300)={'syztnl0\x00', 0x0, 0x5e, 0x7f, 0x1f, 0x7, 0x0, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x7800, 0x4}}) r8 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000004c0), 0x100, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r6, 0xc01064c2, &(0x7f0000000500)={0x0, 0x1, r5}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r2, 0xc01064c2, &(0x7f0000000540)={0x0, 0x1, r5}) socket$vsock_stream(0x28, 0x1, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r8, 0xc01864cd, &(0x7f0000000600)={&(0x7f0000000580)=[0x0, 0x0, r9, r10], &(0x7f00000005c0), 0x4, 0x1}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0) 00:11:24 executing program 1: socketpair(0x0, 0x5, 0x0, &(0x7f0000000040)) 00:11:24 executing program 5: openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:24 executing program 3: socketpair(0x23, 0x0, 0x0, &(0x7f0000000040)) 00:11:24 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f0000000380)={0x8, 0x6, 0x9, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r4, 0x40106437, &(0x7f0000000040)={0x0, 0x80000000}) mkdirat$cgroup(r4, &(0x7f0000000200)='syz0\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) bind$can_j1939(r6, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0xff}, 0xfc}, 0x18) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x6, 0x1f, 0x21261f3c, 0x1ff, 0x7, 0x3f, 0x6, 0x2755, 0xfffffffc], 0x9, 0x800, 0x0, 0xffffffffffffffff}) openat$cgroup_procs(r7, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) ioctl$IMCLEAR_L2(r4, 0x80044946, &(0x7f0000000000)=0x7f) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000300)={'syztnl0\x00', 0x0, 0x5e, 0x7f, 0x1f, 0x7, 0x0, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x7800, 0x4}}) r8 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000004c0), 0x100, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r6, 0xc01064c2, &(0x7f0000000500)={0x0, 0x1, r5}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r2, 0xc01064c2, &(0x7f0000000540)={0x0, 0x1, r5}) socket$vsock_stream(0x28, 0x1, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r8, 0xc01864cd, &(0x7f0000000600)={&(0x7f0000000580)=[0x0, 0x0, r9, r10], &(0x7f00000005c0), 0x4, 0x1}) 00:11:24 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000080) 00:11:24 executing program 3: socketpair(0x23, 0x0, 0x2, 0x0) 00:11:24 executing program 4: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) ioctl$DRM_IOCTL_RM_MAP(r1, 0x4028641b, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x48, 0x0, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@L2TP_ATTR_IP_DADDR={0x8, 0x19, @loopback}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0xfa}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x9}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'hsr0\x00'}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x7}]}, 0x48}, 0x1, 0x0, 0x0, 0x8800}, 0x4000000) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000100)={0x80000000, 0x0, 0x10000}) ioctl$IMCTRLREQ(0xffffffffffffffff, 0x80044945, &(0x7f0000000040)={0x4005, 0x7f, 0x4, 0x5}) 00:11:24 executing program 1: socketpair(0x0, 0x5, 0x0, &(0x7f0000000040)) 00:11:24 executing program 3: socketpair(0x23, 0x0, 0x2, 0x0) 00:11:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000080) 00:11:24 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f0000000380)={0x8, 0x6, 0x9, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r4, 0x40106437, &(0x7f0000000040)={0x0, 0x80000000}) mkdirat$cgroup(r4, &(0x7f0000000200)='syz0\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) bind$can_j1939(r6, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0xff}, 0xfc}, 0x18) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x6, 0x1f, 0x21261f3c, 0x1ff, 0x7, 0x3f, 0x6, 0x2755, 0xfffffffc], 0x9, 0x800, 0x0, 0xffffffffffffffff}) openat$cgroup_procs(r7, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) ioctl$IMCLEAR_L2(r4, 0x80044946, &(0x7f0000000000)=0x7f) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000300)={'syztnl0\x00', 0x0, 0x5e, 0x7f, 0x1f, 0x7, 0x0, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x7800, 0x4}}) openat$drirender128(0xffffffffffffff9c, &(0x7f00000004c0), 0x100, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r6, 0xc01064c2, &(0x7f0000000500)={0x0, 0x1, r5}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r2, 0xc01064c2, &(0x7f0000000540)={0x0, 0x1, r5}) socket$vsock_stream(0x28, 0x1, 0x0) 00:11:24 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:24 executing program 4: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) ioctl$DRM_IOCTL_RM_MAP(r1, 0x4028641b, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x48, 0x0, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@L2TP_ATTR_IP_DADDR={0x8, 0x19, @loopback}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0xfa}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x9}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'hsr0\x00'}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x7}]}, 0x48}, 0x1, 0x0, 0x0, 0x8800}, 0x4000000) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000100)={0x80000000, 0x0, 0x10000}) 00:11:24 executing program 1: socketpair(0x0, 0x5, 0x0, &(0x7f0000000040)) 00:11:24 executing program 3: socketpair(0x23, 0x0, 0x2, 0x0) 00:11:24 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000080) 00:11:24 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f0000000380)={0x8, 0x6, 0x9, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r4, 0x40106437, &(0x7f0000000040)={0x0, 0x80000000}) mkdirat$cgroup(r4, &(0x7f0000000200)='syz0\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) bind$can_j1939(r6, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0xff}, 0xfc}, 0x18) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x6, 0x1f, 0x21261f3c, 0x1ff, 0x7, 0x3f, 0x6, 0x2755, 0xfffffffc], 0x9, 0x800, 0x0, 0xffffffffffffffff}) openat$cgroup_procs(r7, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) ioctl$IMCLEAR_L2(r4, 0x80044946, &(0x7f0000000000)=0x7f) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000300)={'syztnl0\x00', 0x0, 0x5e, 0x7f, 0x1f, 0x7, 0x0, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x7800, 0x4}}) openat$drirender128(0xffffffffffffff9c, &(0x7f00000004c0), 0x100, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r6, 0xc01064c2, &(0x7f0000000500)={0x0, 0x1, r5}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r2, 0xc01064c2, &(0x7f0000000540)={0x0, 0x1, r5}) 00:11:24 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:24 executing program 3: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) ioctl$DRM_IOCTL_RM_MAP(r1, 0x4028641b, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x48, 0x0, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@L2TP_ATTR_IP_DADDR={0x8, 0x19, @loopback}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0xfa}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x9}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'hsr0\x00'}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x7}]}, 0x48}, 0x1, 0x0, 0x0, 0x8800}, 0x4000000) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000100)={0x80000000, 0x0, 0x10000}) ioctl$IMCTRLREQ(0xffffffffffffffff, 0x80044945, &(0x7f0000000040)={0x4005, 0x7f, 0x4, 0x5}) 00:11:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:24 executing program 1: socketpair(0x23, 0x0, 0x0, &(0x7f0000000040)) 00:11:24 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f0000000380)={0x8, 0x6, 0x9, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r4, 0x40106437, &(0x7f0000000040)={0x0, 0x80000000}) mkdirat$cgroup(r4, &(0x7f0000000200)='syz0\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) bind$can_j1939(r6, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0xff}, 0xfc}, 0x18) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x6, 0x1f, 0x21261f3c, 0x1ff, 0x7, 0x3f, 0x6, 0x2755, 0xfffffffc], 0x9, 0x800, 0x0, 0xffffffffffffffff}) openat$cgroup_procs(r7, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) ioctl$IMCLEAR_L2(r4, 0x80044946, &(0x7f0000000000)=0x7f) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000300)={'syztnl0\x00', 0x0, 0x5e, 0x7f, 0x1f, 0x7, 0x0, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x7800, 0x4}}) openat$drirender128(0xffffffffffffff9c, &(0x7f00000004c0), 0x100, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r6, 0xc01064c2, &(0x7f0000000500)={0x0, 0x1, r5}) 00:11:24 executing program 4: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) ioctl$DRM_IOCTL_RM_MAP(r1, 0x4028641b, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x48, 0x0, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@L2TP_ATTR_IP_DADDR={0x8, 0x19, @loopback}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0xfa}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x9}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'hsr0\x00'}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x7}]}, 0x48}, 0x1, 0x0, 0x0, 0x8800}, 0x4000000) 00:11:25 executing program 5: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r0, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:25 executing program 1: socketpair(0x23, 0x0, 0x0, &(0x7f0000000040)) 00:11:25 executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x8, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void, @void}}, ["", ""]}, 0x14}}, 0x10) r1 = socket$isdn(0x22, 0x2, 0x25) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x78, r2, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ipvlan1\x00'}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x7ff}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x41}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:25 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f0000000380)={0x8, 0x6, 0x9, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r4, 0x40106437, &(0x7f0000000040)={0x0, 0x80000000}) mkdirat$cgroup(r4, &(0x7f0000000200)='syz0\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) bind$can_j1939(r6, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0xff}, 0xfc}, 0x18) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x6, 0x1f, 0x21261f3c, 0x1ff, 0x7, 0x3f, 0x6, 0x2755, 0xfffffffc], 0x9, 0x800, 0x0, 0xffffffffffffffff}) openat$cgroup_procs(r7, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) ioctl$IMCLEAR_L2(r4, 0x80044946, &(0x7f0000000000)=0x7f) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000300)={'syztnl0\x00', 0x0, 0x5e, 0x7f, 0x1f, 0x7, 0x0, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x7800, 0x4}}) openat$drirender128(0xffffffffffffff9c, &(0x7f00000004c0), 0x100, 0x0) 00:11:25 executing program 1: socketpair(0x23, 0x0, 0x0, &(0x7f0000000040)) 00:11:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:25 executing program 5: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r0, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:25 executing program 4: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) ioctl$DRM_IOCTL_RM_MAP(r1, 0x4028641b, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x48, 0x0, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@L2TP_ATTR_IP_DADDR={0x8, 0x19, @loopback}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0xfa}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x9}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'hsr0\x00'}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x7}]}, 0x48}, 0x1, 0x0, 0x0, 0x8800}, 0x4000000) [ 685.175555][T24797] delete_channel: no stack 00:11:25 executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x8, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void, @void}}, ["", ""]}, 0x14}}, 0x10) r1 = socket$isdn(0x22, 0x2, 0x25) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x78, r2, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ipvlan1\x00'}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x7ff}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x41}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200), 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:25 executing program 5: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r0, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:25 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f0000000380)={0x8, 0x6, 0x9, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r4, 0x40106437, &(0x7f0000000040)={0x0, 0x80000000}) mkdirat$cgroup(r4, &(0x7f0000000200)='syz0\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) bind$can_j1939(r6, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0xff}, 0xfc}, 0x18) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x6, 0x1f, 0x21261f3c, 0x1ff, 0x7, 0x3f, 0x6, 0x2755, 0xfffffffc], 0x9, 0x800, 0x0, 0xffffffffffffffff}) openat$cgroup_procs(r7, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) ioctl$IMCLEAR_L2(r4, 0x80044946, &(0x7f0000000000)=0x7f) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000300)={'syztnl0\x00', 0x0, 0x5e, 0x7f, 0x1f, 0x7, 0x0, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x7800, 0x4}}) 00:11:25 executing program 1: socketpair(0x23, 0x5, 0x0, 0x0) [ 685.261926][T24812] delete_channel: no stack 00:11:25 executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x8, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void, @void}}, ["", ""]}, 0x14}}, 0x10) r1 = socket$isdn(0x22, 0x2, 0x25) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x78, r2, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ipvlan1\x00'}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x7ff}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x41}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200), 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:25 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, 0x0, 0x0) 00:11:25 executing program 1: socketpair(0x23, 0x5, 0x0, 0x0) 00:11:25 executing program 4: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) ioctl$DRM_IOCTL_RM_MAP(r1, 0x4028641b, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) 00:11:25 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f0000000380)={0x8, 0x6, 0x9, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r4, 0x40106437, &(0x7f0000000040)={0x0, 0x80000000}) mkdirat$cgroup(r4, &(0x7f0000000200)='syz0\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) bind$can_j1939(r6, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0xff}, 0xfc}, 0x18) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x6, 0x1f, 0x21261f3c, 0x1ff, 0x7, 0x3f, 0x6, 0x2755, 0xfffffffc], 0x9, 0x800, 0x0, 0xffffffffffffffff}) openat$cgroup_procs(r7, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) ioctl$IMCLEAR_L2(r4, 0x80044946, &(0x7f0000000000)=0x7f) 00:11:25 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, 0x0, 0x0) [ 685.394685][T24823] delete_channel: no stack 00:11:25 executing program 1: socketpair(0x23, 0x5, 0x0, 0x0) 00:11:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200), 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:25 executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x8, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void, @void}}, ["", ""]}, 0x14}}, 0x10) r1 = socket$isdn(0x22, 0x2, 0x25) sendmsg$L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x78, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ipvlan1\x00'}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x7ff}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x41}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:25 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f0000000380)={0x8, 0x6, 0x9, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r4, 0x40106437, &(0x7f0000000040)={0x0, 0x80000000}) mkdirat$cgroup(r4, &(0x7f0000000200)='syz0\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) bind$can_j1939(r6, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0xff}, 0xfc}, 0x18) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x6, 0x1f, 0x21261f3c, 0x1ff, 0x7, 0x3f, 0x6, 0x2755, 0xfffffffc], 0x9, 0x800, 0x0, 0xffffffffffffffff}) openat$cgroup_procs(r7, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) 00:11:25 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, 0x0, 0x0) 00:11:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:25 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:25 executing program 4: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) ioctl$DRM_IOCTL_RM_MAP(r1, 0x4028641b, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) [ 685.504852][T24841] delete_channel: no stack 00:11:25 executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x8, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void, @void}}, ["", ""]}, 0x14}}, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x78, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ipvlan1\x00'}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x7ff}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x41}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:25 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f0000000380)={0x8, 0x6, 0x9, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r4, 0x40106437, &(0x7f0000000040)={0x0, 0x80000000}) mkdirat$cgroup(r4, &(0x7f0000000200)='syz0\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) bind$can_j1939(r6, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0xff}, 0xfc}, 0x18) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x6, 0x1f, 0x21261f3c, 0x1ff, 0x7, 0x3f, 0x6, 0x2755, 0xfffffffc], 0x9, 0x800}) 00:11:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:25 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:25 executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x8, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void, @void}}, ["", ""]}, 0x14}}, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x78, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ipvlan1\x00'}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x7ff}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x41}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:25 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000b80)={0x48, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x48}}, 0x0) 00:11:25 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f0000000380)={0x8, 0x6, 0x9, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r4, 0x40106437, &(0x7f0000000040)={0x0, 0x80000000}) mkdirat$cgroup(r4, &(0x7f0000000200)='syz0\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) bind$can_j1939(r6, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0xff}, 0xfc}, 0x18) 00:11:25 executing program 4: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) ioctl$DRM_IOCTL_RM_MAP(r1, 0x4028641b, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:25 executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x8, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void, @void}}, ["", ""]}, 0x14}}, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x78, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ipvlan1\x00'}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x7ff}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x41}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:25 executing program 1: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f0000000380)={0x8, 0x6, 0x9, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r4, 0x40106437, &(0x7f0000000040)={0x0, 0x80000000}) mkdirat$cgroup(r4, &(0x7f0000000200)='syz0\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) bind$can_j1939(r6, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0xff}, 0xfc}, 0x18) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x6, 0x1f, 0x21261f3c, 0x1ff, 0x7, 0x3f, 0x6, 0x2755, 0xfffffffc], 0x9, 0x800, 0x0, 0xffffffffffffffff}) openat$cgroup_procs(r7, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) ioctl$IMCLEAR_L2(r4, 0x80044946, &(0x7f0000000000)=0x7f) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000300)={'syztnl0\x00', 0x0, 0x5e, 0x7f, 0x1f, 0x7, 0x0, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x7800, 0x4}}) openat$drirender128(0xffffffffffffff9c, &(0x7f00000004c0), 0x100, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r6, 0xc01064c2, &(0x7f0000000500)={0x0, 0x1, r5}) 00:11:25 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000b80)={0x48, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x48}}, 0x0) 00:11:25 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f0000000380)={0x8, 0x6, 0x9, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r4, 0x40106437, &(0x7f0000000040)={0x0, 0x80000000}) mkdirat$cgroup(r4, &(0x7f0000000200)='syz0\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x7], 0x1, 0x80000}) 00:11:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:25 executing program 3: syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = socket$isdn(0x22, 0x2, 0x25) sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x78, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ipvlan1\x00'}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x7ff}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x41}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:25 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000b80)={0x48, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x48}}, 0x0) 00:11:25 executing program 1: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) ioctl$UDMABUF_CREATE(r0, 0x40187542, 0x0) [ 685.814569][T24883] delete_channel: no stack 00:11:25 executing program 4: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:25 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f0000000380)={0x8, 0x6, 0x9, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r4, 0x40106437, &(0x7f0000000040)={0x0, 0x80000000}) mkdirat$cgroup(r4, &(0x7f0000000200)='syz0\x00', 0x1ff) 00:11:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:25 executing program 3: r0 = socket$isdn(0x22, 0x2, 0x25) sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x78, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ipvlan1\x00'}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x7ff}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x41}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:25 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, 0x0}, 0x0) 00:11:25 executing program 1: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) ioctl$UDMABUF_CREATE(r0, 0x40187542, 0x0) [ 685.903513][T24893] delete_channel: no stack 00:11:25 executing program 3: r0 = socket$isdn(0x22, 0x2, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x78, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ipvlan1\x00'}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x7ff}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x41}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:25 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f0000000380)={0x8, 0x6, 0x9, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r4, 0x40106437, &(0x7f0000000040)={0x0, 0x80000000}) 00:11:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:25 executing program 1: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) ioctl$UDMABUF_CREATE(r0, 0x40187542, 0x0) 00:11:25 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, 0x0}, 0x0) 00:11:25 executing program 4: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:26 executing program 3: r0 = socket$isdn(0x22, 0x2, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x78, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ipvlan1\x00'}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x7ff}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x41}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x0, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:26 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r4, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) ioctl$IMCTRLREQ(r4, 0x80044945, &(0x7f0000000380)={0x8, 0x6, 0x9, 0x1}) 00:11:26 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, 0x0}, 0x0) 00:11:26 executing program 1: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) ioctl$UDMABUF_CREATE(r0, 0x40187542, 0x0) 00:11:26 executing program 4: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:26 executing program 3: r0 = socket$isdn(0x22, 0x2, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x78, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ipvlan1\x00'}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x7ff}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x41}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:26 executing program 1: ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0) 00:11:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x0, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:26 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={0x0}}, 0x0) 00:11:26 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r4, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00'}) 00:11:26 executing program 4: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:26 executing program 3: socket$isdn(0x22, 0x2, 0x25) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x78, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ipvlan1\x00'}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x7ff}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x41}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x0, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:26 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={0x0}}, 0x0) 00:11:26 executing program 1: ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0) 00:11:26 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r4, &(0x7f0000001080)='syz1\x00', 0x1ff) 00:11:26 executing program 4: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) [ 686.279158][T24941] delete_channel: no stack 00:11:26 executing program 3: socket$isdn(0x22, 0x2, 0x25) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x78, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ipvlan1\x00'}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x7ff}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x41}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:26 executing program 4: socket(0x22, 0x5, 0x5) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:26 executing program 1: ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0) 00:11:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x0, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:26 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) 00:11:26 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={0x0}}, 0x0) [ 686.384292][T24956] delete_channel: no stack 00:11:26 executing program 1: r0 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) ioctl$UDMABUF_CREATE(r0, 0x40187542, 0x0) 00:11:26 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x3c1382, 0x0) 00:11:26 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:26 executing program 3: socket$isdn(0x22, 0x2, 0x25) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x78, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ipvlan1\x00'}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x7ff}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x41}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:26 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, 0x0, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x0, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) [ 686.476155][T24966] delete_channel: no stack 00:11:26 executing program 1: r0 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) ioctl$UDMABUF_CREATE(r0, 0x40187542, 0x0) 00:11:26 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) socket$isdn(0x22, 0x2, 0x4) 00:11:26 executing program 3: r0 = socket$isdn(0x22, 0x2, 0x25) sendmsg$L2TP_CMD_SESSION_DELETE(r0, 0x0, 0x24004800) 00:11:26 executing program 4: r0 = syz_open_dev$dri(0x0, 0x1, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:26 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, 0x0, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x0, 0x25dfdbfd, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) [ 686.564038][T24980] delete_channel: no stack 00:11:26 executing program 3: r0 = socket$isdn(0x22, 0x2, 0x25) sendmsg$L2TP_CMD_SESSION_DELETE(r0, 0x0, 0x24004800) 00:11:26 executing program 1: r0 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) ioctl$UDMABUF_CREATE(r0, 0x40187542, 0x0) 00:11:26 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0xb0b0b0b0}) 00:11:26 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, 0x0, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:26 executing program 4: r0 = syz_open_dev$dri(0x0, 0x1, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) [ 686.649727][T24986] delete_channel: no stack 00:11:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x0, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:26 executing program 1: openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0) 00:11:26 executing program 3: r0 = socket$isdn(0x22, 0x2, 0x25) sendmsg$L2TP_CMD_SESSION_DELETE(r0, 0x0, 0x24004800) 00:11:26 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) 00:11:26 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r1, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:26 executing program 4: r0 = syz_open_dev$dri(0x0, 0x1, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x0, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:26 executing program 1: openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0) [ 686.759368][T25001] delete_channel: no stack 00:11:26 executing program 3: r0 = socket$isdn(0x22, 0x2, 0x25) sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x78, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ipvlan1\x00'}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x7ff}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x41}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:26 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r2, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) 00:11:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x0, {0xa, 0x20, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) [ 686.854699][T25015] delete_channel: no stack 00:11:26 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r1, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:26 executing program 1: openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0) 00:11:26 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:26 executing program 3: r0 = socket$isdn(0x22, 0x2, 0x25) sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:26 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) 00:11:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x0, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:26 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r1, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x23578cdc49d3f96, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:26 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:26 executing program 1: openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0) [ 686.945021][T25025] delete_channel: no stack 00:11:26 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:26 executing program 3: r0 = socket$isdn(0x22, 0x2, 0x25) sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:26 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) 00:11:26 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x0, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:27 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x20, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) 00:11:27 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) [ 687.038133][T25040] delete_channel: no stack 00:11:27 executing program 3: r0 = socket$isdn(0x22, 0x2, 0x25) sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:27 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x0, 0x2, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:27 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x20, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) 00:11:27 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) [ 687.132681][T25058] delete_channel: no stack 00:11:27 executing program 4: syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 3: r0 = socket$isdn(0x22, 0x2, 0x25) sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x24000001}, 0x24004800) 00:11:27 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x20, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) 00:11:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x0, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:27 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) 00:11:27 executing program 1: ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) [ 687.204394][T25069] delete_channel: no stack 00:11:27 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x24, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x4}]}, 0x24}}, 0x0) 00:11:27 executing program 4: syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 1: ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 3: r0 = socket$isdn(0x22, 0x2, 0x25) sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x24004800) 00:11:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x0, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:27 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) sendto$rxrpc(0xffffffffffffffff, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) 00:11:27 executing program 4: syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) [ 687.307530][T25086] delete_channel: no stack 00:11:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x0, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:27 executing program 1: ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x24, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x4}]}, 0x24}}, 0x0) 00:11:27 executing program 3: r0 = socket$isdn(0x22, 0x2, 0x25) sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 00:11:27 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) sendto$rxrpc(0xffffffffffffffff, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) 00:11:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:27 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, 0x0) [ 687.393203][T25095] delete_channel: no stack 00:11:27 executing program 1: r0 = syz_open_dev$dri(0x0, 0x0, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x24, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x4}]}, 0x24}}, 0x0) 00:11:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x20, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) 00:11:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:27 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, 0x0) 00:11:27 executing program 3: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) write$nci(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="c040e9c85ab3766fb60da6cdbc6b24ccdb72a2cd0a275acb10d1139e25eee023789b8c23331615791a4b1386ba37479a3d191e305746556d38df5b65e1aceb297735c0877c153a93a6499678b3f6a28b0fa60df99fcc4465bb9adb26c568b54e828c2da06a80ecb4c3edf8a914bcfc6fba32f0"], 0x7) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) 00:11:27 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) sendto$rxrpc(0xffffffffffffffff, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) 00:11:27 executing program 1: r0 = syz_open_dev$dri(0x0, 0x0, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 5: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:27 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, 0x0) 00:11:27 executing program 2: openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x8040, 0x0) r0 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r0, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) 00:11:27 executing program 1: r0 = syz_open_dev$dri(0x0, 0x0, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) [ 687.593064][T25131] validate_nla: 34 callbacks suppressed [ 687.593079][T25131] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 00:11:27 executing program 3: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x3, 0x61}, @l2cap_cid_signaling={{0x5d}, [@l2cap_conf_rsp={{0x5, 0x0, 0x35}, {0x1, 0x101, 0x80, [@l2cap_conf_flushto={0x2, 0x2, 0x4}, @l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_ews={0x7, 0x2, 0x608d}, @l2cap_conf_ews={0x7, 0x2}, @l2cap_conf_mtu={0x1, 0x2, 0x4}, @l2cap_conf_rfc={0x4, 0x9, {0x1, 0x49, 0x85, 0x3, 0x200, 0xff0b}}, @l2cap_conf_rfc={0x4, 0x9, {0x4, 0x0, 0x9, 0x3, 0x1, 0x1}}, @l2cap_conf_fcs={0x5, 0x1, 0x1}]}}, @l2cap_conn_req={{0x2, 0xc9, 0x4}, {0x4a, 0xd34}}, @l2cap_move_chan_rsp={{0xf, 0x7b, 0x4}, {0x100, 0x8}}, @l2cap_conn_rsp={{0x3, 0xff, 0x8}, {0x7fff, 0x1, 0x7fff, 0x7}}, @l2cap_conn_req={{0x2, 0x1, 0x4}, {0x4, 0x1}}]}}, 0x66) pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000140)={0x0, 0x1, r0}) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) setsockopt$MISDN_TIME_STAMP(r2, 0x0, 0x1, &(0x7f0000000200), 0x4) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(r0, 0xc01064c1, &(0x7f0000000100)={r1}) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x3, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_rsp={{0x18, 0x81, 0xc}, {0x3, 0x2288, 0xd33, 0x101, [0x6, 0x9]}}}}, 0x19) ioctl$DRM_IOCTL_AGP_UNBIND(r0, 0x40106437, &(0x7f00000001c0)={0x0, 0x7fffffff}) 00:11:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x18, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2}}, 0x18}, 0x1, 0x0, 0x0, 0x804}, 0x4000080) 00:11:27 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 5: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r0, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) 00:11:27 executing program 3: r0 = socket$isdn(0x2, 0xa, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, r3, 0x100, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x21}, @NL80211_ATTR_COOKIE={0xc}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x42}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x54}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20048004}, 0x804) [ 687.678768][T25142] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 00:11:27 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:27 executing program 1: syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x0) sendto$rxrpc(r0, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) 00:11:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x18, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2}}, 0x18}}, 0x4000080) 00:11:27 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:27 executing program 3: r0 = socket$isdn(0x2, 0xa, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, r3, 0x100, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x21}, @NL80211_ATTR_COOKIE={0xc}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x42}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x54}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20048004}, 0x804) [ 687.777691][T25157] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 00:11:27 executing program 1: syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 5: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000e9000000004f00000015000304", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x18, 0x14, 0x400, 0x70bd28, 0x25dfdbfd, {0xa, 0x20, 0x2}}, 0x18}}, 0x0) 00:11:27 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x6, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x0) sendto$rxrpc(r0, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) 00:11:27 executing program 1: syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) [ 687.872419][T25170] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 00:11:27 executing program 3: r0 = socket$isdn(0x2, 0xa, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, r3, 0x100, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x21}, @NL80211_ATTR_COOKIE={0xc}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x42}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x54}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20048004}, 0x804) 00:11:27 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x0) sendto$rxrpc(r0, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) 00:11:27 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, 0x0) 00:11:27 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x6, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 5: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:27 executing program 3: r0 = socket$isdn(0x2, 0xa, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:27 executing program 2: socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(0xffffffffffffffff, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) 00:11:27 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x6, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:27 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, 0x0) 00:11:27 executing program 5: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:28 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:28 executing program 2: socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(0xffffffffffffffff, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) 00:11:28 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, 0x0) 00:11:28 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x5, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:28 executing program 3: r0 = socket$isdn(0x2, 0xa, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) 00:11:28 executing program 5: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:28 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:28 executing program 2: socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(0xffffffffffffffff, &(0x7f00000003c0)="9e399d2e4d2b597f0423dc0e7e69590393e255bfbe486c03e171718d3e51c6f1876b0ee8875702819442c797e86e5f86e71793f0291f587cce1e2fe5390c573efe60061e828d3c70a66617078a050ac559804096e3db32ea207200e7a29241a50d5aaf99fd847a4464dd0f8ceb307c82cf727cf4732417d1c8d84567f051265ef4427ba369f651be7f52427d259d0fffb662587b", 0x94, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) 00:11:28 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x4, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0]}) 00:11:28 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:28 executing program 3: r0 = socket$isdn(0x2, 0xa, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) socket$nl_generic(0x10, 0x3, 0x10) 00:11:28 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r0, 0x0, 0x0, 0x40014, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) 00:11:28 executing program 5: r0 = socket(0x22, 0x5, 0x5) connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x6}, 0x10) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:28 executing program 0: ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:28 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x3, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0]}) 00:11:28 executing program 1: r0 = socket$isdn(0x2, 0xa, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) 00:11:28 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r0, 0x0, 0x0, 0x0, &(0x7f0000000480)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) 00:11:28 executing program 3: r0 = socket$isdn(0x2, 0xa, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) 00:11:28 executing program 5: socket(0x22, 0x5, 0x5) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:28 executing program 0: ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:28 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x4) bind$isdn(r0, &(0x7f0000000040)={0x22, 0x20, 0x3, 0x5, 0x80}, 0x6) 00:11:28 executing program 0: ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:28 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:11:28 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x2, 0x0, &(0x7f0000000140)=[0x0, 0x0]}) 00:11:28 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:28 executing program 3: r0 = socket$isdn(0x2, 0xa, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) 00:11:28 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x4) bind$isdn(r0, &(0x7f0000000040)={0x22, 0x20, 0x3, 0x5, 0x80}, 0x6) 00:11:28 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:11:28 executing program 0: r0 = syz_open_dev$dri(0x0, 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:28 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x1, 0x0, &(0x7f0000000140)=[0x0]}) 00:11:28 executing program 5: r0 = syz_open_dev$dri(0x0, 0x1, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:28 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x4) bind$isdn(r0, &(0x7f0000000040)={0x22, 0x20, 0x3, 0x5, 0x80}, 0x6) 00:11:28 executing program 3: syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) 00:11:28 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:11:28 executing program 0: r0 = syz_open_dev$dri(0x0, 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:28 executing program 1: bind$isdn(0xffffffffffffffff, &(0x7f0000000040)={0x22, 0x20, 0x3, 0x5, 0x80}, 0x6) 00:11:28 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r0, 0x0, 0x0, 0x0, &(0x7f0000000480)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @loopback, 0x6}}, 0x24) 00:11:28 executing program 5: r0 = syz_open_dev$dri(0x0, 0x1, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:28 executing program 3: syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) 00:11:28 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x1, 0x0, &(0x7f0000000140)=[0x0]}) 00:11:28 executing program 0: r0 = syz_open_dev$dri(0x0, 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:28 executing program 3: syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) 00:11:28 executing program 5: r0 = syz_open_dev$dri(0x0, 0x1, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:28 executing program 1: bind$isdn(0xffffffffffffffff, &(0x7f0000000040)={0x22, 0x20, 0x3, 0x5, 0x80}, 0x6) 00:11:28 executing program 3: r0 = socket$isdn(0x2, 0xa, 0x0) syz_genetlink_get_family_id$nl80211(0x0, r0) 00:11:28 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:28 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r0, 0x0, 0x0, 0x0, &(0x7f0000000480)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x1, @loopback, 0x6}}, 0x24) 00:11:28 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:28 executing program 1: bind$isdn(0xffffffffffffffff, &(0x7f0000000040)={0x22, 0x20, 0x3, 0x5, 0x80}, 0x6) 00:11:28 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x1, 0x0, &(0x7f0000000140)=[0x0]}) 00:11:28 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r0, 0x0, 0x0, 0x0, &(0x7f0000000480)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback, 0x6}}, 0x24) 00:11:28 executing program 3: r0 = socket$isdn(0x2, 0xa, 0x0) syz_genetlink_get_family_id$nl80211(0x0, r0) 00:11:28 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:28 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x0) bind$isdn(r0, &(0x7f0000000040)={0x22, 0x20, 0x3, 0x5, 0x80}, 0x6) 00:11:28 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:28 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r0, 0x0, 0x0, 0x0, &(0x7f0000000480)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x24) 00:11:28 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:28 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x1, 0x0, &(0x7f0000000140)=[0x0]}) 00:11:28 executing program 3: r0 = socket$isdn(0x2, 0xa, 0x0) syz_genetlink_get_family_id$nl80211(0x0, r0) 00:11:28 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x0) bind$isdn(r0, &(0x7f0000000040)={0x22, 0x20, 0x3, 0x5, 0x80}, 0x6) 00:11:28 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x20942) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:28 executing program 0: syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:28 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:11:28 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x1, 0x0, &(0x7f0000000140)=[0x0]}) 00:11:28 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:28 executing program 3: socket$isdn(0x2, 0xa, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) 00:11:28 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x0) bind$isdn(r0, &(0x7f0000000040)={0x22, 0x20, 0x3, 0x5, 0x80}, 0x6) 00:11:28 executing program 0: syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:28 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:11:28 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x1, 0x0, &(0x7f0000000140)=[0x0]}) 00:11:28 executing program 5: syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:28 executing program 1: socket$isdn(0x22, 0x2, 0x4) bind$isdn(0xffffffffffffffff, &(0x7f0000000040)={0x22, 0x20, 0x3, 0x5, 0x80}, 0x6) 00:11:28 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:11:28 executing program 0: syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:28 executing program 1: socket$isdn(0x22, 0x2, 0x4) bind$isdn(0xffffffffffffffff, &(0x7f0000000040)={0x22, 0x20, 0x3, 0x5, 0x80}, 0x6) 00:11:28 executing program 4: r0 = socket$isdn(0x2, 0xa, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) 00:11:29 executing program 3: socket$isdn(0x2, 0xa, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) 00:11:29 executing program 5: syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:29 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, 0x0) 00:11:29 executing program 4: socket$isdn(0x2, 0xa, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) 00:11:29 executing program 2: sendto$rxrpc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 00:11:29 executing program 1: socket$isdn(0x22, 0x2, 0x4) bind$isdn(0xffffffffffffffff, &(0x7f0000000040)={0x22, 0x20, 0x3, 0x5, 0x80}, 0x6) 00:11:29 executing program 5: syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:29 executing program 3: socket$isdn(0x2, 0xa, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) 00:11:29 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, 0x0) 00:11:29 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, 0x0) 00:11:29 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x4) bind$isdn(r0, 0x0, 0x0) 00:11:29 executing program 2: sendto$rxrpc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 00:11:29 executing program 4: getpriority(0x3, 0xffffffffffffffff) socket$isdn(0x22, 0x2, 0x11) 00:11:29 executing program 3: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x2, 0xff, 0x3f, 0x2, 0x9, 0x2, 0x101, 0x2], 0x8, 0x80800}) [ 689.214353][T25380] delete_channel: no stack 00:11:29 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, 0x0) 00:11:29 executing program 2: sendto$rxrpc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 00:11:29 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x4) bind$isdn(r0, 0x0, 0x0) 00:11:29 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, 0x0) 00:11:29 executing program 4: getpriority(0x3, 0xffffffffffffffff) socket$isdn(0x22, 0x2, 0x11) 00:11:29 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, 0x0) [ 689.286936][T25388] delete_channel: no stack 00:11:29 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x4) bind$isdn(r0, 0x0, 0x0) 00:11:29 executing program 0: socket$isdn(0x22, 0x2, 0x2) r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000040)={0xffffffffffffffff, 0x1, 0x8000, 0x8000}) 00:11:29 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x0) sendto$rxrpc(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:11:29 executing program 4: getpriority(0x3, 0xffffffffffffffff) socket$isdn(0x22, 0x2, 0x11) 00:11:29 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, 0x0) [ 689.360916][T25396] delete_channel: no stack 00:11:29 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x4) bind$isdn(r0, &(0x7f0000000040)={0x22, 0x0, 0x3, 0x5, 0x80}, 0x6) 00:11:29 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x0) sendto$rxrpc(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:11:29 executing program 3: socket$isdn(0x22, 0x2, 0x4) r0 = socket$rxrpc(0x21, 0x2, 0xa) socketpair(0x1f, 0x6, 0xdabc, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={&(0x7f00000001c0)={0x260, 0x0, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x77}}}}, [@NL80211_ATTR_FRAME={0x1f7, 0x33, @auth={@wo_ht={{0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x3}, @device_a, @device_b, @from_mac=@device_b, {0xc}}, 0x0, 0x2, 0x3f, @val={0x10, 0x1, 0x8}, [{0xdd, 0x34, "fcd224c199703e2a96dc3b50fa26925e5951daf8749a0d1ae8ef4a7ba7d9c7a5486572628c061582ba00e24c7e0b9ab54a36b544"}, {0xdd, 0x86, "8df707668c3105827e7b96c7e0a149f3d4873a87f954fd6d28c0c91685c248ac1e6d8188b2fd9f5677dac2fbca8054e8c9572c50845eae531f8ecd3786e91a1021c843758545a1b1c922a4e97e585dc3640942693bc18463d25c9accb8f8c741d426cd0edb885b05d094cb728d7563ceb20342ed9c65284dea838294d22498a36c286291314b"}, {0xdd, 0xf4, "20750ca51b5609e702cffcd84e8bf78ad095878397cffac77a9041151a0e2c549fe94ff63a7aca4d2dfad3ad5ed022f4d5b6728bc73b9fa48431f593bf9ebd7a3c2c44101aab8764c00a7c77cd5578fb030277211f6d94dc55e438d0989a6470caca9961ae34e311cd30092ad5c8fd81915b2e9c3060fada94a0196aec2c343c39d81940363a8b67be312855fe128e5a30c0dad1192f95b36f97c4b6ef81aeb29be430a965eb92b2ea01d2dda18f2b86e1d42443cb073404f054f504fdb9a004008672d08542e7617498fb9a3258d23daf0e1ffa81bdc0de346792f4abcc2cab026c2b1616cdd00a6d50bc3b7815c0226d04b671"}, {0xdd, 0x1c, "0921163fbeb98c27a974f0fe369218a745db8b142951bd6910841899"}]}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x12, 0xcd, [0x5, 0x2, 0x200, 0x9, 0x2e67, 0x20, 0x0]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2d}], @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x2]}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}]}, 0x260}, 0x1, 0x0, 0x0, 0x4000001}, 0x2000c004) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x0, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@FOU_ATTR_AF={0x5, 0x2, 0x2}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e21}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @empty}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008010) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000000)=[0x1, 0x3], 0x2) 00:11:29 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_channel_selected={{0x41, 0x1}, {0x1}}}, 0x4) 00:11:29 executing program 4: getpriority(0x3, 0xffffffffffffffff) 00:11:29 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:29 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x4) bind$isdn(r0, &(0x7f0000000040)={0x22, 0x0, 0x0, 0x5, 0x80}, 0x6) 00:11:29 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_channel_selected={{0x41, 0x1}, {0x1}}}, 0x4) 00:11:29 executing program 4: getpriority(0x0, 0xffffffffffffffff) 00:11:29 executing program 3: socket$isdn(0x22, 0x2, 0x4) r0 = socket$rxrpc(0x21, 0x2, 0xa) socketpair(0x1f, 0x6, 0xdabc, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={&(0x7f00000001c0)={0x260, 0x0, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x77}}}}, [@NL80211_ATTR_FRAME={0x1f7, 0x33, @auth={@wo_ht={{0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x3}, @device_a, @device_b, @from_mac=@device_b, {0xc}}, 0x0, 0x2, 0x3f, @val={0x10, 0x1, 0x8}, [{0xdd, 0x34, "fcd224c199703e2a96dc3b50fa26925e5951daf8749a0d1ae8ef4a7ba7d9c7a5486572628c061582ba00e24c7e0b9ab54a36b544"}, {0xdd, 0x86, "8df707668c3105827e7b96c7e0a149f3d4873a87f954fd6d28c0c91685c248ac1e6d8188b2fd9f5677dac2fbca8054e8c9572c50845eae531f8ecd3786e91a1021c843758545a1b1c922a4e97e585dc3640942693bc18463d25c9accb8f8c741d426cd0edb885b05d094cb728d7563ceb20342ed9c65284dea838294d22498a36c286291314b"}, {0xdd, 0xf4, "20750ca51b5609e702cffcd84e8bf78ad095878397cffac77a9041151a0e2c549fe94ff63a7aca4d2dfad3ad5ed022f4d5b6728bc73b9fa48431f593bf9ebd7a3c2c44101aab8764c00a7c77cd5578fb030277211f6d94dc55e438d0989a6470caca9961ae34e311cd30092ad5c8fd81915b2e9c3060fada94a0196aec2c343c39d81940363a8b67be312855fe128e5a30c0dad1192f95b36f97c4b6ef81aeb29be430a965eb92b2ea01d2dda18f2b86e1d42443cb073404f054f504fdb9a004008672d08542e7617498fb9a3258d23daf0e1ffa81bdc0de346792f4abcc2cab026c2b1616cdd00a6d50bc3b7815c0226d04b671"}, {0xdd, 0x1c, "0921163fbeb98c27a974f0fe369218a745db8b142951bd6910841899"}]}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x12, 0xcd, [0x5, 0x2, 0x200, 0x9, 0x2e67, 0x20, 0x0]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2d}], @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x2]}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}]}, 0x260}, 0x1, 0x0, 0x0, 0x4000001}, 0x2000c004) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x0, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@FOU_ATTR_AF={0x5, 0x2, 0x2}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e21}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @empty}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008010) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000000)=[0x1, 0x3], 0x2) 00:11:29 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x0) sendto$rxrpc(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:11:29 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:29 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x4) bind$isdn(r0, &(0x7f0000000040)={0x22, 0x0, 0x0, 0x0, 0x80}, 0x6) 00:11:29 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_channel_selected={{0x41, 0x1}, {0x1}}}, 0x4) 00:11:29 executing program 4: getpriority(0x0, 0xffffffffffffffff) 00:11:29 executing program 2: socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 00:11:29 executing program 3: socket$isdn(0x22, 0x2, 0x4) r0 = socket$rxrpc(0x21, 0x2, 0xa) socketpair(0x1f, 0x6, 0xdabc, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={&(0x7f00000001c0)={0x260, 0x0, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x77}}}}, [@NL80211_ATTR_FRAME={0x1f7, 0x33, @auth={@wo_ht={{0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x3}, @device_a, @device_b, @from_mac=@device_b, {0xc}}, 0x0, 0x2, 0x3f, @val={0x10, 0x1, 0x8}, [{0xdd, 0x34, "fcd224c199703e2a96dc3b50fa26925e5951daf8749a0d1ae8ef4a7ba7d9c7a5486572628c061582ba00e24c7e0b9ab54a36b544"}, {0xdd, 0x86, "8df707668c3105827e7b96c7e0a149f3d4873a87f954fd6d28c0c91685c248ac1e6d8188b2fd9f5677dac2fbca8054e8c9572c50845eae531f8ecd3786e91a1021c843758545a1b1c922a4e97e585dc3640942693bc18463d25c9accb8f8c741d426cd0edb885b05d094cb728d7563ceb20342ed9c65284dea838294d22498a36c286291314b"}, {0xdd, 0xf4, "20750ca51b5609e702cffcd84e8bf78ad095878397cffac77a9041151a0e2c549fe94ff63a7aca4d2dfad3ad5ed022f4d5b6728bc73b9fa48431f593bf9ebd7a3c2c44101aab8764c00a7c77cd5578fb030277211f6d94dc55e438d0989a6470caca9961ae34e311cd30092ad5c8fd81915b2e9c3060fada94a0196aec2c343c39d81940363a8b67be312855fe128e5a30c0dad1192f95b36f97c4b6ef81aeb29be430a965eb92b2ea01d2dda18f2b86e1d42443cb073404f054f504fdb9a004008672d08542e7617498fb9a3258d23daf0e1ffa81bdc0de346792f4abcc2cab026c2b1616cdd00a6d50bc3b7815c0226d04b671"}, {0xdd, 0x1c, "0921163fbeb98c27a974f0fe369218a745db8b142951bd6910841899"}]}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x12, 0xcd, [0x5, 0x2, 0x200, 0x9, 0x2e67, 0x20, 0x0]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2d}], @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x2]}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}]}, 0x260}, 0x1, 0x0, 0x0, 0x4000001}, 0x2000c004) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x0, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@FOU_ATTR_AF={0x5, 0x2, 0x2}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e21}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @empty}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008010) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000000)=[0x1, 0x3], 0x2) 00:11:29 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:29 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x4) bind$isdn(r0, &(0x7f0000000040), 0x6) 00:11:29 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) 00:11:29 executing program 4: getpriority(0x0, 0xffffffffffffffff) 00:11:29 executing program 3: socket$isdn(0x22, 0x2, 0x4) r0 = socket$rxrpc(0x21, 0x2, 0xa) socketpair(0x1f, 0x6, 0xdabc, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={&(0x7f00000001c0)={0x260, 0x0, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x77}}}}, [@NL80211_ATTR_FRAME={0x1f7, 0x33, @auth={@wo_ht={{0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x3}, @device_a, @device_b, @from_mac=@device_b, {0xc}}, 0x0, 0x2, 0x3f, @val={0x10, 0x1, 0x8}, [{0xdd, 0x34, "fcd224c199703e2a96dc3b50fa26925e5951daf8749a0d1ae8ef4a7ba7d9c7a5486572628c061582ba00e24c7e0b9ab54a36b544"}, {0xdd, 0x86, "8df707668c3105827e7b96c7e0a149f3d4873a87f954fd6d28c0c91685c248ac1e6d8188b2fd9f5677dac2fbca8054e8c9572c50845eae531f8ecd3786e91a1021c843758545a1b1c922a4e97e585dc3640942693bc18463d25c9accb8f8c741d426cd0edb885b05d094cb728d7563ceb20342ed9c65284dea838294d22498a36c286291314b"}, {0xdd, 0xf4, "20750ca51b5609e702cffcd84e8bf78ad095878397cffac77a9041151a0e2c549fe94ff63a7aca4d2dfad3ad5ed022f4d5b6728bc73b9fa48431f593bf9ebd7a3c2c44101aab8764c00a7c77cd5578fb030277211f6d94dc55e438d0989a6470caca9961ae34e311cd30092ad5c8fd81915b2e9c3060fada94a0196aec2c343c39d81940363a8b67be312855fe128e5a30c0dad1192f95b36f97c4b6ef81aeb29be430a965eb92b2ea01d2dda18f2b86e1d42443cb073404f054f504fdb9a004008672d08542e7617498fb9a3258d23daf0e1ffa81bdc0de346792f4abcc2cab026c2b1616cdd00a6d50bc3b7815c0226d04b671"}, {0xdd, 0x1c, "0921163fbeb98c27a974f0fe369218a745db8b142951bd6910841899"}]}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x12, 0xcd, [0x5, 0x2, 0x200, 0x9, 0x2e67, 0x20, 0x0]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2d}], @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x2]}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}]}, 0x260}, 0x1, 0x0, 0x0, 0x4000001}, 0x2000c004) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000000)=[0x1, 0x3], 0x2) 00:11:29 executing program 2: socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 00:11:29 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x6, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:29 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x0, 0x0, 0x0}) 00:11:29 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) 00:11:29 executing program 1: socket$isdn(0x22, 0x2, 0x4) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) socket$isdn(0x22, 0x3, 0x2) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x228000, 0x0) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="20002bbd7000ffdbdf250b00000008000300", @ANYRES32=0x0, @ANYBLOB="050008000200000004000a000a000600ffffffffffff0000040028000800090001ac0f00050008000400000004000b0004002800"], 0x50}, 0x1, 0x0, 0x0, 0x4004000}, 0x20008000) 00:11:29 executing program 3: socket$isdn(0x22, 0x2, 0x4) r0 = socket$rxrpc(0x21, 0x2, 0xa) socketpair(0x1f, 0x6, 0xdabc, &(0x7f0000000140)) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000000)=[0x1, 0x3], 0x2) 00:11:29 executing program 2: socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 00:11:29 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) 00:11:29 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x5, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0]}) 00:11:29 executing program 4: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004f00", @ANYBLOB], 0x50}}, 0x0) 00:11:29 executing program 1: sendmsg$NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x800, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x7, 0x29}}}}, ["", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4001}, 0x801) syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) 00:11:29 executing program 3: socket$isdn(0x22, 0x2, 0x4) r0 = socket$rxrpc(0x21, 0x2, 0xa) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000000)=[0x1, 0x3], 0x2) 00:11:29 executing program 2: socket$isdn(0x22, 0x2, 0x2) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="040029bd7000fbdbdf2501000000050021000100000005000500000000000600010004000000050004003f0000000500040080000000060002000000000008001800ffffffff08001700", @ANYRES32, @ANYBLOB="9c892db98055da9e09bc726946c67c83ef332248eb190dd866f3cc805a64254f2bab69b255502dc68d4ab7db0d40639806b8ef0f81f979a94740bc2a969dc09614cefb335edaba4739d2be3b6e024b449745f07cf0e7c406f93a493f7c8d8f3508e27957c1d397463cfd6d81d462aeaf40f735fb000000000000"], 0x54}, 0x1, 0x0, 0x0, 0x8020}, 0x0) 00:11:29 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x4, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0]}) [ 689.787366][T25467] __nla_validate_parse: 19 callbacks suppressed [ 689.787382][T25467] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.4'. 00:11:29 executing program 0: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_channel_selected={{0x41, 0x1}, {0x1}}}, 0x4) 00:11:29 executing program 3: socket$isdn(0x22, 0x2, 0x4) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, &(0x7f0000000000)=[0x1, 0x3], 0x2) 00:11:29 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x2) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@mpls_getnetconf={0x34, 0x52, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1f}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1ff}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0xc030}, 0x28041) 00:11:29 executing program 4: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB], 0x50}}, 0x0) 00:11:29 executing program 2: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004f00000008000300", @ANYBLOB="0c0099000000000000000000e40000740b49178ceded45cc77313cbe9d568262e8567c060d47ce0fcbedb50789f73c267d60ba6ca938e563d7153b4b81b16336262e88d5c23d5f40e6a825397d13379cf89c066c4b05615ba18e1318a312e43573cfe3d73ad68626c203a458066a7826a2256e593bb20279053ec7cbbbb612337dc0b455c722709f50d40e5eab6094cc81b6241bc0f78d5ea5cd10819c3d8a585926ab1019a12b7541fca827a3894de43540ad72b0749f0d57879441ca0ac7f02ec0d1d3442ce3dd3f90731dfaf2f6d73eecd5c397b18bdcbda21440aeeccb6a383122b0ec4e9f17927377e1d59019d2084a27b6c8997cd3b8d1a2795123efcea2d51ee52121f59d3130017611a685558519c86dfaf43048ad3e7c817488b7b0a575997dc46a27e1ff8a15ff5a01b2622dd86ba686db282250262d08a6c33216401796c48ffce9949758790ef09c64fec65eb035fd4b06a96ad1c2f7758a9badc30870350521fa50f12015c71f401942a53e1bb71fa0a87c0835eab41dead74b3592f2be528b96fa5b0dc0cf73fed8e8"], 0x50}}, 0x0) 00:11:29 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x3, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0]}) 00:11:29 executing program 0: syz_emit_vhci(0x0, 0x0) 00:11:29 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x2) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@mpls_getnetconf={0x34, 0x52, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1f}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1ff}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0xc030}, 0x28041) [ 689.909236][T25484] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.2'. 00:11:29 executing program 0: syz_emit_vhci(0x0, 0x0) 00:11:29 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r1, 0x10, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x5c328a6b539dc654}, 0x10) socket$isdn(0x22, 0x2, 0x3) 00:11:29 executing program 3: socket$isdn(0x22, 0x2, 0x4) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, &(0x7f0000000000)=[0x1, 0x3], 0x2) 00:11:29 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x2, 0x0, &(0x7f0000000140)=[0x0, 0x0]}) 00:11:29 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x2) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@mpls_getnetconf={0x34, 0x52, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1f}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1ff}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0xc030}, 0x28041) 00:11:29 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) pipe2$watch_queue(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r3 = socket(0xb, 0x0, 0x20) sendmsg$L2TP_CMD_SESSION_GET(r3, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x1c, 0x0, 0x20, 0x70bd2c, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x20004010) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r2, 0x110, 0x4, &(0x7f0000000440)=0x2, 0x4) 00:11:29 executing program 0: syz_emit_vhci(0x0, 0x0) 00:11:30 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) pipe2$watch_queue(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r3 = socket(0xb, 0x0, 0x20) sendmsg$L2TP_CMD_SESSION_GET(r3, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x1c, 0x0, 0x20, 0x70bd2c, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x20004010) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r2, 0x110, 0x4, &(0x7f0000000440)=0x2, 0x4) 00:11:30 executing program 3: socket$isdn(0x22, 0x2, 0x4) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, &(0x7f0000000000)=[0x1, 0x3], 0x2) 00:11:30 executing program 1: sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@mpls_getnetconf={0x34, 0x52, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1f}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1ff}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0xc030}, 0x28041) 00:11:30 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) pipe2$watch_queue(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r3 = socket(0xb, 0x0, 0x20) sendmsg$L2TP_CMD_SESSION_GET(r3, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x1c, 0x0, 0x20, 0x70bd2c, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x20004010) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r2, 0x110, 0x4, &(0x7f0000000440)=0x2, 0x4) 00:11:30 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x1, 0x0, &(0x7f0000000140)=[0x0]}) 00:11:30 executing program 0: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_channel_selected={{0x41, 0x1}}}, 0x4) 00:11:30 executing program 3: r0 = socket$rxrpc(0x21, 0x2, 0xa) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000000)=[0x1, 0x3], 0x2) 00:11:30 executing program 2: r0 = semget(0x3, 0x4, 0x223) semctl$GETZCNT(r0, 0x3, 0xf, &(0x7f0000000000)=""/208) semctl$GETZCNT(r0, 0x4, 0xf, &(0x7f0000000100)=""/107) 00:11:30 executing program 1: sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@mpls_getnetconf={0x34, 0x52, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1f}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1ff}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0xc030}, 0x28041) 00:11:30 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{0x0}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={r1, 0x2}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}}}, 0xd) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="142d09edc800e7f944000008"], 0xc) ptrace$peeksig(0x4209, 0xffffffffffffffff, &(0x7f0000000200)={0x6}, &(0x7f0000000240)) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_SET_MASTER(r2, 0x641e) ioctl$DRM_IOCTL_MODE_SETPLANE(r2, 0xc03064b7, &(0x7f0000000300)={0x0, 0x4a7, 0x3, 0x4, 0x6, 0x7f, 0x7f, 0x2, 0x2, 0x6, 0xfffffff8, 0x9}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000280)={&(0x7f00000000c0)=[0x2], 0x1, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r3, 0xc02064cc, &(0x7f00000002c0)={0x0, 0x0, 0x2, 0x6, 0x2}) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r4, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_NEW_CTX(r4, 0x40086425, &(0x7f0000000240)={r0, 0x3}) openat$cgroup_procs(r4, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) 00:11:30 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) pipe2$watch_queue(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r3 = socket(0xb, 0x0, 0x20) sendmsg$L2TP_CMD_SESSION_GET(r3, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x1c, 0x0, 0x20, 0x70bd2c, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x20004010) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r2, 0x110, 0x4, &(0x7f0000000440)=0x2, 0x4) 00:11:30 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x1, 0x0, &(0x7f0000000140)=[0x0]}) 00:11:30 executing program 3: r0 = socket$rxrpc(0x21, 0x2, 0x0) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000000)=[0x1, 0x3], 0x2) 00:11:30 executing program 1: sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@mpls_getnetconf={0x34, 0x52, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1f}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1ff}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0xc030}, 0x28041) 00:11:30 executing program 2: r0 = semget(0x3, 0x4, 0x223) semctl$GETZCNT(r0, 0x3, 0xf, &(0x7f0000000000)=""/208) semctl$GETZCNT(r0, 0x4, 0xf, &(0x7f0000000100)=""/107) 00:11:30 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) pipe2$watch_queue(&(0x7f0000000400), 0x80) r2 = socket(0xb, 0x0, 0x20) sendmsg$L2TP_CMD_SESSION_GET(r2, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x1c, 0x0, 0x20, 0x70bd2c, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x20004010) 00:11:30 executing program 3: r0 = socket$rxrpc(0x21, 0x2, 0x0) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000000)=[0x1, 0x3], 0x2) 00:11:30 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{0x0}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={r1, 0x2}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}}}, 0xd) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="142d09edc800e7f944000008"], 0xc) ptrace$peeksig(0x4209, 0xffffffffffffffff, &(0x7f0000000200)={0x6}, &(0x7f0000000240)) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_SET_MASTER(r2, 0x641e) ioctl$DRM_IOCTL_MODE_SETPLANE(r2, 0xc03064b7, &(0x7f0000000300)={0x0, 0x4a7, 0x3, 0x4, 0x6, 0x7f, 0x7f, 0x2, 0x2, 0x6, 0xfffffff8, 0x9}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000280)={&(0x7f00000000c0)=[0x2], 0x1, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r3, 0xc02064cc, &(0x7f00000002c0)={0x0, 0x0, 0x2, 0x6, 0x2}) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r4, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_NEW_CTX(r4, 0x40086425, &(0x7f0000000240)={r0, 0x3}) openat$cgroup_procs(r4, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) 00:11:30 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@mpls_getnetconf={0x34, 0x52, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1f}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1ff}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0xc030}, 0x28041) 00:11:30 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x1, 0x0, &(0x7f0000000140)=[0x0]}) 00:11:30 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x6a) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info_with_rssi={{0x22, 0x39}, {0x4, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x9b, 0x3, "f3a297", 0x81, 0x8d}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x20, 0x7f, "5db295", 0x9, 0x4}, {@none, 0x1d, 0x6, "ebc4cf", 0x179, 0x3}, {@any, 0x3f, 0xa3, 'L\f#', 0x738, 0x1f}]}}}, 0x3c) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000080)={0x0, 0x1, r0}) [ 690.291218][ T5502] Bluetooth: Frame is too long (len 101, expected len 4) 00:11:30 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@mpls_getnetconf={0x34, 0x52, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1f}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1ff}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0xc030}, 0x28041) 00:11:30 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) pipe2$watch_queue(&(0x7f0000000400), 0x80) socket(0xb, 0x0, 0x20) 00:11:30 executing program 3: r0 = socket$rxrpc(0x21, 0x2, 0x0) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000000)=[0x1, 0x3], 0x2) 00:11:30 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@mpls_getnetconf={0x34, 0x52, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1f}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1ff}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0xc030}, 0x28041) 00:11:30 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x1, 0x0, &(0x7f0000000140)=[0x0]}) 00:11:30 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{0x0}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={r1, 0x2}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}}}, 0xd) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="142d09edc800e7f944000008"], 0xc) ptrace$peeksig(0x4209, 0xffffffffffffffff, &(0x7f0000000200)={0x6}, &(0x7f0000000240)) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_SET_MASTER(r2, 0x641e) ioctl$DRM_IOCTL_MODE_SETPLANE(r2, 0xc03064b7, &(0x7f0000000300)={0x0, 0x4a7, 0x3, 0x4, 0x6, 0x7f, 0x7f, 0x2, 0x2, 0x6, 0xfffffff8, 0x9}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000280)={&(0x7f00000000c0)=[0x2], 0x1, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r3, 0xc02064cc, &(0x7f00000002c0)={0x0, 0x0, 0x2, 0x6, 0x2}) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r4, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_NEW_CTX(r4, 0x40086425, &(0x7f0000000240)={r0, 0x3}) openat$cgroup_procs(r4, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) 00:11:30 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x6a) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info_with_rssi={{0x22, 0x39}, {0x4, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x9b, 0x3, "f3a297", 0x81, 0x8d}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x20, 0x7f, "5db295", 0x9, 0x4}, {@none, 0x1d, 0x6, "ebc4cf", 0x179, 0x3}, {@any, 0x3f, 0xa3, 'L\f#', 0x738, 0x1f}]}}}, 0x3c) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000080)={0x0, 0x1, r0}) [ 690.375337][ T5502] Bluetooth: Frame is too long (len 101, expected len 4) 00:11:30 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) pipe2$watch_queue(&(0x7f0000000400), 0x80) 00:11:30 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x1, 0x0, &(0x7f0000000140)=[0x0]}) 00:11:30 executing program 2: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000e40000740b49178ceded45cc77313cbe9d568262e8567c060d47ce0fcbedb50789f73c267d60ba6ca938e563d7153b4b81b16336262e88d5c23d5f40e6a825397d13379cf89c066c4b05615ba18e1318a312e43573cfe3d73ad68626c203a458066a7826a2256e593bb20279053ec7cbbbb612337dc0b455c722709f50d40e5eab6094cc81b6241bc0f78d5ea5cd10819c3d8a585926ab1019a12b7541fca827a3894de43540ad72b0749f0d57879441ca0ac7f02ec0d1d3442ce3dd3f90731dfaf2f6d73eecd5c397b18bdcbda21440aeeccb6a383122b0ec4e9f17927377e1d59019d2084a27b6c8997cd3b8d1a2795123efcea2d51ee52121f59d3130017611a685558519c86dfaf43048ad3e7c817488b7b0a575997dc46a27e1ff8a15ff5a01b2622dd86ba686db282250262d08a6c33216401796c48ffce9949758790ef09c64fec65eb035fd4b06a96ad1c2f7758a9badc30870350521fa50f12015c71f401942a53e1bb71fa0a87c0835eab41dead74b3592f2be528b96fa"], 0x50}}, 0x0) 00:11:30 executing program 1: socket$isdn(0x22, 0x2, 0x2) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@mpls_getnetconf={0x34, 0x52, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1f}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1ff}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0xc030}, 0x28041) 00:11:30 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{0x0}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={r1, 0x2}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}}}, 0xd) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="142d09edc800e7f944000008"], 0xc) ptrace$peeksig(0x4209, 0xffffffffffffffff, &(0x7f0000000200)={0x6}, &(0x7f0000000240)) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_SET_MASTER(r2, 0x641e) ioctl$DRM_IOCTL_MODE_SETPLANE(r2, 0xc03064b7, &(0x7f0000000300)={0x0, 0x4a7, 0x3, 0x4, 0x6, 0x7f, 0x7f, 0x2, 0x2, 0x6, 0xfffffff8, 0x9}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000280)={&(0x7f00000000c0)=[0x2], 0x1, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r3, 0xc02064cc, &(0x7f00000002c0)={0x0, 0x0, 0x2, 0x6, 0x2}) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r4, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_NEW_CTX(r4, 0x40086425, &(0x7f0000000240)={r0, 0x3}) 00:11:30 executing program 3: socket$rxrpc(0x21, 0x2, 0xa) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, &(0x7f0000000000)=[0x1, 0x3], 0x2) [ 690.479685][T25568] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 00:11:30 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000180)={0x1, 0x0, &(0x7f0000000140)=[0x0]}) 00:11:30 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:30 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9], 0x1, 0x1000, 0x0, 0xffffffffffffffff}) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x50800, 0x0) pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r4, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000001c0)={0x0, 0x6, [{r1, 0x0, 0x0, 0x20000ffff7000}, {0xffffffffffffffff, 0x0, 0xfffff000, 0x4000}, {r2, 0x0, 0x1000, 0x10000}, {r3, 0x0, 0x4000, 0x10000}, {r4, 0x0, 0x1000000, 0x10000}, {0xffffffffffffffff, 0x0, 0xfffffffffffff000, 0xfffffffff0000000}]}) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}, {0x77, 0xc9, 0x4, 0x8, 0x8}}}, 0xb) 00:11:30 executing program 1: socket$isdn(0x22, 0x2, 0x2) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@mpls_getnetconf={0x34, 0x52, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1f}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1ff}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0xc030}, 0x28041) 00:11:30 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={r0, 0x2}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}}}, 0xd) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="142d09edc800e7f944000008"], 0xc) ptrace$peeksig(0x4209, 0xffffffffffffffff, &(0x7f0000000200)={0x6}, &(0x7f0000000240)) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_SET_MASTER(r1, 0x641e) ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f0000000300)={0x0, 0x4a7, 0x3, 0x4, 0x6, 0x7f, 0x7f, 0x2, 0x2, 0x6, 0xfffffff8, 0x9}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f00000000c0)=[0x2], 0x1, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r2, 0xc02064cc, &(0x7f00000002c0)={0x0, 0x0, 0x2, 0x6, 0x2}) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) 00:11:30 executing program 5: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000e40000740b49178ceded45cc77313cbe9d568262e8567c060d47ce0fcbedb50789f73c267d60ba6ca938e563d7153b4b81b16336262e88d5c23d5f40e6a825397d13379cf89c066c4b05615ba18e1318a312e43573cfe3d73ad68626c203a458066a7826a2256e593bb20279053ec7cbbbb612337dc0b455c722709f50d40e5eab6094cc81b6241bc0f78d5ea5cd10819c3d8a585926ab1019a12b7541fca827a3894de43540ad72b0749f0d57879441ca0ac7f02ec0d1d3442ce3dd3f90731dfaf2f6d73eecd5c397b18bdcbda21440aeeccb6a383122b0ec4e9f17927377e1d59019d2084a27b6c8997cd3b8d1a2795123efcea2d51ee52121f59d3130017611a685558519c86dfaf43048ad3e7c817488b7b0a575997dc46a27e1ff8a15ff5a01b2622dd86ba686db282250262d08a6c33216401796c48ffce9949758790ef09c64fec65eb035fd4b06a96ad1c2f7758a9badc30870350521fa50f12015c71f401942a53e1bb71fa0a87c0835eab41dead7"], 0x50}}, 0x0) 00:11:30 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:30 executing program 3: socket$rxrpc(0x21, 0x2, 0xa) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, &(0x7f0000000000)=[0x1, 0x3], 0x2) 00:11:30 executing program 1: socket$isdn(0x22, 0x2, 0x2) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@mpls_getnetconf={0x34, 0x52, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1f}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1ff}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0xc030}, 0x28041) 00:11:30 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9], 0x1, 0x1000, 0x0, 0xffffffffffffffff}) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x50800, 0x0) pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r4, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000001c0)={0x0, 0x6, [{r1, 0x0, 0x0, 0x20000ffff7000}, {0xffffffffffffffff, 0x0, 0xfffff000, 0x4000}, {r2, 0x0, 0x1000, 0x10000}, {r3, 0x0, 0x4000, 0x10000}, {r4, 0x0, 0x1000000, 0x10000}, {0xffffffffffffffff, 0x0, 0xfffffffffffff000, 0xfffffffff0000000}]}) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}, {0x77, 0xc9, 0x4, 0x8, 0x8}}}, 0xb) 00:11:30 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={r0, 0x2}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}}}, 0xd) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="142d09edc800e7f944000008"], 0xc) ptrace$peeksig(0x4209, 0xffffffffffffffff, &(0x7f0000000200)={0x6}, &(0x7f0000000240)) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_SET_MASTER(r1, 0x641e) ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f0000000300)={0x0, 0x4a7, 0x3, 0x4, 0x6, 0x7f, 0x7f, 0x2, 0x2, 0x6, 0xfffffff8, 0x9}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f00000000c0)=[0x2], 0x1, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r2, 0xc02064cc, &(0x7f00000002c0)={0x0, 0x0, 0x2, 0x6, 0x2}) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) 00:11:30 executing program 3: socket$rxrpc(0x21, 0x2, 0xa) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, &(0x7f0000000000)=[0x1, 0x3], 0x2) 00:11:30 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x2) sendmsg$nl_route(r0, 0x0, 0x28041) [ 690.678396][T25589] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.5'. 00:11:30 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:30 executing program 5: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:30 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={r0, 0x2}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}}}, 0xd) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="142d09edc800e7f944000008"], 0xc) ptrace$peeksig(0x4209, 0xffffffffffffffff, &(0x7f0000000200)={0x6}, &(0x7f0000000240)) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_SET_MASTER(r1, 0x641e) ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f0000000300)={0x0, 0x4a7, 0x3, 0x4, 0x6, 0x7f, 0x7f, 0x2, 0x2, 0x6, 0xfffffff8, 0x9}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f00000000c0)=[0x2], 0x1, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r2, 0xc02064cc, &(0x7f00000002c0)={0x0, 0x0, 0x2, 0x6, 0x2}) 00:11:30 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9], 0x1, 0x1000, 0x0, 0xffffffffffffffff}) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x50800, 0x0) pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r4, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000001c0)={0x0, 0x6, [{r1, 0x0, 0x0, 0x20000ffff7000}, {0xffffffffffffffff, 0x0, 0xfffff000, 0x4000}, {r2, 0x0, 0x1000, 0x10000}, {r3, 0x0, 0x4000, 0x10000}, {r4, 0x0, 0x1000000, 0x10000}, {0xffffffffffffffff, 0x0, 0xfffffffffffff000, 0xfffffffff0000000}]}) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}, {0x77, 0xc9, 0x4, 0x8, 0x8}}}, 0xb) 00:11:30 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x2) sendmsg$nl_route(r0, 0x0, 0x28041) 00:11:30 executing program 3: r0 = socket$rxrpc(0x21, 0x2, 0xa) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, 0x0, 0x0) 00:11:30 executing program 5: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:30 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:30 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={r0, 0x2}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}}}, 0xd) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="142d09edc800e7f944000008"], 0xc) ptrace$peeksig(0x4209, 0xffffffffffffffff, &(0x7f0000000200)={0x6}, &(0x7f0000000240)) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_SET_MASTER(r1, 0x641e) ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f0000000300)={0x0, 0x4a7, 0x3, 0x4, 0x6, 0x7f, 0x7f, 0x2, 0x2, 0x6, 0xfffffff8, 0x9}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f00000000c0)=[0x2], 0x1}) 00:11:30 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x2) sendmsg$nl_route(r0, 0x0, 0x28041) 00:11:30 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9], 0x1, 0x1000, 0x0, 0xffffffffffffffff}) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x50800, 0x0) pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r4, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000001c0)={0x0, 0x6, [{r1, 0x0, 0x0, 0x20000ffff7000}, {0xffffffffffffffff, 0x0, 0xfffff000, 0x4000}, {r2, 0x0, 0x1000, 0x10000}, {r3, 0x0, 0x4000, 0x10000}, {r4, 0x0, 0x1000000, 0x10000}, {0xffffffffffffffff, 0x0, 0xfffffffffffff000, 0xfffffffff0000000}]}) 00:11:30 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:30 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r1, 0xffffffffffffffff, 0x0) add_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000280)="4e4d0dc06515791067e42cbf50f14c594c22e0f82962185a4da60f730b1c9be37efd67a2b664f94ed1e9e023ef22e06a8a7a0974f80f20a768c63fc42e7d063dfdab423ca21d349240e37f9a5771d4f1ca1ad1e54c40b4f157ef9ac1715842a7903639c7c31b06891ef80aeee39c59190a4c5cf8218fb4cbc3815723889611fd4de188ed20faaf2a521b27c3c940dd446504b4feaea1eb80ac7b1dd48de572e645930543c80aa490985e5121fec175bec449c85b243a0af16ee64e6ed07c26e358", 0xc1, r1) pipe2$watch_queue(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000240)={&(0x7f00000001c0)=[0x1f7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r3, 0x0) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, &(0x7f0000000080)={0x0, 0x1}) r4 = socket$isdn(0x22, 0x2, 0x3) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MARK_BUFS(r5, 0x40206417, &(0x7f0000000140)={0x480, 0xfffffff9, 0x4, 0x9, 0x2}) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) setsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000180), 0x4) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0xd4d01, 0x0) 00:11:30 executing program 5: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:30 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={r0, 0x2}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}}}, 0xd) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="142d09edc800e7f944000008"], 0xc) ptrace$peeksig(0x4209, 0xffffffffffffffff, &(0x7f0000000200)={0x6}, &(0x7f0000000240)) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_SET_MASTER(r1, 0x641e) ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f0000000300)={0x0, 0x4a7, 0x3, 0x4, 0x6, 0x7f, 0x7f, 0x2, 0x2, 0x6, 0xfffffff8, 0x9}) 00:11:30 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x2) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@mpls_getnetconf={0x34, 0x52, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1f}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1ff}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0xc030}, 0x28041) 00:11:30 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9], 0x1, 0x1000, 0x0, 0xffffffffffffffff}) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x50800, 0x0) pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r4, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000001c0)={0x0, 0x6, [{r1, 0x0, 0x0, 0x20000ffff7000}, {0xffffffffffffffff, 0x0, 0xfffff000, 0x4000}, {r2, 0x0, 0x1000, 0x10000}, {r3, 0x0, 0x4000, 0x10000}, {r4, 0x0, 0x1000000, 0x10000}, {0xffffffffffffffff, 0x0, 0xfffffffffffff000, 0xfffffffff0000000}]}) 00:11:30 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r1, 0xffffffffffffffff, 0x0) add_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000280)="4e4d0dc06515791067e42cbf50f14c594c22e0f82962185a4da60f730b1c9be37efd67a2b664f94ed1e9e023ef22e06a8a7a0974f80f20a768c63fc42e7d063dfdab423ca21d349240e37f9a5771d4f1ca1ad1e54c40b4f157ef9ac1715842a7903639c7c31b06891ef80aeee39c59190a4c5cf8218fb4cbc3815723889611fd4de188ed20faaf2a521b27c3c940dd446504b4feaea1eb80ac7b1dd48de572e645930543c80aa490985e5121fec175bec449c85b243a0af16ee64e6ed07c26e358", 0xc1, r1) pipe2$watch_queue(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000240)={&(0x7f00000001c0)=[0x1f7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r3, 0x0) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, &(0x7f0000000080)={0x0, 0x1}) r4 = socket$isdn(0x22, 0x2, 0x3) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MARK_BUFS(r5, 0x40206417, &(0x7f0000000140)={0x480, 0xfffffff9, 0x4, 0x9, 0x2}) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) setsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000180), 0x4) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0xd4d01, 0x0) 00:11:30 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:30 executing program 5: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:30 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x2) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc030}, 0x28041) 00:11:30 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9], 0x1, 0x1000, 0x0, 0xffffffffffffffff}) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x50800, 0x0) pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r4, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000001c0)={0x0, 0x6, [{r1, 0x0, 0x0, 0x20000ffff7000}, {0xffffffffffffffff, 0x0, 0xfffff000, 0x4000}, {r2, 0x0, 0x1000, 0x10000}, {r3, 0x0, 0x4000, 0x10000}, {r4, 0x0, 0x1000000, 0x10000}, {0xffffffffffffffff, 0x0, 0xfffffffffffff000, 0xfffffffff0000000}]}) 00:11:30 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={r0, 0x2}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}}}, 0xd) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="142d09edc800e7f944000008"], 0xc) ptrace$peeksig(0x4209, 0xffffffffffffffff, &(0x7f0000000200)={0x6}, &(0x7f0000000240)) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_SET_MASTER(r1, 0x641e) 00:11:31 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x2) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc030}, 0x28041) 00:11:31 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r1, 0xffffffffffffffff, 0x0) add_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000280)="4e4d0dc06515791067e42cbf50f14c594c22e0f82962185a4da60f730b1c9be37efd67a2b664f94ed1e9e023ef22e06a8a7a0974f80f20a768c63fc42e7d063dfdab423ca21d349240e37f9a5771d4f1ca1ad1e54c40b4f157ef9ac1715842a7903639c7c31b06891ef80aeee39c59190a4c5cf8218fb4cbc3815723889611fd4de188ed20faaf2a521b27c3c940dd446504b4feaea1eb80ac7b1dd48de572e645930543c80aa490985e5121fec175bec449c85b243a0af16ee64e6ed07c26e358", 0xc1, r1) pipe2$watch_queue(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000240)={&(0x7f00000001c0)=[0x1f7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r3, 0x0) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, &(0x7f0000000080)={0x0, 0x1}) r4 = socket$isdn(0x22, 0x2, 0x3) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MARK_BUFS(r5, 0x40206417, &(0x7f0000000140)={0x480, 0xfffffff9, 0x4, 0x9, 0x2}) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) setsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000180), 0x4) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0xd4d01, 0x0) 00:11:31 executing program 5: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9], 0x1, 0x1000}) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x50800, 0x0) pipe2$watch_queue(&(0x7f0000000140), 0x80) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}, {0x77, 0xc9, 0x4, 0x8, 0x8}}}, 0xb) 00:11:31 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x2) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc030}, 0x28041) 00:11:31 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={r0, 0x2}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}}}, 0xd) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="142d09edc800e7f944000008"], 0xc) ptrace$peeksig(0x4209, 0xffffffffffffffff, &(0x7f0000000200)={0x6}, &(0x7f0000000240)) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) 00:11:31 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 5: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2048c024}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r1, 0xffffffffffffffff, 0x0) add_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000280)="4e4d0dc06515791067e42cbf50f14c594c22e0f82962185a4da60f730b1c9be37efd67a2b664f94ed1e9e023ef22e06a8a7a0974f80f20a768c63fc42e7d063dfdab423ca21d349240e37f9a5771d4f1ca1ad1e54c40b4f157ef9ac1715842a7903639c7c31b06891ef80aeee39c59190a4c5cf8218fb4cbc3815723889611fd4de188ed20faaf2a521b27c3c940dd446504b4feaea1eb80ac7b1dd48de572e645930543c80aa490985e5121fec175bec449c85b243a0af16ee64e6ed07c26e358", 0xc1, r1) pipe2$watch_queue(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000240)={&(0x7f00000001c0)=[0x1f7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r3, 0x0) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, &(0x7f0000000080)={0x0, 0x1}) r4 = socket$isdn(0x22, 0x2, 0x3) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MARK_BUFS(r5, 0x40206417, &(0x7f0000000140)={0x480, 0xfffffff9, 0x4, 0x9, 0x2}) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) setsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000180), 0x4) 00:11:31 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x2) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0xc030}, 0x28041) 00:11:31 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9], 0x1, 0x1000}) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x50800, 0x0) pipe2$watch_queue(&(0x7f0000000140), 0x80) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}, {0x77, 0xc9, 0x4, 0x8, 0x8}}}, 0xb) 00:11:31 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={r0, 0x2}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}}}, 0xd) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="142d09edc800e7f944000008"], 0xc) ptrace$peeksig(0x4209, 0xffffffffffffffff, &(0x7f0000000200)={0x6}, &(0x7f0000000240)) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) 00:11:31 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 5: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x2) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x28041) 00:11:31 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={r0, 0x2}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}}}, 0xd) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="142d09edc800e7f944000008"], 0xc) ptrace$peeksig(0x4209, 0xffffffffffffffff, &(0x7f0000000200)={0x6}, &(0x7f0000000240)) 00:11:31 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9], 0x1, 0x1000}) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x50800, 0x0) pipe2$watch_queue(&(0x7f0000000140), 0x80) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}, {0x77, 0xc9, 0x4, 0x8, 0x8}}}, 0xb) 00:11:31 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r1, 0xffffffffffffffff, 0x0) add_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000280)="4e4d0dc06515791067e42cbf50f14c594c22e0f82962185a4da60f730b1c9be37efd67a2b664f94ed1e9e023ef22e06a8a7a0974f80f20a768c63fc42e7d063dfdab423ca21d349240e37f9a5771d4f1ca1ad1e54c40b4f157ef9ac1715842a7903639c7c31b06891ef80aeee39c59190a4c5cf8218fb4cbc3815723889611fd4de188ed20faaf2a521b27c3c940dd446504b4feaea1eb80ac7b1dd48de572e645930543c80aa490985e5121fec175bec449c85b243a0af16ee64e6ed07c26e358", 0xc1, r1) pipe2$watch_queue(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000240)={&(0x7f00000001c0)=[0x1f7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r3, 0x0) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, &(0x7f0000000080)={0x0, 0x1}) socket$isdn(0x22, 0x2, 0x3) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r4, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MARK_BUFS(r4, 0x40206417, &(0x7f0000000140)={0x480, 0xfffffff9, 0x4, 0x9, 0x2}) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) 00:11:31 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x2) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 00:11:31 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 5: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9], 0x1, 0x1000}) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x50800, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}, {0x77, 0xc9, 0x4, 0x8, 0x8}}}, 0xb) 00:11:31 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x2) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 00:11:31 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={r0, 0x2}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}}}, 0xd) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="142d09edc800e7f944000008"], 0xc) 00:11:31 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r1, 0xffffffffffffffff, 0x0) add_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000280)="4e4d0dc06515791067e42cbf50f14c594c22e0f82962185a4da60f730b1c9be37efd67a2b664f94ed1e9e023ef22e06a8a7a0974f80f20a768c63fc42e7d063dfdab423ca21d349240e37f9a5771d4f1ca1ad1e54c40b4f157ef9ac1715842a7903639c7c31b06891ef80aeee39c59190a4c5cf8218fb4cbc3815723889611fd4de188ed20faaf2a521b27c3c940dd446504b4feaea1eb80ac7b1dd48de572e645930543c80aa490985e5121fec175bec449c85b243a0af16ee64e6ed07c26e358", 0xc1, r1) pipe2$watch_queue(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000240)={&(0x7f00000001c0)=[0x1f7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r3, 0x0) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, &(0x7f0000000080)={0x0, 0x1}) socket$isdn(0x22, 0x2, 0x3) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r4, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MARK_BUFS(r4, 0x40206417, &(0x7f0000000140)={0x480, 0xfffffff9, 0x4, 0x9, 0x2}) 00:11:31 executing program 5: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9], 0x1, 0x1000}) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}, {0x77, 0xc9, 0x4, 0x8, 0x8}}}, 0xb) 00:11:31 executing program 1: r0 = socket$isdn(0x22, 0x2, 0x2) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 00:11:31 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={r0, 0x2}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}}}, 0xd) 00:11:31 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r1, 0xffffffffffffffff, 0x0) add_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000280)="4e4d0dc06515791067e42cbf50f14c594c22e0f82962185a4da60f730b1c9be37efd67a2b664f94ed1e9e023ef22e06a8a7a0974f80f20a768c63fc42e7d063dfdab423ca21d349240e37f9a5771d4f1ca1ad1e54c40b4f157ef9ac1715842a7903639c7c31b06891ef80aeee39c59190a4c5cf8218fb4cbc3815723889611fd4de188ed20faaf2a521b27c3c940dd446504b4feaea1eb80ac7b1dd48de572e645930543c80aa490985e5121fec175bec449c85b243a0af16ee64e6ed07c26e358", 0xc1, r1) pipe2$watch_queue(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000240)={&(0x7f00000001c0)=[0x1f7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r3, 0x0) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, &(0x7f0000000080)={0x0, 0x1}) socket$isdn(0x22, 0x2, 0x3) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r4, &(0x7f0000001080)='syz1\x00', 0x1ff) 00:11:31 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9], 0x1, 0x1000}) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}, {0x77, 0xc9, 0x4, 0x8, 0x8}}}, 0xb) 00:11:31 executing program 5: socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 1: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9], 0x1, 0x1000}) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x50800, 0x0) pipe2$watch_queue(&(0x7f0000000140), 0x80) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}, {0x77, 0xc9, 0x4, 0x8, 0x8}}}, 0xb) 00:11:31 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={r0, 0x2}) 00:11:31 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r1, 0xffffffffffffffff, 0x0) add_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000280)="4e4d0dc06515791067e42cbf50f14c594c22e0f82962185a4da60f730b1c9be37efd67a2b664f94ed1e9e023ef22e06a8a7a0974f80f20a768c63fc42e7d063dfdab423ca21d349240e37f9a5771d4f1ca1ad1e54c40b4f157ef9ac1715842a7903639c7c31b06891ef80aeee39c59190a4c5cf8218fb4cbc3815723889611fd4de188ed20faaf2a521b27c3c940dd446504b4feaea1eb80ac7b1dd48de572e645930543c80aa490985e5121fec175bec449c85b243a0af16ee64e6ed07c26e358", 0xc1, r1) pipe2$watch_queue(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000240)={&(0x7f00000001c0)=[0x1f7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r3, 0x0) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, &(0x7f0000000080)={0x0, 0x1}) socket$isdn(0x22, 0x2, 0x3) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) 00:11:31 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}, {0x77, 0xc9, 0x4, 0x8, 0x8}}}, 0xb) 00:11:31 executing program 5: socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 1: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r1, 0xffffffffffffffff, 0x0) add_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000280)="4e4d0dc06515791067e42cbf50f14c594c22e0f82962185a4da60f730b1c9be37efd67a2b664f94ed1e9e023ef22e06a8a7a0974f80f20a768c63fc42e7d063dfdab423ca21d349240e37f9a5771d4f1ca1ad1e54c40b4f157ef9ac1715842a7903639c7c31b06891ef80aeee39c59190a4c5cf8218fb4cbc3815723889611fd4de188ed20faaf2a521b27c3c940dd446504b4feaea1eb80ac7b1dd48de572e645930543c80aa490985e5121fec175bec449c85b243a0af16ee64e6ed07c26e358", 0xc1, r1) pipe2$watch_queue(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000240)={&(0x7f00000001c0)=[0x1f7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r3, 0x0) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, &(0x7f0000000080)={0x0, 0x1}) socket$isdn(0x22, 0x2, 0x3) 00:11:31 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={r0, 0x2}) 00:11:31 executing program 5: socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 1: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}, {0x77, 0xc9, 0x4, 0x8, 0x8}}}, 0xb) 00:11:31 executing program 4: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r1, 0xffffffffffffffff, 0x0) add_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000280)="4e4d0dc06515791067e42cbf50f14c594c22e0f82962185a4da60f730b1c9be37efd67a2b664f94ed1e9e023ef22e06a8a7a0974f80f20a768c63fc42e7d063dfdab423ca21d349240e37f9a5771d4f1ca1ad1e54c40b4f157ef9ac1715842a7903639c7c31b06891ef80aeee39c59190a4c5cf8218fb4cbc3815723889611fd4de188ed20faaf2a521b27c3c940dd446504b4feaea1eb80ac7b1dd48de572e645930543c80aa490985e5121fec175bec449c85b243a0af16ee64e6ed07c26e358", 0xc1, r1) pipe2$watch_queue(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000240)={&(0x7f00000001c0)=[0x1f7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r3, 0x0) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, &(0x7f0000000080)={0x0, 0x1}) 00:11:31 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={r0, 0x2}) 00:11:31 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, 0x0, 0x40010) 00:11:31 executing program 2: syz_emit_vhci(0x0, 0x0) 00:11:31 executing program 4: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r1, 0xffffffffffffffff, 0x0) add_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000280)="4e4d0dc06515791067e42cbf50f14c594c22e0f82962185a4da60f730b1c9be37efd67a2b664f94ed1e9e023ef22e06a8a7a0974f80f20a768c63fc42e7d063dfdab423ca21d349240e37f9a5771d4f1ca1ad1e54c40b4f157ef9ac1715842a7903639c7c31b06891ef80aeee39c59190a4c5cf8218fb4cbc3815723889611fd4de188ed20faaf2a521b27c3c940dd446504b4feaea1eb80ac7b1dd48de572e645930543c80aa490985e5121fec175bec449c85b243a0af16ee64e6ed07c26e358", 0xc1, r1) pipe2$watch_queue(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000240)={&(0x7f00000001c0)=[0x1f7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r3, 0x0) 00:11:31 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {}]}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}}}, 0xd) 00:11:31 executing program 1: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, 0x0, 0x40010) 00:11:31 executing program 2: syz_emit_vhci(0x0, 0x0) 00:11:31 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r1, 0xffffffffffffffff, 0x0) add_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000280)="4e4d0dc06515791067e42cbf50f14c594c22e0f82962185a4da60f730b1c9be37efd67a2b664f94ed1e9e023ef22e06a8a7a0974f80f20a768c63fc42e7d063dfdab423ca21d349240e37f9a5771d4f1ca1ad1e54c40b4f157ef9ac1715842a7903639c7c31b06891ef80aeee39c59190a4c5cf8218fb4cbc3815723889611fd4de188ed20faaf2a521b27c3c940dd446504b4feaea1eb80ac7b1dd48de572e645930543c80aa490985e5121fec175bec449c85b243a0af16ee64e6ed07c26e358", 0xc1, r1) pipe2$watch_queue(&(0x7f0000000200), 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) 00:11:31 executing program 4: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 1: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 0: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}}}, 0xd) 00:11:31 executing program 2: syz_emit_vhci(0x0, 0x0) 00:11:31 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, 0x0, 0x40010) 00:11:31 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, 0x0, 0x40010) 00:11:31 executing program 1: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r1, 0xffffffffffffffff, 0x0) add_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000280)="4e4d0dc06515791067e42cbf50f14c594c22e0f82962185a4da60f730b1c9be37efd67a2b664f94ed1e9e023ef22e06a8a7a0974f80f20a768c63fc42e7d063dfdab423ca21d349240e37f9a5771d4f1ca1ad1e54c40b4f157ef9ac1715842a7903639c7c31b06891ef80aeee39c59190a4c5cf8218fb4cbc3815723889611fd4de188ed20faaf2a521b27c3c940dd446504b4feaea1eb80ac7b1dd48de572e645930543c80aa490985e5121fec175bec449c85b243a0af16ee64e6ed07c26e358", 0xc1, r1) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) 00:11:31 executing program 0: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}}}, 0xd) 00:11:31 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}, {0x0, 0xc9, 0x4, 0x8, 0x8}}}, 0xb) 00:11:31 executing program 1: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:31 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, 0x0, 0x40010) 00:11:31 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r1, 0xffffffffffffffff, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) 00:11:32 executing program 0: syz_emit_vhci(0x0, 0x0) 00:11:32 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}, {0x0, 0x0, 0x4, 0x8, 0x8}}}, 0xb) 00:11:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x40010) 00:11:32 executing program 1: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, 0x0, 0x40010) 00:11:32 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) 00:11:32 executing program 0: syz_emit_vhci(0x0, 0x0) 00:11:32 executing program 1: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}, {0x0, 0x0, 0x0, 0x8, 0x8}}}, 0xb) 00:11:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x40010) 00:11:32 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) 00:11:32 executing program 0: syz_emit_vhci(0x0, 0x0) 00:11:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x40010) 00:11:32 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x8}}}, 0xb) 00:11:32 executing program 1: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0xc, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x40800) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 0: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed, 0x9}}}, 0xd) 00:11:32 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) 00:11:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x40010) 00:11:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x40010) 00:11:32 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}}}, 0xb) 00:11:32 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) 00:11:32 executing program 0: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@fixed}}}, 0xd) 00:11:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x40010) 00:11:32 executing program 1: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0)={0x9, 0x100, 0x8, 0x2af2, 0x394, 0x10000, 0x8001}) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x40010) 00:11:32 executing program 2: syz_emit_vhci(0x0, 0x0) 00:11:32 executing program 3: add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0) 00:11:32 executing program 1: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 0: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r1, 0xffffffffffffffff, 0x0) add_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000280)="4e4d0dc06515791067e42cbf50f14c594c22e0f82962185a4da60f730b1c9be37efd67a2b664f94ed1e9e023ef22e06a8a7a0974f80f20a768c63fc42e7d063dfdab423ca21d349240e37f9a5771d4f1ca1ad1e54c40b4f157ef9ac1715842a7903639c7c31b06891ef80aeee39c59190a4c5cf8218fb4cbc3815723889611fd4de188ed20faaf2a521b27c3c940dd446504b4feaea1eb80ac7b1dd48de572e645930543c80aa490985e5121fec175bec449c85b243a0af16ee64e6ed07c26e358", 0xc1, r1) pipe2$watch_queue(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000240)={&(0x7f00000001c0)=[0x1f7], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r3, 0x0) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, &(0x7f0000000080)={0x0, 0x1}) socket$isdn(0x22, 0x2, 0x3) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) 00:11:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x40010) 00:11:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x40010) 00:11:32 executing program 2: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000e40000740b49178ceded45cc77313cbe9d568262e8567c060d47ce0fcbedb50789f73c267d60ba6ca938e563d7153b4b81b16336262e88d5c23d5f40e6a825397d13379cf89c066c4b05615ba18e1318a312e43573cfe3d73ad68626c203a458066a7826a2256e593bb20279053ec7cbbbb612337dc0b455c722709f50d40e5eab6094cc81b6241bc0f78d5ea5cd10819c3d8a585926ab1019a12b7541fca827a3894de43540ad72b0749f0d57879441ca0ac7f02ec0d1d3442ce3dd3f90731dfaf2f6d73eecd5c397b18bdcbda21440aeeccb6a383122b0ec4e9f17927377e1d59019d2084a27b6c8997cd3b8d1a2795123efcea2d51ee52121f59d3130017611a685558519c86dfaf43048ad3e7c817488b7b0a575997dc46a27e1ff8a15ff5a01b2622dd86ba686db282250262d08a6c33216401796c48ffce9949758790ef09c64fec65eb035fd4b06a96ad1c2f7758a9badc30870350521fa50f12015c71f401942a53e1bb71fa0a87c0835eab41dead74b3592f2be528b96fa5b0dc0cf73fed8e8c586d46fb5b4b6f581c83c71467adb7f1f"], 0x50}}, 0x0) 00:11:32 executing program 3: add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0) 00:11:32 executing program 0: socket$isdn(0x22, 0x2, 0x2) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000180)) add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000), 0x18100, 0x0) sendto$isdn(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="800100002400000012ef696d1db94d8aa4f7e83cbb4daabeb7a7c1029194e0d035ee6e49d3823abf7c6ff3fed9a43848b74376aa9bef45b72eae552c9c02890b159da43c2c3422cd02d6d0cae47aab4306e8ef4b19e40d0436ec49957d502c80342c0fb186dabb7fd7165af8713f21824c165fa74149c04df8192c23b47817de758c0720b83a65fb6babc0bfe9a0399ed80829d82dd712e974de594a60b5e30dcf82ddfd80d7fd67442cf7291ea5b828a32cdf7adbfe765e9d07ff8ce24c264ef200"/205], 0xcd, 0x4000, &(0x7f0000000140)={0x22, 0x2, 0x8, 0x8c, 0x3}, 0x6) 00:11:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x40010) 00:11:32 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) [ 692.487774][T25864] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 00:11:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0x0, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 3: add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0) 00:11:32 executing program 2: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000e40000740b49178ceded45cc77313cbe9d568262e8567c060d47ce0fcbedb50789f73c267d60ba6ca938e563d7153b4b81b16336262e88d5c23d5f40e6a825397d13379cf89c066c4b05615ba18e1318a312e43573cfe3d73ad68626c203a458066a7826a2256e593bb20279053ec7cbbbb612337dc0b455c722709f50d40e5eab6094cc81b6241bc0f78d5ea5cd10819c3d8a585926ab1019a12b7541fca827a3894de43540ad72b0749f0d57879441ca0ac7f02ec0d1d3442ce3dd3f90731dfaf2f6d73eecd5c397b18bdcbda21440aeeccb6a383122b0ec4e9f17927377e1d59019d2084a27b6c8997cd3b8d1a2795123efcea2d51ee52121f59d3130017611a685558519c86dfaf43048ad3e7c817488b7b0a575997dc46a27e1ff8a15ff5a01b2622dd86ba686db282250262d08a6c33216401796c48ffce9949758790ef09c64fec65eb035fd4b06a96ad1c2f7758a9badc30870350521fa50f12015c71f401942a53e1bb71fa0a87c0835eab41dead74b3592f2be528b96fa5b0dc0cf73fed8e8c586d46fb5b4b6f581c83c71467adb7f1fd3bb37a7e6941e91fb4018cec7981e0b4b141f09c0ed17cd6a395aa9c86168f5b811358a4d31f2888a6ed02e906223b0abdf9d3802cd171db0aa8988e3aac113234e3c85e0a8bd246de6b9f1097e98d81ef1a28b110e3c2f2bc57b576c40cc0e553e375c0d44"], 0x50}}, 0x0) [ 692.541571][T25873] trusted_key: encrypted_key: insufficient parameters specified 00:11:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x40010) 00:11:32 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0x0, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 0: socket$isdn(0x22, 0x2, 0x2) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000180)) add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000), 0x18100, 0x0) sendto$isdn(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="800100002400000012ef696d1db94d8aa4f7e83cbb4daabeb7a7c1029194e0d035ee6e49d3823abf7c6ff3fed9a43848b74376aa9bef45b72eae552c9c02890b159da43c2c3422cd02d6d0cae47aab4306e8ef4b19e40d0436ec49957d502c80342c0fb186dabb7fd7165af8713f21824c165fa74149c04df8192c23b47817de758c0720b83a65fb6babc0bfe9a0399ed80829d82dd712e974de594a60b5e30dcf82ddfd80d7fd67442cf7291ea5b828a32cdf7adbfe765e9d07ff8ce24c264ef200"/205], 0xcd, 0x4000, &(0x7f0000000140)={0x22, 0x2, 0x8, 0x8c, 0x3}, 0x6) 00:11:32 executing program 3: r0 = add_key(0x0, &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) [ 692.608228][T25880] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 00:11:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x40010) [ 692.622086][T25887] trusted_key: encrypted_key: insufficient parameters specified 00:11:32 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x7f6be808264b9db, 0x9d}, "3fb25f2e9fbb36c047c683d05eb6f50ba1e8e07219c22ddb5897b8503092956281291b3b67792571733d4d7a7cd9351b165c228d04167a87bb987db565f30e61485f6d157c4c14b617bf076efd4bb944c58a04c5c47f15f8951306d7072130b0e34faecb1bb2c8053acb2a8adcea7f41e76407713f105e713f927f510d1e90ef2215c80b3ba676a11ff3964b99abe2f9c605c01e748d820788e4b1dfb4"}, 0xa1) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140), 0x200040, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r0, &(0x7f00000016c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001680)={&(0x7f0000000240)=ANY=[@ANYBLOB="30130000", @ANYRES16=r1, @ANYBLOB="00032dbd7000fbdbdf257a00000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990000008000690000000400f9000600fb00ffff00003200fc007dc73f73b8a700b993a85b3cba6a935567c324158e38be6aca73dcb7a61ed41cfbb02ec3000042cf9448489e49a500000600fb00ff0100009400fc00747881ff71711cf7d3dec7306896f7bdacde881d6529cdc94ff77feed8ebe4ff013747596365497b7ba6b1b780669f971c37c20c458eb18c81cb4e26edd675c38b694e25db40621325567bf63435df7b9cfc58bffad057e17e83e5adeb49b989e7dfdd857b335c9f0b15b4704a92471220715b2b1c93cb7e7318aeac657e1da4d2a0409dfc526df19830cf7fa86a297e4b00fc00f52d26f07becfd7d18cfb3b022612c5cdfc50349c312f245b17bdb1123595cffad8e862e08587432faa9598dd65be7fff7e664d6363b0324478e1179b7777d521611b99e245148000c002a00bd060802110000004c012a002d1a600001470000000000000004000000190000000003ff030000800406060708000004824140c00b07000000ffffffffffff09000000ffffffffffff00000100ffffffff030408021100000100080000040802110000001ff3000004080211000000090000003e010337d6070705d4a7bf43d7f2f18a48683d81d35033b06df7690d7e57e01064e81447a2b47bf2a071d645fb7d099750a96b00c9e6ec1f111dc46d385c8c56b5abd4dd84319cdc7baa95b9aebef336f6503ef04a94060220765ee90e153cdc67a4a609ea94ebf3d3fb6293f331385651915bc59fe935235104045f696689010da05ede0af9d2a9dd08902535e10110c2d07fd97e6414eb72229511004286e30301b4012877c432877bc68677ce8e1ea067e681577140059ba845ca825054aad1bf401993fb3933096d8191ea020c331f1740a1cb71d1521bd7f13c040007ab7f0410fa005dd4c2144cbc47730a975da8acefaf6ae81157cf3f494a7fe6b3b4586264b339f550ada43f123b944e1df548255521ca42ea3c5e6deee082b3b3138d70a3ad3a8d24f475964fbc367ac88993411398a888c1e129bb75d6853ee9058adafa20437fdccf0f830b9e833d6a87552d51a1297483044ea6b8412adfaed233918ba995a2af73e47a8bc983a9952cb44830957f8523285b4e98fc0d5b331313baccf5c7baa2080ed57f1e6ae03cbc718f11fbd785dee02262e284e43a91b831c913f952799bba2dfbd64db0218e0469c73d438ac3c0fc7b82a55b397691b6ed28f3fe60f54d271ba4116a1378b7674684369761df411b5f04248cd0102cdac80945241d489e3183f148d070d1e411d0541488f20dd65448b60021d64a97fd95121ca9795cc332557524bff95ceb875c17a53ba52b7f9816e2c0e68cc85a6b20f8924d8ad8c0411c6fd2d7f5c955678f7f1114847f89a1fd0ce7f9283743af75f9e7e9b8baa5854f6217012d3ae9bde20e0b97fcbe297289bd41ffd4798da978a0c15888418b63e1b571f377eb560dbc42a6c885fc46557dcf0f76bd56a5f7bfa77a68ebd1177feefb38cd205f46fcc382a245a9a5840171745ed8fed6e324a31e554f9c3663e8daf50cc08d755fc79aa6534ebc2608d6c1c6d0990f81a16783cedc29b5ac58d1fdbd0889a353c180dd4c0e9370c22c0fd2cf5eb2c1553f7e8f9d026838d9a373a2dbcbab049e9f4b7a30f0c77b8e89a3cc2c371353c0268fe290952d1cee47095db537910ce1548002d99041d38ee0e666758d6561c5cdbcda77ee97c0fd9c278551c08257d94ed3aae4d9cfc59c506917298920681759ed4931622d7158429deeba535a03c095ec5b64a951d1c91175c598ac96e7e1ee411f47c2458c4d6cceb19bf8d64df26fd6cecdc18c9a737de9d1cf96f3a72bffe37e5ff0e056a9f1bbebcd8b45f185df3938d34023f1acb3413a63d2bd0c0965d1d6bea3e6c5867593847d13e215695d3951f5bf7ec3203bb28e923736a03c479358254fe8f06b99ed504c905342a5ad55b0b3635baed8d5b42095ba16e5d667d53ba942d64d12ca3ae551eec893fe11b10ea198daee17b9c6d68560b0e59556d0148e2a42401649b69fa27ae734e1c58f561fd31ff1dceac28b031070089d9742a8f5d7f13621b5fc8a77dfa1de182c1340110e4f770119fb2baade919384b316ddf008f71863cdd35b5ffafaf24c2829425dba553b48ac8a53eedb2aa59bbd2afe780e22ad94fc67eaea57a6f2d3694a59c58267710be583b17282859fa85d90e2611a4c655bb59959a3a78cbdfd928e628f737560df4befc7d3c6b37c3434553220bcf8dd973102a35165fff7f5c648dfe255a0a5eff9fe50c67ce75ba312d5d9134d48c04f831c68ff85ae22f64a04d6feedd4e536c117bc60c34da9e89d6dfc2a1c4e2cc657c4b05962da752bd32b58deefeb7bd2133baf4329ec9f7722b5cf63f1341151ff93bbe246ed25445cf17768dce66949ed0a7d6f3b8a69d549485e324988cc49aee780948cb3c4ca1e748eb78947b3633187cce92aa0f61d96bcb1437a47281b74bcd7f755e22f32cf2e47cdb78486a107990092724dba19db0ab9d78bd64482520a408b80e80bfa1bbf048fb9e1b08e7a62dc784fb86bc08f44c2475d43650d326bd571f4d95eed7c0874a830dfe9b5c4cdc3e2c40fa316ebdcc0c5bde4cea37d39a91b2dca73122190badb718dc2ee0cf69a50e74de1e637e68fa127e1ed11bdaa9a499dcad9ca79e1a39ba0e7bb3d3854ecfff32dd921d9c863c6df437ed7f2ade447a5b4d38921d6413d4d0dfbdf07912782166ee3dbfdaae9fbc4b472f16598b9c2253e56fcb074aa8fe2b5544c048e25f219e62a6dd7b416c650cc5203363d570dc27e2f172bf9fbc18ef861a2fecf7c3aaa728a2ba0591ed08dd75a7d9d16d9bab2bd9f08cfa45d491e685fe2e14a4137a73a778602e4bc7110f79acf57a63b7a7aa72f7fa8312a8df77cb32e45de0d51fc8985a23cc4b5db80ef03668a05dabc192dd197d4d055d197d4447e095e15b303875d120459f87c9f4843b7891f2cbedcb75bcc3f2d3a7a1bf82c7b2ed0288545d265313d2008c8fe1e22bf56f6e0f2f6da204a3090ab120998edd3946f1d1cce3c73375b4842bde8054371d791f8938bb02a6cb03b57d63c4023c9c6b980aafb22e908de54f6fd352aa42ce2abe28d820e64a923dc8c3f9c69a36befb55e36a981e269d18a88f8d7a204d8696c8eaba13bdc7471adb3049b3603131af29d1a5a6c66cd8528241710babeb866ae28df15209e5e56f8370dbc08a96db84c5a02a75134c2bd9e084e7e2fba5e769d2d8825cc7fd3777a4c9858794187d9d5167704e37d79c807647415c3c66115c6729a05c153a317cb7b3e23335235ee56ee045d104b67538514cf19bfefb93ae0556b9632ba2c404b27af0025ea4a5089b29f0b97d037d6f905c5505f7b7e856e5ca86d51cd81f141afc1aaaead9d22336f30ab619bb08ef3d809556fa5203e6ae012f62d29ef40cff0739dd1ba073e9b74bda32fc61549700114bb0ae3a0036fd5ad746f340b98982f688bf819b0237cfbcada64f49c90b27eb321897b61168afffb00834c5b4a742528e093e03d2d556b81d97b5db53cd47493481a0df5c0fe3a43cf2df688a3c66571250b9ac64a8d313f4ef8fb9b0840f4fbc12ffa0f05720e7f41fd4de436672eea04d27cbeec9c90476e4f3957888e409c65aa7c77c530e2d9f534fba873c4c8f26c7765c43192011c0c8fecf3fc359c08167db0f04bc710a0c1fc181a0cb1cf323778a2d1047c18fca50db9bd11fcbc37a79bf442f18c042c473b1779690186fd42038dc05c93bf5832f2f40a45a61d30b1ad1537a3fcef895d7cf96f80e4c46fde9aedaf7f531de39a533f2e48384c90bbe18844276b595175fefb064383ea1c0de88511712bf51b80d9a0712ba1602e86adb76fa7046ef1a5faae252d3cc4884c0e5c10d033a6cd3873bba7a48c320e2e2304b7ce25e9f63103e80df194abb1d36be3d3af40a93566b936d4dc9ac39b9cc9387d712d1bb44db3a21e78957f9065659aeac564a8b80023661f6fbf60058d08abe62a7a4732834ac4aa053b93dcd369be9769634b3c465c0281d097dcd9ad2b2fcc735972163daaee43ec34435911bfeb693da5cab8f1f5bed6b914004d62f1d7186f31043dc925e131375d9415b1e823ce1707030910c4b5df80cd759cc00865a386cf2dc51a85960bd5c1e5406404e2038e91004c99a9e44cf594b4de2fcd53288fd5bfb31654807f796fe84db6a62bd9ced90a65e84635d1ff48483b7c88670a80cdd4636c4e5a91b3db630add344ad9a31635195340ab3d1805451af8f22f9b7ab1469cfb6262fb7794ffd0e0e92a425343e38c26f718317ef2a966bbb70ce64384ee1da49bc4ce6d0c024e93b67a5bf96cf7f518414f32d1f648a11ae1c6b174c460a93c4d7fb19395e840996d45d83c96fc20aee0ff017f7acfdbf6e05e7f95a4a71a6a3ce4a547350901e548f1795aa598c00e3845f784e03004880ccef1dc4c250bb53fdaf53ee7ff0420deb0c3b4ff79728d027c6ac078fafac02d5fe9fef9e1f93e0b6c28a349c0e21326cd963688eb3a550779934172c9fbbe15f52ecb9f32c149b2c3f0fdc4c7eb56d19f57a4a7d264c1d011917b36a78fe8abe81c66d20552a0ffbf9fd386468b3f0a49c49d402606556058a038d00c14b8f26bedd6929f92964daf2c22dd7523b4e5a1afef9895e0f03a90ab33c325bbb1682d52adac94588b21fe5bb4690fb64f40c87d1239a06ff7450cf070cd3a89fc4b262160685e9cf0c6667d6e957f95b076f197e51b92981cf7f4243ec6a316639e2514fe258d2d2496eef0952a2ba247dab40ec03fd90dd4a010c13f0bd0a5cb1dc562a77559e573b156bd8c0471956a23f693558405262f1c5e49b59eed8c0ccbc4da3efc31fcbd51ad81a65354cd637ec5c94c4a362755408c3dbf7f236d0d43f341f0a89e29e4434b65c784ccdbbba97f32d3955724b707887d05fe1229dd2de90e89a9e59b8aa30149ee104b58780c79ff246adc161655df406c48220694a4aed093cb05418cec6c2e611d1070199bf5fa7fd6df393c7a99a5c1d6bba4f1070e3184ae4bac3471b90a1b1b10db61dc42fb2bb8117d9ec1f3fda4fda48b3fb64b494be69c0cbd52d6bfccd3d817bd4725c9379582b2dd9b047e83b3b07787df126c482bb88dfb7ff26bb83d9683ff8ee17857e132b3253dc86ce33e91e65954c1f793af5d7ea8996f7ecd425a645b4579becf9e6a7127c3e428b4d5a58b7630d56a58b62d4173afcef2de9dde87fa52a400713a1ddfdcbc522cfb752f4badc2fe5b6df465a0633ae5d472c98108b5febd4de68868ad612a3acf46f78954e7899a5b7ef9a00d6492fdc664050232088df19e0e021b739e060dc2c1e90a0c86d8f578f905631a21837e828a2d2a362d623ae4587f055a48057faea02b18ce850ec9c199b29828ebff6b976988c21175905fb3d956130c7c46023440c2abf9864af9a9ce310bb27d5e60c683ea88e395897be98972edf26d15f30e8fd8e8910a2935fb5bd72818ff8dc7265bf8d7645d288e0104dd0ba8c78b2b262fdef948ec2de08f25ec3a3ed523997cd5f2f4e02722d2d331331e55c3b58ae04c08cb56b08166d9272d3b5a388d4152bd346a560268c8ba86ea4f4a3867d30cb882b442252066a226fe684176cbade8562618772562d0be9a4701394174fb25df436e4c257b6164c23f6edc5eb8e8c6d4b88df378dd1df0df831fd029c2dcb26452920efecc68309a40fed8c44b88b31616b66e8a4ba242c22f2cb95aaec03e02ad9a387921a32a8cf7a8e99e936b46336c07d47804409d56f1d75030747d71957bb19f3f5f9fe85cbef29daf7e8ff1458c1b2305ff4a1e13aa4721075c9fcd0fa6f11d8843590eb48fb379deda43552ca049012c0023b4d23a106492983288fd179dc86b6c5a13af4f8a3f19819546413fb95b252f280c47366ad9ffc8213e7a7a7d3497726c1dbacd40dca89a7556b3241f889ed54b9e6fa9df19f63c0cc4066eacf13514d410e53e774aca2bd38c494f05b3d00698be84d9b28d7f3e379126e80d72cbe65a646df7c6aad2b1f2c8683aa7ca919f3a30032db096a043e09d9c794303244d4875a60dc5927ff7b4bb4f43d98c61a2cdd96ab720db95177784284561643089a60f3627d090f44083330783b65037376e8ab3f5a40914d862b23dbdc1ee5d1260bf96f6fe3be32d3be17698aeb92d30fdaeeb783190a4bd4050da4f98a1fcfb78432477c469a585df29fa3add1f7fc228b28eb9e9fb7f5d89e480456fce10f6c1bd676b63fc64fe309c10bf291259cb1f336ac25c06861cb6d609ed393fa51fd8f73e52e8e738608fa528035e13bd125bf590a7bfadf29ba9052f9cb62ab2d3d1a67697c1dea6bd6368bdded20a1ac415d8eef1e63fd5f551026a4397f2e1b195bdaabe1787b118bb0d831bc934949dba8b978c4c8a5f5c923ed03391584cf878615e3f87e923e1959ed106cf466cec08ce60f657fdfa53036d3d0385feacc745f4d8d2f996a64300ceab41bd87c60147405738611204ef66637676cfdbcc989b30c922d203c2fc9f366acab13acc7b033f43b6c627febfdfa03308a7ad86966097eeea51f6db2d70566791bd23ed9e3d3a7251311f1865c3e1d79572574023edb4a936a3878feaa4bc518719e7d3519417ae3fbb9371e16fc617c25f6871f8b41400f900c566e84afbc50d39b732616366ef19763e00fa009fa97fc9afc96e40a0fb111a7102000000d9eb93ef0f768d44836152a8745720a86dff0996a84287847fb71c764144807b6344dcfa01fb30dcfc00001800fa000d7302f64c1c18855a90cedae2e2191a6e02ff3e0f00f90097637ade8813ca7018ecdf000600fb0080000000"], 0x1330}, 0x1, 0x0, 0x0, 0x10}, 0x4000) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x55}, {0x6, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}, {@none, 0x1, 0x53, 0x2, "95ebd0", 0xffff}, {@none, 0x1, 0x1, 0x5, "cbf6fc", 0x876f}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xf2, 0x0, 0x0, "3d9124", 0x8001}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x0, 0x80, 0x2, "825046", 0x8d}, {@none, 0x7, 0x1, 0x1, "dfa883", 0x79}]}}}, 0x58) 00:11:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0x0, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 0: socket$isdn(0x22, 0x2, 0x2) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000180)) add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000), 0x18100, 0x0) sendto$isdn(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="800100002400000012ef696d1db94d8aa4f7e83cbb4daabeb7a7c1029194e0d035ee6e49d3823abf7c6ff3fed9a43848b74376aa9bef45b72eae552c9c02890b159da43c2c3422cd02d6d0cae47aab4306e8ef4b19e40d0436ec49957d502c80342c0fb186dabb7fd7165af8713f21824c165fa74149c04df8192c23b47817de758c0720b83a65fb6babc0bfe9a0399ed80829d82dd712e974de594a60b5e30dcf82ddfd80d7fd67442cf7291ea5b828a32cdf7adbfe765e9d07ff8ce24c264ef200"/205], 0xcd, 0x4000, &(0x7f0000000140)={0x22, 0x2, 0x8, 0x8c, 0x3}, 0x6) 00:11:32 executing program 3: r0 = add_key(0x0, &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) 00:11:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) [ 692.680865][ T5502] Bluetooth: hci1: SCO packet for unknown connection handle 2523 [ 692.693919][T25898] trusted_key: encrypted_key: insufficient parameters specified 00:11:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x0, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x7f6be808264b9db, 0x9d}, "3fb25f2e9fbb36c047c683d05eb6f50ba1e8e07219c22ddb5897b8503092956281291b3b67792571733d4d7a7cd9351b165c228d04167a87bb987db565f30e61485f6d157c4c14b617bf076efd4bb944c58a04c5c47f15f8951306d7072130b0e34faecb1bb2c8053acb2a8adcea7f41e76407713f105e713f927f510d1e90ef2215c80b3ba676a11ff3964b99abe2f9c605c01e748d820788e4b1dfb4"}, 0xa1) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140), 0x200040, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r0, &(0x7f00000016c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001680)={&(0x7f0000000240)=ANY=[@ANYBLOB="30130000", @ANYRES16=r1, @ANYBLOB="00032dbd7000fbdbdf257a00000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990000008000690000000400f9000600fb00ffff00003200fc007dc73f73b8a700b993a85b3cba6a935567c324158e38be6aca73dcb7a61ed41cfbb02ec3000042cf9448489e49a500000600fb00ff0100009400fc00747881ff71711cf7d3dec7306896f7bdacde881d6529cdc94ff77feed8ebe4ff013747596365497b7ba6b1b780669f971c37c20c458eb18c81cb4e26edd675c38b694e25db40621325567bf63435df7b9cfc58bffad057e17e83e5adeb49b989e7dfdd857b335c9f0b15b4704a92471220715b2b1c93cb7e7318aeac657e1da4d2a0409dfc526df19830cf7fa86a297e4b00fc00f52d26f07becfd7d18cfb3b022612c5cdfc50349c312f245b17bdb1123595cffad8e862e08587432faa9598dd65be7fff7e664d6363b0324478e1179b7777d521611b99e245148000c002a00bd060802110000004c012a002d1a600001470000000000000004000000190000000003ff030000800406060708000004824140c00b07000000ffffffffffff09000000ffffffffffff00000100ffffffff030408021100000100080000040802110000001ff3000004080211000000090000003e010337d6070705d4a7bf43d7f2f18a48683d81d35033b06df7690d7e57e01064e81447a2b47bf2a071d645fb7d099750a96b00c9e6ec1f111dc46d385c8c56b5abd4dd84319cdc7baa95b9aebef336f6503ef04a94060220765ee90e153cdc67a4a609ea94ebf3d3fb6293f331385651915bc59fe935235104045f696689010da05ede0af9d2a9dd08902535e10110c2d07fd97e6414eb72229511004286e30301b4012877c432877bc68677ce8e1ea067e681577140059ba845ca825054aad1bf401993fb3933096d8191ea020c331f1740a1cb71d1521bd7f13c040007ab7f0410fa005dd4c2144cbc47730a975da8acefaf6ae81157cf3f494a7fe6b3b4586264b339f550ada43f123b944e1df548255521ca42ea3c5e6deee082b3b3138d70a3ad3a8d24f475964fbc367ac88993411398a888c1e129bb75d6853ee9058adafa20437fdccf0f830b9e833d6a87552d51a1297483044ea6b8412adfaed233918ba995a2af73e47a8bc983a9952cb44830957f8523285b4e98fc0d5b331313baccf5c7baa2080ed57f1e6ae03cbc718f11fbd785dee02262e284e43a91b831c913f952799bba2dfbd64db0218e0469c73d438ac3c0fc7b82a55b397691b6ed28f3fe60f54d271ba4116a1378b7674684369761df411b5f04248cd0102cdac80945241d489e3183f148d070d1e411d0541488f20dd65448b60021d64a97fd95121ca9795cc332557524bff95ceb875c17a53ba52b7f9816e2c0e68cc85a6b20f8924d8ad8c0411c6fd2d7f5c955678f7f1114847f89a1fd0ce7f9283743af75f9e7e9b8baa5854f6217012d3ae9bde20e0b97fcbe297289bd41ffd4798da978a0c15888418b63e1b571f377eb560dbc42a6c885fc46557dcf0f76bd56a5f7bfa77a68ebd1177feefb38cd205f46fcc382a245a9a5840171745ed8fed6e324a31e554f9c3663e8daf50cc08d755fc79aa6534ebc2608d6c1c6d0990f81a16783cedc29b5ac58d1fdbd0889a353c180dd4c0e9370c22c0fd2cf5eb2c1553f7e8f9d026838d9a373a2dbcbab049e9f4b7a30f0c77b8e89a3cc2c371353c0268fe290952d1cee47095db537910ce1548002d99041d38ee0e666758d6561c5cdbcda77ee97c0fd9c278551c08257d94ed3aae4d9cfc59c506917298920681759ed4931622d7158429deeba535a03c095ec5b64a951d1c91175c598ac96e7e1ee411f47c2458c4d6cceb19bf8d64df26fd6cecdc18c9a737de9d1cf96f3a72bffe37e5ff0e056a9f1bbebcd8b45f185df3938d34023f1acb3413a63d2bd0c0965d1d6bea3e6c5867593847d13e215695d3951f5bf7ec3203bb28e923736a03c479358254fe8f06b99ed504c905342a5ad55b0b3635baed8d5b42095ba16e5d667d53ba942d64d12ca3ae551eec893fe11b10ea198daee17b9c6d68560b0e59556d0148e2a42401649b69fa27ae734e1c58f561fd31ff1dceac28b031070089d9742a8f5d7f13621b5fc8a77dfa1de182c1340110e4f770119fb2baade919384b316ddf008f71863cdd35b5ffafaf24c2829425dba553b48ac8a53eedb2aa59bbd2afe780e22ad94fc67eaea57a6f2d3694a59c58267710be583b17282859fa85d90e2611a4c655bb59959a3a78cbdfd928e628f737560df4befc7d3c6b37c3434553220bcf8dd973102a35165fff7f5c648dfe255a0a5eff9fe50c67ce75ba312d5d9134d48c04f831c68ff85ae22f64a04d6feedd4e536c117bc60c34da9e89d6dfc2a1c4e2cc657c4b05962da752bd32b58deefeb7bd2133baf4329ec9f7722b5cf63f1341151ff93bbe246ed25445cf17768dce66949ed0a7d6f3b8a69d549485e324988cc49aee780948cb3c4ca1e748eb78947b3633187cce92aa0f61d96bcb1437a47281b74bcd7f755e22f32cf2e47cdb78486a107990092724dba19db0ab9d78bd64482520a408b80e80bfa1bbf048fb9e1b08e7a62dc784fb86bc08f44c2475d43650d326bd571f4d95eed7c0874a830dfe9b5c4cdc3e2c40fa316ebdcc0c5bde4cea37d39a91b2dca73122190badb718dc2ee0cf69a50e74de1e637e68fa127e1ed11bdaa9a499dcad9ca79e1a39ba0e7bb3d3854ecfff32dd921d9c863c6df437ed7f2ade447a5b4d38921d6413d4d0dfbdf07912782166ee3dbfdaae9fbc4b472f16598b9c2253e56fcb074aa8fe2b5544c048e25f219e62a6dd7b416c650cc5203363d570dc27e2f172bf9fbc18ef861a2fecf7c3aaa728a2ba0591ed08dd75a7d9d16d9bab2bd9f08cfa45d491e685fe2e14a4137a73a778602e4bc7110f79acf57a63b7a7aa72f7fa8312a8df77cb32e45de0d51fc8985a23cc4b5db80ef03668a05dabc192dd197d4d055d197d4447e095e15b303875d120459f87c9f4843b7891f2cbedcb75bcc3f2d3a7a1bf82c7b2ed0288545d265313d2008c8fe1e22bf56f6e0f2f6da204a3090ab120998edd3946f1d1cce3c73375b4842bde8054371d791f8938bb02a6cb03b57d63c4023c9c6b980aafb22e908de54f6fd352aa42ce2abe28d820e64a923dc8c3f9c69a36befb55e36a981e269d18a88f8d7a204d8696c8eaba13bdc7471adb3049b3603131af29d1a5a6c66cd8528241710babeb866ae28df15209e5e56f8370dbc08a96db84c5a02a75134c2bd9e084e7e2fba5e769d2d8825cc7fd3777a4c9858794187d9d5167704e37d79c807647415c3c66115c6729a05c153a317cb7b3e23335235ee56ee045d104b67538514cf19bfefb93ae0556b9632ba2c404b27af0025ea4a5089b29f0b97d037d6f905c5505f7b7e856e5ca86d51cd81f141afc1aaaead9d22336f30ab619bb08ef3d809556fa5203e6ae012f62d29ef40cff0739dd1ba073e9b74bda32fc61549700114bb0ae3a0036fd5ad746f340b98982f688bf819b0237cfbcada64f49c90b27eb321897b61168afffb00834c5b4a742528e093e03d2d556b81d97b5db53cd47493481a0df5c0fe3a43cf2df688a3c66571250b9ac64a8d313f4ef8fb9b0840f4fbc12ffa0f05720e7f41fd4de436672eea04d27cbeec9c90476e4f3957888e409c65aa7c77c530e2d9f534fba873c4c8f26c7765c43192011c0c8fecf3fc359c08167db0f04bc710a0c1fc181a0cb1cf323778a2d1047c18fca50db9bd11fcbc37a79bf442f18c042c473b1779690186fd42038dc05c93bf5832f2f40a45a61d30b1ad1537a3fcef895d7cf96f80e4c46fde9aedaf7f531de39a533f2e48384c90bbe18844276b595175fefb064383ea1c0de88511712bf51b80d9a0712ba1602e86adb76fa7046ef1a5faae252d3cc4884c0e5c10d033a6cd3873bba7a48c320e2e2304b7ce25e9f63103e80df194abb1d36be3d3af40a93566b936d4dc9ac39b9cc9387d712d1bb44db3a21e78957f9065659aeac564a8b80023661f6fbf60058d08abe62a7a4732834ac4aa053b93dcd369be9769634b3c465c0281d097dcd9ad2b2fcc735972163daaee43ec34435911bfeb693da5cab8f1f5bed6b914004d62f1d7186f31043dc925e131375d9415b1e823ce1707030910c4b5df80cd759cc00865a386cf2dc51a85960bd5c1e5406404e2038e91004c99a9e44cf594b4de2fcd53288fd5bfb31654807f796fe84db6a62bd9ced90a65e84635d1ff48483b7c88670a80cdd4636c4e5a91b3db630add344ad9a31635195340ab3d1805451af8f22f9b7ab1469cfb6262fb7794ffd0e0e92a425343e38c26f718317ef2a966bbb70ce64384ee1da49bc4ce6d0c024e93b67a5bf96cf7f518414f32d1f648a11ae1c6b174c460a93c4d7fb19395e840996d45d83c96fc20aee0ff017f7acfdbf6e05e7f95a4a71a6a3ce4a547350901e548f1795aa598c00e3845f784e03004880ccef1dc4c250bb53fdaf53ee7ff0420deb0c3b4ff79728d027c6ac078fafac02d5fe9fef9e1f93e0b6c28a349c0e21326cd963688eb3a550779934172c9fbbe15f52ecb9f32c149b2c3f0fdc4c7eb56d19f57a4a7d264c1d011917b36a78fe8abe81c66d20552a0ffbf9fd386468b3f0a49c49d402606556058a038d00c14b8f26bedd6929f92964daf2c22dd7523b4e5a1afef9895e0f03a90ab33c325bbb1682d52adac94588b21fe5bb4690fb64f40c87d1239a06ff7450cf070cd3a89fc4b262160685e9cf0c6667d6e957f95b076f197e51b92981cf7f4243ec6a316639e2514fe258d2d2496eef0952a2ba247dab40ec03fd90dd4a010c13f0bd0a5cb1dc562a77559e573b156bd8c0471956a23f693558405262f1c5e49b59eed8c0ccbc4da3efc31fcbd51ad81a65354cd637ec5c94c4a362755408c3dbf7f236d0d43f341f0a89e29e4434b65c784ccdbbba97f32d3955724b707887d05fe1229dd2de90e89a9e59b8aa30149ee104b58780c79ff246adc161655df406c48220694a4aed093cb05418cec6c2e611d1070199bf5fa7fd6df393c7a99a5c1d6bba4f1070e3184ae4bac3471b90a1b1b10db61dc42fb2bb8117d9ec1f3fda4fda48b3fb64b494be69c0cbd52d6bfccd3d817bd4725c9379582b2dd9b047e83b3b07787df126c482bb88dfb7ff26bb83d9683ff8ee17857e132b3253dc86ce33e91e65954c1f793af5d7ea8996f7ecd425a645b4579becf9e6a7127c3e428b4d5a58b7630d56a58b62d4173afcef2de9dde87fa52a400713a1ddfdcbc522cfb752f4badc2fe5b6df465a0633ae5d472c98108b5febd4de68868ad612a3acf46f78954e7899a5b7ef9a00d6492fdc664050232088df19e0e021b739e060dc2c1e90a0c86d8f578f905631a21837e828a2d2a362d623ae4587f055a48057faea02b18ce850ec9c199b29828ebff6b976988c21175905fb3d956130c7c46023440c2abf9864af9a9ce310bb27d5e60c683ea88e395897be98972edf26d15f30e8fd8e8910a2935fb5bd72818ff8dc7265bf8d7645d288e0104dd0ba8c78b2b262fdef948ec2de08f25ec3a3ed523997cd5f2f4e02722d2d331331e55c3b58ae04c08cb56b08166d9272d3b5a388d4152bd346a560268c8ba86ea4f4a3867d30cb882b442252066a226fe684176cbade8562618772562d0be9a4701394174fb25df436e4c257b6164c23f6edc5eb8e8c6d4b88df378dd1df0df831fd029c2dcb26452920efecc68309a40fed8c44b88b31616b66e8a4ba242c22f2cb95aaec03e02ad9a387921a32a8cf7a8e99e936b46336c07d47804409d56f1d75030747d71957bb19f3f5f9fe85cbef29daf7e8ff1458c1b2305ff4a1e13aa4721075c9fcd0fa6f11d8843590eb48fb379deda43552ca049012c0023b4d23a106492983288fd179dc86b6c5a13af4f8a3f19819546413fb95b252f280c47366ad9ffc8213e7a7a7d3497726c1dbacd40dca89a7556b3241f889ed54b9e6fa9df19f63c0cc4066eacf13514d410e53e774aca2bd38c494f05b3d00698be84d9b28d7f3e379126e80d72cbe65a646df7c6aad2b1f2c8683aa7ca919f3a30032db096a043e09d9c794303244d4875a60dc5927ff7b4bb4f43d98c61a2cdd96ab720db95177784284561643089a60f3627d090f44083330783b65037376e8ab3f5a40914d862b23dbdc1ee5d1260bf96f6fe3be32d3be17698aeb92d30fdaeeb783190a4bd4050da4f98a1fcfb78432477c469a585df29fa3add1f7fc228b28eb9e9fb7f5d89e480456fce10f6c1bd676b63fc64fe309c10bf291259cb1f336ac25c06861cb6d609ed393fa51fd8f73e52e8e738608fa528035e13bd125bf590a7bfadf29ba9052f9cb62ab2d3d1a67697c1dea6bd6368bdded20a1ac415d8eef1e63fd5f551026a4397f2e1b195bdaabe1787b118bb0d831bc934949dba8b978c4c8a5f5c923ed03391584cf878615e3f87e923e1959ed106cf466cec08ce60f657fdfa53036d3d0385feacc745f4d8d2f996a64300ceab41bd87c60147405738611204ef66637676cfdbcc989b30c922d203c2fc9f366acab13acc7b033f43b6c627febfdfa03308a7ad86966097eeea51f6db2d70566791bd23ed9e3d3a7251311f1865c3e1d79572574023edb4a936a3878feaa4bc518719e7d3519417ae3fbb9371e16fc617c25f6871f8b41400f900c566e84afbc50d39b732616366ef19763e00fa009fa97fc9afc96e40a0fb111a7102000000d9eb93ef0f768d44836152a8745720a86dff0996a84287847fb71c764144807b6344dcfa01fb30dcfc00001800fa000d7302f64c1c18855a90cedae2e2191a6e02ff3e0f00f90097637ade8813ca7018ecdf000600fb0080000000"], 0x1330}, 0x1, 0x0, 0x0, 0x10}, 0x4000) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x55}, {0x6, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}, {@none, 0x1, 0x53, 0x2, "95ebd0", 0xffff}, {@none, 0x1, 0x1, 0x5, "cbf6fc", 0x876f}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xf2, 0x0, 0x0, "3d9124", 0x8001}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x0, 0x80, 0x2, "825046", 0x8d}, {@none, 0x7, 0x1, 0x1, "dfa883", 0x79}]}}}, 0x58) 00:11:32 executing program 0: socket$isdn(0x22, 0x2, 0x2) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000180)) add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000), 0x18100, 0x0) 00:11:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 3: r0 = add_key(0x0, &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) 00:11:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) [ 692.763096][ T5502] Bluetooth: hci1: SCO packet for unknown connection handle 2523 [ 692.794034][T25910] trusted_key: encrypted_key: insufficient parameters specified 00:11:32 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x7f6be808264b9db, 0x9d}, "3fb25f2e9fbb36c047c683d05eb6f50ba1e8e07219c22ddb5897b8503092956281291b3b67792571733d4d7a7cd9351b165c228d04167a87bb987db565f30e61485f6d157c4c14b617bf076efd4bb944c58a04c5c47f15f8951306d7072130b0e34faecb1bb2c8053acb2a8adcea7f41e76407713f105e713f927f510d1e90ef2215c80b3ba676a11ff3964b99abe2f9c605c01e748d820788e4b1dfb4"}, 0xa1) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140), 0x200040, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r0, &(0x7f00000016c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001680)={&(0x7f0000000240)=ANY=[@ANYBLOB="30130000", @ANYRES16=r1, @ANYBLOB="00032dbd7000fbdbdf257a00000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990000008000690000000400f9000600fb00ffff00003200fc007dc73f73b8a700b993a85b3cba6a935567c324158e38be6aca73dcb7a61ed41cfbb02ec3000042cf9448489e49a500000600fb00ff0100009400fc00747881ff71711cf7d3dec7306896f7bdacde881d6529cdc94ff77feed8ebe4ff013747596365497b7ba6b1b780669f971c37c20c458eb18c81cb4e26edd675c38b694e25db40621325567bf63435df7b9cfc58bffad057e17e83e5adeb49b989e7dfdd857b335c9f0b15b4704a92471220715b2b1c93cb7e7318aeac657e1da4d2a0409dfc526df19830cf7fa86a297e4b00fc00f52d26f07becfd7d18cfb3b022612c5cdfc50349c312f245b17bdb1123595cffad8e862e08587432faa9598dd65be7fff7e664d6363b0324478e1179b7777d521611b99e245148000c002a00bd060802110000004c012a002d1a600001470000000000000004000000190000000003ff030000800406060708000004824140c00b07000000ffffffffffff09000000ffffffffffff00000100ffffffff030408021100000100080000040802110000001ff3000004080211000000090000003e010337d6070705d4a7bf43d7f2f18a48683d81d35033b06df7690d7e57e01064e81447a2b47bf2a071d645fb7d099750a96b00c9e6ec1f111dc46d385c8c56b5abd4dd84319cdc7baa95b9aebef336f6503ef04a94060220765ee90e153cdc67a4a609ea94ebf3d3fb6293f331385651915bc59fe935235104045f696689010da05ede0af9d2a9dd08902535e10110c2d07fd97e6414eb72229511004286e30301b4012877c432877bc68677ce8e1ea067e681577140059ba845ca825054aad1bf401993fb3933096d8191ea020c331f1740a1cb71d1521bd7f13c040007ab7f0410fa005dd4c2144cbc47730a975da8acefaf6ae81157cf3f494a7fe6b3b4586264b339f550ada43f123b944e1df548255521ca42ea3c5e6deee082b3b3138d70a3ad3a8d24f475964fbc367ac88993411398a888c1e129bb75d6853ee9058adafa20437fdccf0f830b9e833d6a87552d51a1297483044ea6b8412adfaed233918ba995a2af73e47a8bc983a9952cb44830957f8523285b4e98fc0d5b331313baccf5c7baa2080ed57f1e6ae03cbc718f11fbd785dee02262e284e43a91b831c913f952799bba2dfbd64db0218e0469c73d438ac3c0fc7b82a55b397691b6ed28f3fe60f54d271ba4116a1378b7674684369761df411b5f04248cd0102cdac80945241d489e3183f148d070d1e411d0541488f20dd65448b60021d64a97fd95121ca9795cc332557524bff95ceb875c17a53ba52b7f9816e2c0e68cc85a6b20f8924d8ad8c0411c6fd2d7f5c955678f7f1114847f89a1fd0ce7f9283743af75f9e7e9b8baa5854f6217012d3ae9bde20e0b97fcbe297289bd41ffd4798da978a0c15888418b63e1b571f377eb560dbc42a6c885fc46557dcf0f76bd56a5f7bfa77a68ebd1177feefb38cd205f46fcc382a245a9a5840171745ed8fed6e324a31e554f9c3663e8daf50cc08d755fc79aa6534ebc2608d6c1c6d0990f81a16783cedc29b5ac58d1fdbd0889a353c180dd4c0e9370c22c0fd2cf5eb2c1553f7e8f9d026838d9a373a2dbcbab049e9f4b7a30f0c77b8e89a3cc2c371353c0268fe290952d1cee47095db537910ce1548002d99041d38ee0e666758d6561c5cdbcda77ee97c0fd9c278551c08257d94ed3aae4d9cfc59c506917298920681759ed4931622d7158429deeba535a03c095ec5b64a951d1c91175c598ac96e7e1ee411f47c2458c4d6cceb19bf8d64df26fd6cecdc18c9a737de9d1cf96f3a72bffe37e5ff0e056a9f1bbebcd8b45f185df3938d34023f1acb3413a63d2bd0c0965d1d6bea3e6c5867593847d13e215695d3951f5bf7ec3203bb28e923736a03c479358254fe8f06b99ed504c905342a5ad55b0b3635baed8d5b42095ba16e5d667d53ba942d64d12ca3ae551eec893fe11b10ea198daee17b9c6d68560b0e59556d0148e2a42401649b69fa27ae734e1c58f561fd31ff1dceac28b031070089d9742a8f5d7f13621b5fc8a77dfa1de182c1340110e4f770119fb2baade919384b316ddf008f71863cdd35b5ffafaf24c2829425dba553b48ac8a53eedb2aa59bbd2afe780e22ad94fc67eaea57a6f2d3694a59c58267710be583b17282859fa85d90e2611a4c655bb59959a3a78cbdfd928e628f737560df4befc7d3c6b37c3434553220bcf8dd973102a35165fff7f5c648dfe255a0a5eff9fe50c67ce75ba312d5d9134d48c04f831c68ff85ae22f64a04d6feedd4e536c117bc60c34da9e89d6dfc2a1c4e2cc657c4b05962da752bd32b58deefeb7bd2133baf4329ec9f7722b5cf63f1341151ff93bbe246ed25445cf17768dce66949ed0a7d6f3b8a69d549485e324988cc49aee780948cb3c4ca1e748eb78947b3633187cce92aa0f61d96bcb1437a47281b74bcd7f755e22f32cf2e47cdb78486a107990092724dba19db0ab9d78bd64482520a408b80e80bfa1bbf048fb9e1b08e7a62dc784fb86bc08f44c2475d43650d326bd571f4d95eed7c0874a830dfe9b5c4cdc3e2c40fa316ebdcc0c5bde4cea37d39a91b2dca73122190badb718dc2ee0cf69a50e74de1e637e68fa127e1ed11bdaa9a499dcad9ca79e1a39ba0e7bb3d3854ecfff32dd921d9c863c6df437ed7f2ade447a5b4d38921d6413d4d0dfbdf07912782166ee3dbfdaae9fbc4b472f16598b9c2253e56fcb074aa8fe2b5544c048e25f219e62a6dd7b416c650cc5203363d570dc27e2f172bf9fbc18ef861a2fecf7c3aaa728a2ba0591ed08dd75a7d9d16d9bab2bd9f08cfa45d491e685fe2e14a4137a73a778602e4bc7110f79acf57a63b7a7aa72f7fa8312a8df77cb32e45de0d51fc8985a23cc4b5db80ef03668a05dabc192dd197d4d055d197d4447e095e15b303875d120459f87c9f4843b7891f2cbedcb75bcc3f2d3a7a1bf82c7b2ed0288545d265313d2008c8fe1e22bf56f6e0f2f6da204a3090ab120998edd3946f1d1cce3c73375b4842bde8054371d791f8938bb02a6cb03b57d63c4023c9c6b980aafb22e908de54f6fd352aa42ce2abe28d820e64a923dc8c3f9c69a36befb55e36a981e269d18a88f8d7a204d8696c8eaba13bdc7471adb3049b3603131af29d1a5a6c66cd8528241710babeb866ae28df15209e5e56f8370dbc08a96db84c5a02a75134c2bd9e084e7e2fba5e769d2d8825cc7fd3777a4c9858794187d9d5167704e37d79c807647415c3c66115c6729a05c153a317cb7b3e23335235ee56ee045d104b67538514cf19bfefb93ae0556b9632ba2c404b27af0025ea4a5089b29f0b97d037d6f905c5505f7b7e856e5ca86d51cd81f141afc1aaaead9d22336f30ab619bb08ef3d809556fa5203e6ae012f62d29ef40cff0739dd1ba073e9b74bda32fc61549700114bb0ae3a0036fd5ad746f340b98982f688bf819b0237cfbcada64f49c90b27eb321897b61168afffb00834c5b4a742528e093e03d2d556b81d97b5db53cd47493481a0df5c0fe3a43cf2df688a3c66571250b9ac64a8d313f4ef8fb9b0840f4fbc12ffa0f05720e7f41fd4de436672eea04d27cbeec9c90476e4f3957888e409c65aa7c77c530e2d9f534fba873c4c8f26c7765c43192011c0c8fecf3fc359c08167db0f04bc710a0c1fc181a0cb1cf323778a2d1047c18fca50db9bd11fcbc37a79bf442f18c042c473b1779690186fd42038dc05c93bf5832f2f40a45a61d30b1ad1537a3fcef895d7cf96f80e4c46fde9aedaf7f531de39a533f2e48384c90bbe18844276b595175fefb064383ea1c0de88511712bf51b80d9a0712ba1602e86adb76fa7046ef1a5faae252d3cc4884c0e5c10d033a6cd3873bba7a48c320e2e2304b7ce25e9f63103e80df194abb1d36be3d3af40a93566b936d4dc9ac39b9cc9387d712d1bb44db3a21e78957f9065659aeac564a8b80023661f6fbf60058d08abe62a7a4732834ac4aa053b93dcd369be9769634b3c465c0281d097dcd9ad2b2fcc735972163daaee43ec34435911bfeb693da5cab8f1f5bed6b914004d62f1d7186f31043dc925e131375d9415b1e823ce1707030910c4b5df80cd759cc00865a386cf2dc51a85960bd5c1e5406404e2038e91004c99a9e44cf594b4de2fcd53288fd5bfb31654807f796fe84db6a62bd9ced90a65e84635d1ff48483b7c88670a80cdd4636c4e5a91b3db630add344ad9a31635195340ab3d1805451af8f22f9b7ab1469cfb6262fb7794ffd0e0e92a425343e38c26f718317ef2a966bbb70ce64384ee1da49bc4ce6d0c024e93b67a5bf96cf7f518414f32d1f648a11ae1c6b174c460a93c4d7fb19395e840996d45d83c96fc20aee0ff017f7acfdbf6e05e7f95a4a71a6a3ce4a547350901e548f1795aa598c00e3845f784e03004880ccef1dc4c250bb53fdaf53ee7ff0420deb0c3b4ff79728d027c6ac078fafac02d5fe9fef9e1f93e0b6c28a349c0e21326cd963688eb3a550779934172c9fbbe15f52ecb9f32c149b2c3f0fdc4c7eb56d19f57a4a7d264c1d011917b36a78fe8abe81c66d20552a0ffbf9fd386468b3f0a49c49d402606556058a038d00c14b8f26bedd6929f92964daf2c22dd7523b4e5a1afef9895e0f03a90ab33c325bbb1682d52adac94588b21fe5bb4690fb64f40c87d1239a06ff7450cf070cd3a89fc4b262160685e9cf0c6667d6e957f95b076f197e51b92981cf7f4243ec6a316639e2514fe258d2d2496eef0952a2ba247dab40ec03fd90dd4a010c13f0bd0a5cb1dc562a77559e573b156bd8c0471956a23f693558405262f1c5e49b59eed8c0ccbc4da3efc31fcbd51ad81a65354cd637ec5c94c4a362755408c3dbf7f236d0d43f341f0a89e29e4434b65c784ccdbbba97f32d3955724b707887d05fe1229dd2de90e89a9e59b8aa30149ee104b58780c79ff246adc161655df406c48220694a4aed093cb05418cec6c2e611d1070199bf5fa7fd6df393c7a99a5c1d6bba4f1070e3184ae4bac3471b90a1b1b10db61dc42fb2bb8117d9ec1f3fda4fda48b3fb64b494be69c0cbd52d6bfccd3d817bd4725c9379582b2dd9b047e83b3b07787df126c482bb88dfb7ff26bb83d9683ff8ee17857e132b3253dc86ce33e91e65954c1f793af5d7ea8996f7ecd425a645b4579becf9e6a7127c3e428b4d5a58b7630d56a58b62d4173afcef2de9dde87fa52a400713a1ddfdcbc522cfb752f4badc2fe5b6df465a0633ae5d472c98108b5febd4de68868ad612a3acf46f78954e7899a5b7ef9a00d6492fdc664050232088df19e0e021b739e060dc2c1e90a0c86d8f578f905631a21837e828a2d2a362d623ae4587f055a48057faea02b18ce850ec9c199b29828ebff6b976988c21175905fb3d956130c7c46023440c2abf9864af9a9ce310bb27d5e60c683ea88e395897be98972edf26d15f30e8fd8e8910a2935fb5bd72818ff8dc7265bf8d7645d288e0104dd0ba8c78b2b262fdef948ec2de08f25ec3a3ed523997cd5f2f4e02722d2d331331e55c3b58ae04c08cb56b08166d9272d3b5a388d4152bd346a560268c8ba86ea4f4a3867d30cb882b442252066a226fe684176cbade8562618772562d0be9a4701394174fb25df436e4c257b6164c23f6edc5eb8e8c6d4b88df378dd1df0df831fd029c2dcb26452920efecc68309a40fed8c44b88b31616b66e8a4ba242c22f2cb95aaec03e02ad9a387921a32a8cf7a8e99e936b46336c07d47804409d56f1d75030747d71957bb19f3f5f9fe85cbef29daf7e8ff1458c1b2305ff4a1e13aa4721075c9fcd0fa6f11d8843590eb48fb379deda43552ca049012c0023b4d23a106492983288fd179dc86b6c5a13af4f8a3f19819546413fb95b252f280c47366ad9ffc8213e7a7a7d3497726c1dbacd40dca89a7556b3241f889ed54b9e6fa9df19f63c0cc4066eacf13514d410e53e774aca2bd38c494f05b3d00698be84d9b28d7f3e379126e80d72cbe65a646df7c6aad2b1f2c8683aa7ca919f3a30032db096a043e09d9c794303244d4875a60dc5927ff7b4bb4f43d98c61a2cdd96ab720db95177784284561643089a60f3627d090f44083330783b65037376e8ab3f5a40914d862b23dbdc1ee5d1260bf96f6fe3be32d3be17698aeb92d30fdaeeb783190a4bd4050da4f98a1fcfb78432477c469a585df29fa3add1f7fc228b28eb9e9fb7f5d89e480456fce10f6c1bd676b63fc64fe309c10bf291259cb1f336ac25c06861cb6d609ed393fa51fd8f73e52e8e738608fa528035e13bd125bf590a7bfadf29ba9052f9cb62ab2d3d1a67697c1dea6bd6368bdded20a1ac415d8eef1e63fd5f551026a4397f2e1b195bdaabe1787b118bb0d831bc934949dba8b978c4c8a5f5c923ed03391584cf878615e3f87e923e1959ed106cf466cec08ce60f657fdfa53036d3d0385feacc745f4d8d2f996a64300ceab41bd87c60147405738611204ef66637676cfdbcc989b30c922d203c2fc9f366acab13acc7b033f43b6c627febfdfa03308a7ad86966097eeea51f6db2d70566791bd23ed9e3d3a7251311f1865c3e1d79572574023edb4a936a3878feaa4bc518719e7d3519417ae3fbb9371e16fc617c25f6871f8b41400f900c566e84afbc50d39b732616366ef19763e00fa009fa97fc9afc96e40a0fb111a7102000000d9eb93ef0f768d44836152a8745720a86dff0996a84287847fb71c764144807b6344dcfa01fb30dcfc00001800fa000d7302f64c1c18855a90cedae2e2191a6e02ff3e0f00f90097637ade8813ca7018ecdf000600fb0080000000"], 0x1330}, 0x1, 0x0, 0x0, 0x10}, 0x4000) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x55}, {0x6, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}, {@none, 0x1, 0x53, 0x2, "95ebd0", 0xffff}, {@none, 0x1, 0x1, 0x5, "cbf6fc", 0x876f}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xf2, 0x0, 0x0, "3d9124", 0x8001}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x0, 0x80, 0x2, "825046", 0x8d}, {@none, 0x7, 0x1, 0x1, "dfa883", 0x79}]}}}, 0x58) 00:11:32 executing program 1: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) 00:11:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 0: socket$isdn(0x22, 0x2, 0x2) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000180)) add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) 00:11:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc, 0x99, {0x0, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x7f6be808264b9db, 0x9d}, "3fb25f2e9fbb36c047c683d05eb6f50ba1e8e07219c22ddb5897b8503092956281291b3b67792571733d4d7a7cd9351b165c228d04167a87bb987db565f30e61485f6d157c4c14b617bf076efd4bb944c58a04c5c47f15f8951306d7072130b0e34faecb1bb2c8053acb2a8adcea7f41e76407713f105e713f927f510d1e90ef2215c80b3ba676a11ff3964b99abe2f9c605c01e748d820788e4b1dfb4"}, 0xa1) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140), 0x200040, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r0, &(0x7f00000016c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001680)={&(0x7f0000000240)=ANY=[@ANYBLOB="30130000", @ANYRES16=r1, @ANYBLOB="00032dbd7000fbdbdf257a00000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990000008000690000000400f9000600fb00ffff00003200fc007dc73f73b8a700b993a85b3cba6a935567c324158e38be6aca73dcb7a61ed41cfbb02ec3000042cf9448489e49a500000600fb00ff0100009400fc00747881ff71711cf7d3dec7306896f7bdacde881d6529cdc94ff77feed8ebe4ff013747596365497b7ba6b1b780669f971c37c20c458eb18c81cb4e26edd675c38b694e25db40621325567bf63435df7b9cfc58bffad057e17e83e5adeb49b989e7dfdd857b335c9f0b15b4704a92471220715b2b1c93cb7e7318aeac657e1da4d2a0409dfc526df19830cf7fa86a297e4b00fc00f52d26f07becfd7d18cfb3b022612c5cdfc50349c312f245b17bdb1123595cffad8e862e08587432faa9598dd65be7fff7e664d6363b0324478e1179b7777d521611b99e245148000c002a00bd060802110000004c012a002d1a600001470000000000000004000000190000000003ff030000800406060708000004824140c00b07000000ffffffffffff09000000ffffffffffff00000100ffffffff030408021100000100080000040802110000001ff3000004080211000000090000003e010337d6070705d4a7bf43d7f2f18a48683d81d35033b06df7690d7e57e01064e81447a2b47bf2a071d645fb7d099750a96b00c9e6ec1f111dc46d385c8c56b5abd4dd84319cdc7baa95b9aebef336f6503ef04a94060220765ee90e153cdc67a4a609ea94ebf3d3fb6293f331385651915bc59fe935235104045f696689010da05ede0af9d2a9dd08902535e10110c2d07fd97e6414eb72229511004286e30301b4012877c432877bc68677ce8e1ea067e681577140059ba845ca825054aad1bf401993fb3933096d8191ea020c331f1740a1cb71d1521bd7f13c040007ab7f0410fa005dd4c2144cbc47730a975da8acefaf6ae81157cf3f494a7fe6b3b4586264b339f550ada43f123b944e1df548255521ca42ea3c5e6deee082b3b3138d70a3ad3a8d24f475964fbc367ac88993411398a888c1e129bb75d6853ee9058adafa20437fdccf0f830b9e833d6a87552d51a1297483044ea6b8412adfaed233918ba995a2af73e47a8bc983a9952cb44830957f8523285b4e98fc0d5b331313baccf5c7baa2080ed57f1e6ae03cbc718f11fbd785dee02262e284e43a91b831c913f952799bba2dfbd64db0218e0469c73d438ac3c0fc7b82a55b397691b6ed28f3fe60f54d271ba4116a1378b7674684369761df411b5f04248cd0102cdac80945241d489e3183f148d070d1e411d0541488f20dd65448b60021d64a97fd95121ca9795cc332557524bff95ceb875c17a53ba52b7f9816e2c0e68cc85a6b20f8924d8ad8c0411c6fd2d7f5c955678f7f1114847f89a1fd0ce7f9283743af75f9e7e9b8baa5854f6217012d3ae9bde20e0b97fcbe297289bd41ffd4798da978a0c15888418b63e1b571f377eb560dbc42a6c885fc46557dcf0f76bd56a5f7bfa77a68ebd1177feefb38cd205f46fcc382a245a9a5840171745ed8fed6e324a31e554f9c3663e8daf50cc08d755fc79aa6534ebc2608d6c1c6d0990f81a16783cedc29b5ac58d1fdbd0889a353c180dd4c0e9370c22c0fd2cf5eb2c1553f7e8f9d026838d9a373a2dbcbab049e9f4b7a30f0c77b8e89a3cc2c371353c0268fe290952d1cee47095db537910ce1548002d99041d38ee0e666758d6561c5cdbcda77ee97c0fd9c278551c08257d94ed3aae4d9cfc59c506917298920681759ed4931622d7158429deeba535a03c095ec5b64a951d1c91175c598ac96e7e1ee411f47c2458c4d6cceb19bf8d64df26fd6cecdc18c9a737de9d1cf96f3a72bffe37e5ff0e056a9f1bbebcd8b45f185df3938d34023f1acb3413a63d2bd0c0965d1d6bea3e6c5867593847d13e215695d3951f5bf7ec3203bb28e923736a03c479358254fe8f06b99ed504c905342a5ad55b0b3635baed8d5b42095ba16e5d667d53ba942d64d12ca3ae551eec893fe11b10ea198daee17b9c6d68560b0e59556d0148e2a42401649b69fa27ae734e1c58f561fd31ff1dceac28b031070089d9742a8f5d7f13621b5fc8a77dfa1de182c1340110e4f770119fb2baade919384b316ddf008f71863cdd35b5ffafaf24c2829425dba553b48ac8a53eedb2aa59bbd2afe780e22ad94fc67eaea57a6f2d3694a59c58267710be583b17282859fa85d90e2611a4c655bb59959a3a78cbdfd928e628f737560df4befc7d3c6b37c3434553220bcf8dd973102a35165fff7f5c648dfe255a0a5eff9fe50c67ce75ba312d5d9134d48c04f831c68ff85ae22f64a04d6feedd4e536c117bc60c34da9e89d6dfc2a1c4e2cc657c4b05962da752bd32b58deefeb7bd2133baf4329ec9f7722b5cf63f1341151ff93bbe246ed25445cf17768dce66949ed0a7d6f3b8a69d549485e324988cc49aee780948cb3c4ca1e748eb78947b3633187cce92aa0f61d96bcb1437a47281b74bcd7f755e22f32cf2e47cdb78486a107990092724dba19db0ab9d78bd64482520a408b80e80bfa1bbf048fb9e1b08e7a62dc784fb86bc08f44c2475d43650d326bd571f4d95eed7c0874a830dfe9b5c4cdc3e2c40fa316ebdcc0c5bde4cea37d39a91b2dca73122190badb718dc2ee0cf69a50e74de1e637e68fa127e1ed11bdaa9a499dcad9ca79e1a39ba0e7bb3d3854ecfff32dd921d9c863c6df437ed7f2ade447a5b4d38921d6413d4d0dfbdf07912782166ee3dbfdaae9fbc4b472f16598b9c2253e56fcb074aa8fe2b5544c048e25f219e62a6dd7b416c650cc5203363d570dc27e2f172bf9fbc18ef861a2fecf7c3aaa728a2ba0591ed08dd75a7d9d16d9bab2bd9f08cfa45d491e685fe2e14a4137a73a778602e4bc7110f79acf57a63b7a7aa72f7fa8312a8df77cb32e45de0d51fc8985a23cc4b5db80ef03668a05dabc192dd197d4d055d197d4447e095e15b303875d120459f87c9f4843b7891f2cbedcb75bcc3f2d3a7a1bf82c7b2ed0288545d265313d2008c8fe1e22bf56f6e0f2f6da204a3090ab120998edd3946f1d1cce3c73375b4842bde8054371d791f8938bb02a6cb03b57d63c4023c9c6b980aafb22e908de54f6fd352aa42ce2abe28d820e64a923dc8c3f9c69a36befb55e36a981e269d18a88f8d7a204d8696c8eaba13bdc7471adb3049b3603131af29d1a5a6c66cd8528241710babeb866ae28df15209e5e56f8370dbc08a96db84c5a02a75134c2bd9e084e7e2fba5e769d2d8825cc7fd3777a4c9858794187d9d5167704e37d79c807647415c3c66115c6729a05c153a317cb7b3e23335235ee56ee045d104b67538514cf19bfefb93ae0556b9632ba2c404b27af0025ea4a5089b29f0b97d037d6f905c5505f7b7e856e5ca86d51cd81f141afc1aaaead9d22336f30ab619bb08ef3d809556fa5203e6ae012f62d29ef40cff0739dd1ba073e9b74bda32fc61549700114bb0ae3a0036fd5ad746f340b98982f688bf819b0237cfbcada64f49c90b27eb321897b61168afffb00834c5b4a742528e093e03d2d556b81d97b5db53cd47493481a0df5c0fe3a43cf2df688a3c66571250b9ac64a8d313f4ef8fb9b0840f4fbc12ffa0f05720e7f41fd4de436672eea04d27cbeec9c90476e4f3957888e409c65aa7c77c530e2d9f534fba873c4c8f26c7765c43192011c0c8fecf3fc359c08167db0f04bc710a0c1fc181a0cb1cf323778a2d1047c18fca50db9bd11fcbc37a79bf442f18c042c473b1779690186fd42038dc05c93bf5832f2f40a45a61d30b1ad1537a3fcef895d7cf96f80e4c46fde9aedaf7f531de39a533f2e48384c90bbe18844276b595175fefb064383ea1c0de88511712bf51b80d9a0712ba1602e86adb76fa7046ef1a5faae252d3cc4884c0e5c10d033a6cd3873bba7a48c320e2e2304b7ce25e9f63103e80df194abb1d36be3d3af40a93566b936d4dc9ac39b9cc9387d712d1bb44db3a21e78957f9065659aeac564a8b80023661f6fbf60058d08abe62a7a4732834ac4aa053b93dcd369be9769634b3c465c0281d097dcd9ad2b2fcc735972163daaee43ec34435911bfeb693da5cab8f1f5bed6b914004d62f1d7186f31043dc925e131375d9415b1e823ce1707030910c4b5df80cd759cc00865a386cf2dc51a85960bd5c1e5406404e2038e91004c99a9e44cf594b4de2fcd53288fd5bfb31654807f796fe84db6a62bd9ced90a65e84635d1ff48483b7c88670a80cdd4636c4e5a91b3db630add344ad9a31635195340ab3d1805451af8f22f9b7ab1469cfb6262fb7794ffd0e0e92a425343e38c26f718317ef2a966bbb70ce64384ee1da49bc4ce6d0c024e93b67a5bf96cf7f518414f32d1f648a11ae1c6b174c460a93c4d7fb19395e840996d45d83c96fc20aee0ff017f7acfdbf6e05e7f95a4a71a6a3ce4a547350901e548f1795aa598c00e3845f784e03004880ccef1dc4c250bb53fdaf53ee7ff0420deb0c3b4ff79728d027c6ac078fafac02d5fe9fef9e1f93e0b6c28a349c0e21326cd963688eb3a550779934172c9fbbe15f52ecb9f32c149b2c3f0fdc4c7eb56d19f57a4a7d264c1d011917b36a78fe8abe81c66d20552a0ffbf9fd386468b3f0a49c49d402606556058a038d00c14b8f26bedd6929f92964daf2c22dd7523b4e5a1afef9895e0f03a90ab33c325bbb1682d52adac94588b21fe5bb4690fb64f40c87d1239a06ff7450cf070cd3a89fc4b262160685e9cf0c6667d6e957f95b076f197e51b92981cf7f4243ec6a316639e2514fe258d2d2496eef0952a2ba247dab40ec03fd90dd4a010c13f0bd0a5cb1dc562a77559e573b156bd8c0471956a23f693558405262f1c5e49b59eed8c0ccbc4da3efc31fcbd51ad81a65354cd637ec5c94c4a362755408c3dbf7f236d0d43f341f0a89e29e4434b65c784ccdbbba97f32d3955724b707887d05fe1229dd2de90e89a9e59b8aa30149ee104b58780c79ff246adc161655df406c48220694a4aed093cb05418cec6c2e611d1070199bf5fa7fd6df393c7a99a5c1d6bba4f1070e3184ae4bac3471b90a1b1b10db61dc42fb2bb8117d9ec1f3fda4fda48b3fb64b494be69c0cbd52d6bfccd3d817bd4725c9379582b2dd9b047e83b3b07787df126c482bb88dfb7ff26bb83d9683ff8ee17857e132b3253dc86ce33e91e65954c1f793af5d7ea8996f7ecd425a645b4579becf9e6a7127c3e428b4d5a58b7630d56a58b62d4173afcef2de9dde87fa52a400713a1ddfdcbc522cfb752f4badc2fe5b6df465a0633ae5d472c98108b5febd4de68868ad612a3acf46f78954e7899a5b7ef9a00d6492fdc664050232088df19e0e021b739e060dc2c1e90a0c86d8f578f905631a21837e828a2d2a362d623ae4587f055a48057faea02b18ce850ec9c199b29828ebff6b976988c21175905fb3d956130c7c46023440c2abf9864af9a9ce310bb27d5e60c683ea88e395897be98972edf26d15f30e8fd8e8910a2935fb5bd72818ff8dc7265bf8d7645d288e0104dd0ba8c78b2b262fdef948ec2de08f25ec3a3ed523997cd5f2f4e02722d2d331331e55c3b58ae04c08cb56b08166d9272d3b5a388d4152bd346a560268c8ba86ea4f4a3867d30cb882b442252066a226fe684176cbade8562618772562d0be9a4701394174fb25df436e4c257b6164c23f6edc5eb8e8c6d4b88df378dd1df0df831fd029c2dcb26452920efecc68309a40fed8c44b88b31616b66e8a4ba242c22f2cb95aaec03e02ad9a387921a32a8cf7a8e99e936b46336c07d47804409d56f1d75030747d71957bb19f3f5f9fe85cbef29daf7e8ff1458c1b2305ff4a1e13aa4721075c9fcd0fa6f11d8843590eb48fb379deda43552ca049012c0023b4d23a106492983288fd179dc86b6c5a13af4f8a3f19819546413fb95b252f280c47366ad9ffc8213e7a7a7d3497726c1dbacd40dca89a7556b3241f889ed54b9e6fa9df19f63c0cc4066eacf13514d410e53e774aca2bd38c494f05b3d00698be84d9b28d7f3e379126e80d72cbe65a646df7c6aad2b1f2c8683aa7ca919f3a30032db096a043e09d9c794303244d4875a60dc5927ff7b4bb4f43d98c61a2cdd96ab720db95177784284561643089a60f3627d090f44083330783b65037376e8ab3f5a40914d862b23dbdc1ee5d1260bf96f6fe3be32d3be17698aeb92d30fdaeeb783190a4bd4050da4f98a1fcfb78432477c469a585df29fa3add1f7fc228b28eb9e9fb7f5d89e480456fce10f6c1bd676b63fc64fe309c10bf291259cb1f336ac25c06861cb6d609ed393fa51fd8f73e52e8e738608fa528035e13bd125bf590a7bfadf29ba9052f9cb62ab2d3d1a67697c1dea6bd6368bdded20a1ac415d8eef1e63fd5f551026a4397f2e1b195bdaabe1787b118bb0d831bc934949dba8b978c4c8a5f5c923ed03391584cf878615e3f87e923e1959ed106cf466cec08ce60f657fdfa53036d3d0385feacc745f4d8d2f996a64300ceab41bd87c60147405738611204ef66637676cfdbcc989b30c922d203c2fc9f366acab13acc7b033f43b6c627febfdfa03308a7ad86966097eeea51f6db2d70566791bd23ed9e3d3a7251311f1865c3e1d79572574023edb4a936a3878feaa4bc518719e7d3519417ae3fbb9371e16fc617c25f6871f8b41400f900c566e84afbc50d39b732616366ef19763e00fa009fa97fc9afc96e40a0fb111a7102000000d9eb93ef0f768d44836152a8745720a86dff0996a84287847fb71c764144807b6344dcfa01fb30dcfc00001800fa000d7302f64c1c18855a90cedae2e2191a6e02ff3e0f00f90097637ade8813ca7018ecdf000600fb0080000000"], 0x1330}, 0x1, 0x0, 0x0, 0x10}, 0x4000) [ 692.838290][ T5502] Bluetooth: hci1: SCO packet for unknown connection handle 2523 [ 692.893697][T25923] trusted_key: encrypted_key: insufficient parameters specified 00:11:32 executing program 1: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) 00:11:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0x0, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 0: socket$isdn(0x22, 0x2, 0x2) add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) 00:11:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:32 executing program 1: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) [ 692.957659][ T5502] Bluetooth: hci1: SCO packet for unknown connection handle 2523 [ 692.977996][T25937] trusted_key: encrypted_key: insufficient parameters specified 00:11:32 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) 00:11:32 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x7f6be808264b9db, 0x9d}, "3fb25f2e9fbb36c047c683d05eb6f50ba1e8e07219c22ddb5897b8503092956281291b3b67792571733d4d7a7cd9351b165c228d04167a87bb987db565f30e61485f6d157c4c14b617bf076efd4bb944c58a04c5c47f15f8951306d7072130b0e34faecb1bb2c8053acb2a8adcea7f41e76407713f105e713f927f510d1e90ef2215c80b3ba676a11ff3964b99abe2f9c605c01e748d820788e4b1dfb4"}, 0xa1) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140), 0x200040, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r0, &(0x7f00000016c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001680)={&(0x7f0000000240)=ANY=[@ANYBLOB="30130000", @ANYRES16=r1, @ANYBLOB="00032dbd7000fbdbdf257a00000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990000008000690000000400f9000600fb00ffff00003200fc007dc73f73b8a700b993a85b3cba6a935567c324158e38be6aca73dcb7a61ed41cfbb02ec3000042cf9448489e49a500000600fb00ff0100009400fc00747881ff71711cf7d3dec7306896f7bdacde881d6529cdc94ff77feed8ebe4ff013747596365497b7ba6b1b780669f971c37c20c458eb18c81cb4e26edd675c38b694e25db40621325567bf63435df7b9cfc58bffad057e17e83e5adeb49b989e7dfdd857b335c9f0b15b4704a92471220715b2b1c93cb7e7318aeac657e1da4d2a0409dfc526df19830cf7fa86a297e4b00fc00f52d26f07becfd7d18cfb3b022612c5cdfc50349c312f245b17bdb1123595cffad8e862e08587432faa9598dd65be7fff7e664d6363b0324478e1179b7777d521611b99e245148000c002a00bd060802110000004c012a002d1a600001470000000000000004000000190000000003ff030000800406060708000004824140c00b07000000ffffffffffff09000000ffffffffffff00000100ffffffff030408021100000100080000040802110000001ff3000004080211000000090000003e010337d6070705d4a7bf43d7f2f18a48683d81d35033b06df7690d7e57e01064e81447a2b47bf2a071d645fb7d099750a96b00c9e6ec1f111dc46d385c8c56b5abd4dd84319cdc7baa95b9aebef336f6503ef04a94060220765ee90e153cdc67a4a609ea94ebf3d3fb6293f331385651915bc59fe935235104045f696689010da05ede0af9d2a9dd08902535e10110c2d07fd97e6414eb72229511004286e30301b4012877c432877bc68677ce8e1ea067e681577140059ba845ca825054aad1bf401993fb3933096d8191ea020c331f1740a1cb71d1521bd7f13c040007ab7f0410fa005dd4c2144cbc47730a975da8acefaf6ae81157cf3f494a7fe6b3b4586264b339f550ada43f123b944e1df548255521ca42ea3c5e6deee082b3b3138d70a3ad3a8d24f475964fbc367ac88993411398a888c1e129bb75d6853ee9058adafa20437fdccf0f830b9e833d6a87552d51a1297483044ea6b8412adfaed233918ba995a2af73e47a8bc983a9952cb44830957f8523285b4e98fc0d5b331313baccf5c7baa2080ed57f1e6ae03cbc718f11fbd785dee02262e284e43a91b831c913f952799bba2dfbd64db0218e0469c73d438ac3c0fc7b82a55b397691b6ed28f3fe60f54d271ba4116a1378b7674684369761df411b5f04248cd0102cdac80945241d489e3183f148d070d1e411d0541488f20dd65448b60021d64a97fd95121ca9795cc332557524bff95ceb875c17a53ba52b7f9816e2c0e68cc85a6b20f8924d8ad8c0411c6fd2d7f5c955678f7f1114847f89a1fd0ce7f9283743af75f9e7e9b8baa5854f6217012d3ae9bde20e0b97fcbe297289bd41ffd4798da978a0c15888418b63e1b571f377eb560dbc42a6c885fc46557dcf0f76bd56a5f7bfa77a68ebd1177feefb38cd205f46fcc382a245a9a5840171745ed8fed6e324a31e554f9c3663e8daf50cc08d755fc79aa6534ebc2608d6c1c6d0990f81a16783cedc29b5ac58d1fdbd0889a353c180dd4c0e9370c22c0fd2cf5eb2c1553f7e8f9d026838d9a373a2dbcbab049e9f4b7a30f0c77b8e89a3cc2c371353c0268fe290952d1cee47095db537910ce1548002d99041d38ee0e666758d6561c5cdbcda77ee97c0fd9c278551c08257d94ed3aae4d9cfc59c506917298920681759ed4931622d7158429deeba535a03c095ec5b64a951d1c91175c598ac96e7e1ee411f47c2458c4d6cceb19bf8d64df26fd6cecdc18c9a737de9d1cf96f3a72bffe37e5ff0e056a9f1bbebcd8b45f185df3938d34023f1acb3413a63d2bd0c0965d1d6bea3e6c5867593847d13e215695d3951f5bf7ec3203bb28e923736a03c479358254fe8f06b99ed504c905342a5ad55b0b3635baed8d5b42095ba16e5d667d53ba942d64d12ca3ae551eec893fe11b10ea198daee17b9c6d68560b0e59556d0148e2a42401649b69fa27ae734e1c58f561fd31ff1dceac28b031070089d9742a8f5d7f13621b5fc8a77dfa1de182c1340110e4f770119fb2baade919384b316ddf008f71863cdd35b5ffafaf24c2829425dba553b48ac8a53eedb2aa59bbd2afe780e22ad94fc67eaea57a6f2d3694a59c58267710be583b17282859fa85d90e2611a4c655bb59959a3a78cbdfd928e628f737560df4befc7d3c6b37c3434553220bcf8dd973102a35165fff7f5c648dfe255a0a5eff9fe50c67ce75ba312d5d9134d48c04f831c68ff85ae22f64a04d6feedd4e536c117bc60c34da9e89d6dfc2a1c4e2cc657c4b05962da752bd32b58deefeb7bd2133baf4329ec9f7722b5cf63f1341151ff93bbe246ed25445cf17768dce66949ed0a7d6f3b8a69d549485e324988cc49aee780948cb3c4ca1e748eb78947b3633187cce92aa0f61d96bcb1437a47281b74bcd7f755e22f32cf2e47cdb78486a107990092724dba19db0ab9d78bd64482520a408b80e80bfa1bbf048fb9e1b08e7a62dc784fb86bc08f44c2475d43650d326bd571f4d95eed7c0874a830dfe9b5c4cdc3e2c40fa316ebdcc0c5bde4cea37d39a91b2dca73122190badb718dc2ee0cf69a50e74de1e637e68fa127e1ed11bdaa9a499dcad9ca79e1a39ba0e7bb3d3854ecfff32dd921d9c863c6df437ed7f2ade447a5b4d38921d6413d4d0dfbdf07912782166ee3dbfdaae9fbc4b472f16598b9c2253e56fcb074aa8fe2b5544c048e25f219e62a6dd7b416c650cc5203363d570dc27e2f172bf9fbc18ef861a2fecf7c3aaa728a2ba0591ed08dd75a7d9d16d9bab2bd9f08cfa45d491e685fe2e14a4137a73a778602e4bc7110f79acf57a63b7a7aa72f7fa8312a8df77cb32e45de0d51fc8985a23cc4b5db80ef03668a05dabc192dd197d4d055d197d4447e095e15b303875d120459f87c9f4843b7891f2cbedcb75bcc3f2d3a7a1bf82c7b2ed0288545d265313d2008c8fe1e22bf56f6e0f2f6da204a3090ab120998edd3946f1d1cce3c73375b4842bde8054371d791f8938bb02a6cb03b57d63c4023c9c6b980aafb22e908de54f6fd352aa42ce2abe28d820e64a923dc8c3f9c69a36befb55e36a981e269d18a88f8d7a204d8696c8eaba13bdc7471adb3049b3603131af29d1a5a6c66cd8528241710babeb866ae28df15209e5e56f8370dbc08a96db84c5a02a75134c2bd9e084e7e2fba5e769d2d8825cc7fd3777a4c9858794187d9d5167704e37d79c807647415c3c66115c6729a05c153a317cb7b3e23335235ee56ee045d104b67538514cf19bfefb93ae0556b9632ba2c404b27af0025ea4a5089b29f0b97d037d6f905c5505f7b7e856e5ca86d51cd81f141afc1aaaead9d22336f30ab619bb08ef3d809556fa5203e6ae012f62d29ef40cff0739dd1ba073e9b74bda32fc61549700114bb0ae3a0036fd5ad746f340b98982f688bf819b0237cfbcada64f49c90b27eb321897b61168afffb00834c5b4a742528e093e03d2d556b81d97b5db53cd47493481a0df5c0fe3a43cf2df688a3c66571250b9ac64a8d313f4ef8fb9b0840f4fbc12ffa0f05720e7f41fd4de436672eea04d27cbeec9c90476e4f3957888e409c65aa7c77c530e2d9f534fba873c4c8f26c7765c43192011c0c8fecf3fc359c08167db0f04bc710a0c1fc181a0cb1cf323778a2d1047c18fca50db9bd11fcbc37a79bf442f18c042c473b1779690186fd42038dc05c93bf5832f2f40a45a61d30b1ad1537a3fcef895d7cf96f80e4c46fde9aedaf7f531de39a533f2e48384c90bbe18844276b595175fefb064383ea1c0de88511712bf51b80d9a0712ba1602e86adb76fa7046ef1a5faae252d3cc4884c0e5c10d033a6cd3873bba7a48c320e2e2304b7ce25e9f63103e80df194abb1d36be3d3af40a93566b936d4dc9ac39b9cc9387d712d1bb44db3a21e78957f9065659aeac564a8b80023661f6fbf60058d08abe62a7a4732834ac4aa053b93dcd369be9769634b3c465c0281d097dcd9ad2b2fcc735972163daaee43ec34435911bfeb693da5cab8f1f5bed6b914004d62f1d7186f31043dc925e131375d9415b1e823ce1707030910c4b5df80cd759cc00865a386cf2dc51a85960bd5c1e5406404e2038e91004c99a9e44cf594b4de2fcd53288fd5bfb31654807f796fe84db6a62bd9ced90a65e84635d1ff48483b7c88670a80cdd4636c4e5a91b3db630add344ad9a31635195340ab3d1805451af8f22f9b7ab1469cfb6262fb7794ffd0e0e92a425343e38c26f718317ef2a966bbb70ce64384ee1da49bc4ce6d0c024e93b67a5bf96cf7f518414f32d1f648a11ae1c6b174c460a93c4d7fb19395e840996d45d83c96fc20aee0ff017f7acfdbf6e05e7f95a4a71a6a3ce4a547350901e548f1795aa598c00e3845f784e03004880ccef1dc4c250bb53fdaf53ee7ff0420deb0c3b4ff79728d027c6ac078fafac02d5fe9fef9e1f93e0b6c28a349c0e21326cd963688eb3a550779934172c9fbbe15f52ecb9f32c149b2c3f0fdc4c7eb56d19f57a4a7d264c1d011917b36a78fe8abe81c66d20552a0ffbf9fd386468b3f0a49c49d402606556058a038d00c14b8f26bedd6929f92964daf2c22dd7523b4e5a1afef9895e0f03a90ab33c325bbb1682d52adac94588b21fe5bb4690fb64f40c87d1239a06ff7450cf070cd3a89fc4b262160685e9cf0c6667d6e957f95b076f197e51b92981cf7f4243ec6a316639e2514fe258d2d2496eef0952a2ba247dab40ec03fd90dd4a010c13f0bd0a5cb1dc562a77559e573b156bd8c0471956a23f693558405262f1c5e49b59eed8c0ccbc4da3efc31fcbd51ad81a65354cd637ec5c94c4a362755408c3dbf7f236d0d43f341f0a89e29e4434b65c784ccdbbba97f32d3955724b707887d05fe1229dd2de90e89a9e59b8aa30149ee104b58780c79ff246adc161655df406c48220694a4aed093cb05418cec6c2e611d1070199bf5fa7fd6df393c7a99a5c1d6bba4f1070e3184ae4bac3471b90a1b1b10db61dc42fb2bb8117d9ec1f3fda4fda48b3fb64b494be69c0cbd52d6bfccd3d817bd4725c9379582b2dd9b047e83b3b07787df126c482bb88dfb7ff26bb83d9683ff8ee17857e132b3253dc86ce33e91e65954c1f793af5d7ea8996f7ecd425a645b4579becf9e6a7127c3e428b4d5a58b7630d56a58b62d4173afcef2de9dde87fa52a400713a1ddfdcbc522cfb752f4badc2fe5b6df465a0633ae5d472c98108b5febd4de68868ad612a3acf46f78954e7899a5b7ef9a00d6492fdc664050232088df19e0e021b739e060dc2c1e90a0c86d8f578f905631a21837e828a2d2a362d623ae4587f055a48057faea02b18ce850ec9c199b29828ebff6b976988c21175905fb3d956130c7c46023440c2abf9864af9a9ce310bb27d5e60c683ea88e395897be98972edf26d15f30e8fd8e8910a2935fb5bd72818ff8dc7265bf8d7645d288e0104dd0ba8c78b2b262fdef948ec2de08f25ec3a3ed523997cd5f2f4e02722d2d331331e55c3b58ae04c08cb56b08166d9272d3b5a388d4152bd346a560268c8ba86ea4f4a3867d30cb882b442252066a226fe684176cbade8562618772562d0be9a4701394174fb25df436e4c257b6164c23f6edc5eb8e8c6d4b88df378dd1df0df831fd029c2dcb26452920efecc68309a40fed8c44b88b31616b66e8a4ba242c22f2cb95aaec03e02ad9a387921a32a8cf7a8e99e936b46336c07d47804409d56f1d75030747d71957bb19f3f5f9fe85cbef29daf7e8ff1458c1b2305ff4a1e13aa4721075c9fcd0fa6f11d8843590eb48fb379deda43552ca049012c0023b4d23a106492983288fd179dc86b6c5a13af4f8a3f19819546413fb95b252f280c47366ad9ffc8213e7a7a7d3497726c1dbacd40dca89a7556b3241f889ed54b9e6fa9df19f63c0cc4066eacf13514d410e53e774aca2bd38c494f05b3d00698be84d9b28d7f3e379126e80d72cbe65a646df7c6aad2b1f2c8683aa7ca919f3a30032db096a043e09d9c794303244d4875a60dc5927ff7b4bb4f43d98c61a2cdd96ab720db95177784284561643089a60f3627d090f44083330783b65037376e8ab3f5a40914d862b23dbdc1ee5d1260bf96f6fe3be32d3be17698aeb92d30fdaeeb783190a4bd4050da4f98a1fcfb78432477c469a585df29fa3add1f7fc228b28eb9e9fb7f5d89e480456fce10f6c1bd676b63fc64fe309c10bf291259cb1f336ac25c06861cb6d609ed393fa51fd8f73e52e8e738608fa528035e13bd125bf590a7bfadf29ba9052f9cb62ab2d3d1a67697c1dea6bd6368bdded20a1ac415d8eef1e63fd5f551026a4397f2e1b195bdaabe1787b118bb0d831bc934949dba8b978c4c8a5f5c923ed03391584cf878615e3f87e923e1959ed106cf466cec08ce60f657fdfa53036d3d0385feacc745f4d8d2f996a64300ceab41bd87c60147405738611204ef66637676cfdbcc989b30c922d203c2fc9f366acab13acc7b033f43b6c627febfdfa03308a7ad86966097eeea51f6db2d70566791bd23ed9e3d3a7251311f1865c3e1d79572574023edb4a936a3878feaa4bc518719e7d3519417ae3fbb9371e16fc617c25f6871f8b41400f900c566e84afbc50d39b732616366ef19763e00fa009fa97fc9afc96e40a0fb111a7102000000d9eb93ef0f768d44836152a8745720a86dff0996a84287847fb71c764144807b6344dcfa01fb30dcfc00001800fa000d7302f64c1c18855a90cedae2e2191a6e02ff3e0f00f90097637ade8813ca7018ecdf000600fb0080000000"], 0x1330}, 0x1, 0x0, 0x0, 0x10}, 0x4000) 00:11:33 executing program 0: add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) 00:11:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0x0, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:33 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x7f6be808264b9db, 0x9d}, "3fb25f2e9fbb36c047c683d05eb6f50ba1e8e07219c22ddb5897b8503092956281291b3b67792571733d4d7a7cd9351b165c228d04167a87bb987db565f30e61485f6d157c4c14b617bf076efd4bb944c58a04c5c47f15f8951306d7072130b0e34faecb1bb2c8053acb2a8adcea7f41e76407713f105e713f927f510d1e90ef2215c80b3ba676a11ff3964b99abe2f9c605c01e748d820788e4b1dfb4"}, 0xa1) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140), 0x200040, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r0, &(0x7f00000016c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001680)={&(0x7f0000000240)=ANY=[@ANYBLOB="30130000", @ANYRES16=r1, @ANYBLOB="00032dbd7000fbdbdf257a00000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990000008000690000000400f9000600fb00ffff00003200fc007dc73f73b8a700b993a85b3cba6a935567c324158e38be6aca73dcb7a61ed41cfbb02ec3000042cf9448489e49a500000600fb00ff0100009400fc00747881ff71711cf7d3dec7306896f7bdacde881d6529cdc94ff77feed8ebe4ff013747596365497b7ba6b1b780669f971c37c20c458eb18c81cb4e26edd675c38b694e25db40621325567bf63435df7b9cfc58bffad057e17e83e5adeb49b989e7dfdd857b335c9f0b15b4704a92471220715b2b1c93cb7e7318aeac657e1da4d2a0409dfc526df19830cf7fa86a297e4b00fc00f52d26f07becfd7d18cfb3b022612c5cdfc50349c312f245b17bdb1123595cffad8e862e08587432faa9598dd65be7fff7e664d6363b0324478e1179b7777d521611b99e245148000c002a00bd060802110000004c012a002d1a600001470000000000000004000000190000000003ff030000800406060708000004824140c00b07000000ffffffffffff09000000ffffffffffff00000100ffffffff030408021100000100080000040802110000001ff3000004080211000000090000003e010337d6070705d4a7bf43d7f2f18a48683d81d35033b06df7690d7e57e01064e81447a2b47bf2a071d645fb7d099750a96b00c9e6ec1f111dc46d385c8c56b5abd4dd84319cdc7baa95b9aebef336f6503ef04a94060220765ee90e153cdc67a4a609ea94ebf3d3fb6293f331385651915bc59fe935235104045f696689010da05ede0af9d2a9dd08902535e10110c2d07fd97e6414eb72229511004286e30301b4012877c432877bc68677ce8e1ea067e681577140059ba845ca825054aad1bf401993fb3933096d8191ea020c331f1740a1cb71d1521bd7f13c040007ab7f0410fa005dd4c2144cbc47730a975da8acefaf6ae81157cf3f494a7fe6b3b4586264b339f550ada43f123b944e1df548255521ca42ea3c5e6deee082b3b3138d70a3ad3a8d24f475964fbc367ac88993411398a888c1e129bb75d6853ee9058adafa20437fdccf0f830b9e833d6a87552d51a1297483044ea6b8412adfaed233918ba995a2af73e47a8bc983a9952cb44830957f8523285b4e98fc0d5b331313baccf5c7baa2080ed57f1e6ae03cbc718f11fbd785dee02262e284e43a91b831c913f952799bba2dfbd64db0218e0469c73d438ac3c0fc7b82a55b397691b6ed28f3fe60f54d271ba4116a1378b7674684369761df411b5f04248cd0102cdac80945241d489e3183f148d070d1e411d0541488f20dd65448b60021d64a97fd95121ca9795cc332557524bff95ceb875c17a53ba52b7f9816e2c0e68cc85a6b20f8924d8ad8c0411c6fd2d7f5c955678f7f1114847f89a1fd0ce7f9283743af75f9e7e9b8baa5854f6217012d3ae9bde20e0b97fcbe297289bd41ffd4798da978a0c15888418b63e1b571f377eb560dbc42a6c885fc46557dcf0f76bd56a5f7bfa77a68ebd1177feefb38cd205f46fcc382a245a9a5840171745ed8fed6e324a31e554f9c3663e8daf50cc08d755fc79aa6534ebc2608d6c1c6d0990f81a16783cedc29b5ac58d1fdbd0889a353c180dd4c0e9370c22c0fd2cf5eb2c1553f7e8f9d026838d9a373a2dbcbab049e9f4b7a30f0c77b8e89a3cc2c371353c0268fe290952d1cee47095db537910ce1548002d99041d38ee0e666758d6561c5cdbcda77ee97c0fd9c278551c08257d94ed3aae4d9cfc59c506917298920681759ed4931622d7158429deeba535a03c095ec5b64a951d1c91175c598ac96e7e1ee411f47c2458c4d6cceb19bf8d64df26fd6cecdc18c9a737de9d1cf96f3a72bffe37e5ff0e056a9f1bbebcd8b45f185df3938d34023f1acb3413a63d2bd0c0965d1d6bea3e6c5867593847d13e215695d3951f5bf7ec3203bb28e923736a03c479358254fe8f06b99ed504c905342a5ad55b0b3635baed8d5b42095ba16e5d667d53ba942d64d12ca3ae551eec893fe11b10ea198daee17b9c6d68560b0e59556d0148e2a42401649b69fa27ae734e1c58f561fd31ff1dceac28b031070089d9742a8f5d7f13621b5fc8a77dfa1de182c1340110e4f770119fb2baade919384b316ddf008f71863cdd35b5ffafaf24c2829425dba553b48ac8a53eedb2aa59bbd2afe780e22ad94fc67eaea57a6f2d3694a59c58267710be583b17282859fa85d90e2611a4c655bb59959a3a78cbdfd928e628f737560df4befc7d3c6b37c3434553220bcf8dd973102a35165fff7f5c648dfe255a0a5eff9fe50c67ce75ba312d5d9134d48c04f831c68ff85ae22f64a04d6feedd4e536c117bc60c34da9e89d6dfc2a1c4e2cc657c4b05962da752bd32b58deefeb7bd2133baf4329ec9f7722b5cf63f1341151ff93bbe246ed25445cf17768dce66949ed0a7d6f3b8a69d549485e324988cc49aee780948cb3c4ca1e748eb78947b3633187cce92aa0f61d96bcb1437a47281b74bcd7f755e22f32cf2e47cdb78486a107990092724dba19db0ab9d78bd64482520a408b80e80bfa1bbf048fb9e1b08e7a62dc784fb86bc08f44c2475d43650d326bd571f4d95eed7c0874a830dfe9b5c4cdc3e2c40fa316ebdcc0c5bde4cea37d39a91b2dca73122190badb718dc2ee0cf69a50e74de1e637e68fa127e1ed11bdaa9a499dcad9ca79e1a39ba0e7bb3d3854ecfff32dd921d9c863c6df437ed7f2ade447a5b4d38921d6413d4d0dfbdf07912782166ee3dbfdaae9fbc4b472f16598b9c2253e56fcb074aa8fe2b5544c048e25f219e62a6dd7b416c650cc5203363d570dc27e2f172bf9fbc18ef861a2fecf7c3aaa728a2ba0591ed08dd75a7d9d16d9bab2bd9f08cfa45d491e685fe2e14a4137a73a778602e4bc7110f79acf57a63b7a7aa72f7fa8312a8df77cb32e45de0d51fc8985a23cc4b5db80ef03668a05dabc192dd197d4d055d197d4447e095e15b303875d120459f87c9f4843b7891f2cbedcb75bcc3f2d3a7a1bf82c7b2ed0288545d265313d2008c8fe1e22bf56f6e0f2f6da204a3090ab120998edd3946f1d1cce3c73375b4842bde8054371d791f8938bb02a6cb03b57d63c4023c9c6b980aafb22e908de54f6fd352aa42ce2abe28d820e64a923dc8c3f9c69a36befb55e36a981e269d18a88f8d7a204d8696c8eaba13bdc7471adb3049b3603131af29d1a5a6c66cd8528241710babeb866ae28df15209e5e56f8370dbc08a96db84c5a02a75134c2bd9e084e7e2fba5e769d2d8825cc7fd3777a4c9858794187d9d5167704e37d79c807647415c3c66115c6729a05c153a317cb7b3e23335235ee56ee045d104b67538514cf19bfefb93ae0556b9632ba2c404b27af0025ea4a5089b29f0b97d037d6f905c5505f7b7e856e5ca86d51cd81f141afc1aaaead9d22336f30ab619bb08ef3d809556fa5203e6ae012f62d29ef40cff0739dd1ba073e9b74bda32fc61549700114bb0ae3a0036fd5ad746f340b98982f688bf819b0237cfbcada64f49c90b27eb321897b61168afffb00834c5b4a742528e093e03d2d556b81d97b5db53cd47493481a0df5c0fe3a43cf2df688a3c66571250b9ac64a8d313f4ef8fb9b0840f4fbc12ffa0f05720e7f41fd4de436672eea04d27cbeec9c90476e4f3957888e409c65aa7c77c530e2d9f534fba873c4c8f26c7765c43192011c0c8fecf3fc359c08167db0f04bc710a0c1fc181a0cb1cf323778a2d1047c18fca50db9bd11fcbc37a79bf442f18c042c473b1779690186fd42038dc05c93bf5832f2f40a45a61d30b1ad1537a3fcef895d7cf96f80e4c46fde9aedaf7f531de39a533f2e48384c90bbe18844276b595175fefb064383ea1c0de88511712bf51b80d9a0712ba1602e86adb76fa7046ef1a5faae252d3cc4884c0e5c10d033a6cd3873bba7a48c320e2e2304b7ce25e9f63103e80df194abb1d36be3d3af40a93566b936d4dc9ac39b9cc9387d712d1bb44db3a21e78957f9065659aeac564a8b80023661f6fbf60058d08abe62a7a4732834ac4aa053b93dcd369be9769634b3c465c0281d097dcd9ad2b2fcc735972163daaee43ec34435911bfeb693da5cab8f1f5bed6b914004d62f1d7186f31043dc925e131375d9415b1e823ce1707030910c4b5df80cd759cc00865a386cf2dc51a85960bd5c1e5406404e2038e91004c99a9e44cf594b4de2fcd53288fd5bfb31654807f796fe84db6a62bd9ced90a65e84635d1ff48483b7c88670a80cdd4636c4e5a91b3db630add344ad9a31635195340ab3d1805451af8f22f9b7ab1469cfb6262fb7794ffd0e0e92a425343e38c26f718317ef2a966bbb70ce64384ee1da49bc4ce6d0c024e93b67a5bf96cf7f518414f32d1f648a11ae1c6b174c460a93c4d7fb19395e840996d45d83c96fc20aee0ff017f7acfdbf6e05e7f95a4a71a6a3ce4a547350901e548f1795aa598c00e3845f784e03004880ccef1dc4c250bb53fdaf53ee7ff0420deb0c3b4ff79728d027c6ac078fafac02d5fe9fef9e1f93e0b6c28a349c0e21326cd963688eb3a550779934172c9fbbe15f52ecb9f32c149b2c3f0fdc4c7eb56d19f57a4a7d264c1d011917b36a78fe8abe81c66d20552a0ffbf9fd386468b3f0a49c49d402606556058a038d00c14b8f26bedd6929f92964daf2c22dd7523b4e5a1afef9895e0f03a90ab33c325bbb1682d52adac94588b21fe5bb4690fb64f40c87d1239a06ff7450cf070cd3a89fc4b262160685e9cf0c6667d6e957f95b076f197e51b92981cf7f4243ec6a316639e2514fe258d2d2496eef0952a2ba247dab40ec03fd90dd4a010c13f0bd0a5cb1dc562a77559e573b156bd8c0471956a23f693558405262f1c5e49b59eed8c0ccbc4da3efc31fcbd51ad81a65354cd637ec5c94c4a362755408c3dbf7f236d0d43f341f0a89e29e4434b65c784ccdbbba97f32d3955724b707887d05fe1229dd2de90e89a9e59b8aa30149ee104b58780c79ff246adc161655df406c48220694a4aed093cb05418cec6c2e611d1070199bf5fa7fd6df393c7a99a5c1d6bba4f1070e3184ae4bac3471b90a1b1b10db61dc42fb2bb8117d9ec1f3fda4fda48b3fb64b494be69c0cbd52d6bfccd3d817bd4725c9379582b2dd9b047e83b3b07787df126c482bb88dfb7ff26bb83d9683ff8ee17857e132b3253dc86ce33e91e65954c1f793af5d7ea8996f7ecd425a645b4579becf9e6a7127c3e428b4d5a58b7630d56a58b62d4173afcef2de9dde87fa52a400713a1ddfdcbc522cfb752f4badc2fe5b6df465a0633ae5d472c98108b5febd4de68868ad612a3acf46f78954e7899a5b7ef9a00d6492fdc664050232088df19e0e021b739e060dc2c1e90a0c86d8f578f905631a21837e828a2d2a362d623ae4587f055a48057faea02b18ce850ec9c199b29828ebff6b976988c21175905fb3d956130c7c46023440c2abf9864af9a9ce310bb27d5e60c683ea88e395897be98972edf26d15f30e8fd8e8910a2935fb5bd72818ff8dc7265bf8d7645d288e0104dd0ba8c78b2b262fdef948ec2de08f25ec3a3ed523997cd5f2f4e02722d2d331331e55c3b58ae04c08cb56b08166d9272d3b5a388d4152bd346a560268c8ba86ea4f4a3867d30cb882b442252066a226fe684176cbade8562618772562d0be9a4701394174fb25df436e4c257b6164c23f6edc5eb8e8c6d4b88df378dd1df0df831fd029c2dcb26452920efecc68309a40fed8c44b88b31616b66e8a4ba242c22f2cb95aaec03e02ad9a387921a32a8cf7a8e99e936b46336c07d47804409d56f1d75030747d71957bb19f3f5f9fe85cbef29daf7e8ff1458c1b2305ff4a1e13aa4721075c9fcd0fa6f11d8843590eb48fb379deda43552ca049012c0023b4d23a106492983288fd179dc86b6c5a13af4f8a3f19819546413fb95b252f280c47366ad9ffc8213e7a7a7d3497726c1dbacd40dca89a7556b3241f889ed54b9e6fa9df19f63c0cc4066eacf13514d410e53e774aca2bd38c494f05b3d00698be84d9b28d7f3e379126e80d72cbe65a646df7c6aad2b1f2c8683aa7ca919f3a30032db096a043e09d9c794303244d4875a60dc5927ff7b4bb4f43d98c61a2cdd96ab720db95177784284561643089a60f3627d090f44083330783b65037376e8ab3f5a40914d862b23dbdc1ee5d1260bf96f6fe3be32d3be17698aeb92d30fdaeeb783190a4bd4050da4f98a1fcfb78432477c469a585df29fa3add1f7fc228b28eb9e9fb7f5d89e480456fce10f6c1bd676b63fc64fe309c10bf291259cb1f336ac25c06861cb6d609ed393fa51fd8f73e52e8e738608fa528035e13bd125bf590a7bfadf29ba9052f9cb62ab2d3d1a67697c1dea6bd6368bdded20a1ac415d8eef1e63fd5f551026a4397f2e1b195bdaabe1787b118bb0d831bc934949dba8b978c4c8a5f5c923ed03391584cf878615e3f87e923e1959ed106cf466cec08ce60f657fdfa53036d3d0385feacc745f4d8d2f996a64300ceab41bd87c60147405738611204ef66637676cfdbcc989b30c922d203c2fc9f366acab13acc7b033f43b6c627febfdfa03308a7ad86966097eeea51f6db2d70566791bd23ed9e3d3a7251311f1865c3e1d79572574023edb4a936a3878feaa4bc518719e7d3519417ae3fbb9371e16fc617c25f6871f8b41400f900c566e84afbc50d39b732616366ef19763e00fa009fa97fc9afc96e40a0fb111a7102000000d9eb93ef0f768d44836152a8745720a86dff0996a84287847fb71c764144807b6344dcfa01fb30dcfc00001800fa000d7302f64c1c18855a90cedae2e2191a6e02ff3e0f00f90097637ade8813ca7018ecdf000600fb0080000000"], 0x1330}, 0x1, 0x0, 0x0, 0x10}, 0x4000) 00:11:33 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x50, 0x0, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x50}}, 0x40010) 00:11:33 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, 0x0, 0x40010) [ 693.000864][ T5502] Bluetooth: hci1: SCO packet for unknown connection handle 2523 [ 693.068466][T25955] trusted_key: encrypted_key: insufficient parameters specified 00:11:33 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, 0x0, 0x40010) 00:11:33 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x4c, 0x0, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}]}, 0x4c}}, 0x40010) 00:11:33 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key(0x0, &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) 00:11:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0x0, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:33 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x7f6be808264b9db, 0x9d}, "3fb25f2e9fbb36c047c683d05eb6f50ba1e8e07219c22ddb5897b8503092956281291b3b67792571733d4d7a7cd9351b165c228d04167a87bb987db565f30e61485f6d157c4c14b617bf076efd4bb944c58a04c5c47f15f8951306d7072130b0e34faecb1bb2c8053acb2a8adcea7f41e76407713f105e713f927f510d1e90ef2215c80b3ba676a11ff3964b99abe2f9c605c01e748d820788e4b1dfb4"}, 0xa1) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140), 0x200040, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x55}, {0x6, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}, {@none, 0x1, 0x53, 0x2, "95ebd0", 0xffff}, {@none, 0x1, 0x1, 0x5, "cbf6fc", 0x876f}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xf2, 0x0, 0x0, "3d9124", 0x8001}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x0, 0x80, 0x2, "825046", 0x8d}, {@none, 0x7, 0x1, 0x1, "dfa883", 0x79}]}}}, 0x58) 00:11:33 executing program 0: add_key(0x0, &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) 00:11:33 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x40, 0x0, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}]}, 0x40}}, 0x40010) 00:11:33 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, 0x0, 0x40010) 00:11:33 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key(0x0, &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) [ 693.069603][ T5502] Bluetooth: hci1: SCO packet for unknown connection handle 2523 00:11:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x0, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:33 executing program 0: add_key(0x0, &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) 00:11:33 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x7f6be808264b9db, 0x9d}, "3fb25f2e9fbb36c047c683d05eb6f50ba1e8e07219c22ddb5897b8503092956281291b3b67792571733d4d7a7cd9351b165c228d04167a87bb987db565f30e61485f6d157c4c14b617bf076efd4bb944c58a04c5c47f15f8951306d7072130b0e34faecb1bb2c8053acb2a8adcea7f41e76407713f105e713f927f510d1e90ef2215c80b3ba676a11ff3964b99abe2f9c605c01e748d820788e4b1dfb4"}, 0xa1) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140), 0x200040, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x55}, {0x6, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}, {@none, 0x1, 0x53, 0x2, "95ebd0", 0xffff}, {@none, 0x1, 0x1, 0x5, "cbf6fc", 0x876f}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xf2, 0x0, 0x0, "3d9124", 0x8001}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x0, 0x80, 0x2, "825046", 0x8d}, {@none, 0x7, 0x1, 0x1, "dfa883", 0x79}]}}}, 0x58) 00:11:33 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:33 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x20, 0x0, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x40010) 00:11:33 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key(0x0, &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) [ 693.197440][ T5502] Bluetooth: hci1: SCO packet for unknown connection handle 2523 00:11:33 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x40010) 00:11:33 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0x7f6be808264b9db, 0x9d}, "3fb25f2e9fbb36c047c683d05eb6f50ba1e8e07219c22ddb5897b8503092956281291b3b67792571733d4d7a7cd9351b165c228d04167a87bb987db565f30e61485f6d157c4c14b617bf076efd4bb944c58a04c5c47f15f8951306d7072130b0e34faecb1bb2c8053acb2a8adcea7f41e76407713f105e713f927f510d1e90ef2215c80b3ba676a11ff3964b99abe2f9c605c01e748d820788e4b1dfb4"}, 0xa1) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x55}, {0x6, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}, {@none, 0x1, 0x53, 0x2, "95ebd0", 0xffff}, {@none, 0x1, 0x1, 0x5, "cbf6fc", 0x876f}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xf2, 0x0, 0x0, "3d9124", 0x8001}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x0, 0x80, 0x2, "825046", 0x8d}, {@none, 0x7, 0x1, 0x1, "dfa883", 0x79}]}}}, 0x58) 00:11:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:33 executing program 0: add_key(0x0, &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) [ 693.264505][ T5502] Bluetooth: hci1: SCO packet for unknown connection handle 2523 00:11:33 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x20, 0x0, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) 00:11:33 executing program 2: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x55}, {0x6, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}, {@none, 0x1, 0x53, 0x2, "95ebd0", 0xffff}, {@none, 0x1, 0x1, 0x5, "cbf6fc", 0x876f}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xf2, 0x0, 0x0, "3d9124", 0x8001}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x0, 0x80, 0x2, "825046", 0x8d}, {@none, 0x7, 0x1, 0x1, "dfa883", 0x79}]}}}, 0x58) 00:11:33 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000000)='cifs.idmap\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) 00:11:33 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x40010) 00:11:33 executing program 0: add_key(&(0x7f0000000000)='encrypted\x00', 0x0, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) 00:11:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc, 0x99, {0x0, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:33 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x55}, {0x6, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}, {@none, 0x1, 0x53, 0x2, "95ebd0", 0xffff}, {@none, 0x1, 0x1, 0x5, "cbf6fc", 0x876f}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xf2, 0x0, 0x0, "3d9124", 0x8001}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x0, 0x80, 0x2, "825046", 0x8d}, {@none, 0x7, 0x1, 0x1, "dfa883", 0x79}]}}}, 0x58) 00:11:33 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:33 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x40010) 00:11:33 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000000)='cifs.idmap\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) 00:11:33 executing program 2: syz_emit_vhci(0x0, 0x0) 00:11:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:33 executing program 0: add_key(&(0x7f0000000000)='encrypted\x00', 0x0, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) 00:11:33 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:33 executing program 3: r0 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000000)='cifs.idmap\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0) 00:11:33 executing program 2: syz_emit_vhci(0x0, 0x0) 00:11:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x50, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x50}}, 0x40010) 00:11:33 executing program 0: add_key(&(0x7f0000000000)='encrypted\x00', 0x0, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) 00:11:33 executing program 5: socket$isdn(0x22, 0x2, 0x2) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000180)) add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000), 0x18100, 0x0) 00:11:33 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x40010) [ 693.310745][ T5502] Bluetooth: hci1: SCO packet for unknown connection handle 2523 [ 693.591730][T26029] trusted_key: encrypted_key: insufficient parameters specified 00:11:33 executing program 2: syz_emit_vhci(0x0, 0x0) 00:11:33 executing program 0: add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) 00:11:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x50, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x50}}, 0x40010) 00:11:33 executing program 3: add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0) 00:11:33 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x40010) 00:11:33 executing program 5: socket$isdn(0x22, 0x2, 0x2) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000180)) add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000), 0x18100, 0x0) 00:11:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x50, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x50}}, 0x40010) 00:11:33 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x47}, {0x5, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}, {@none, 0x1, 0x53, 0x2, "95ebd0", 0xffff}, {@none, 0x1, 0x1, 0x5, "cbf6fc", 0x876f}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xf2, 0x0, 0x0, "3d9124", 0x8001}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x0, 0x80, 0x2, "825046", 0x8d}]}}}, 0x4a) [ 693.703592][T26043] trusted_key: encrypted_key: insufficient parameters specified 00:11:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x40010) 00:11:33 executing program 5: socket$isdn(0x22, 0x2, 0x2) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000180)) add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000), 0x18100, 0x0) 00:11:33 executing program 3: add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0) 00:11:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x58}}, 0x40010) 00:11:33 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x40010) 00:11:33 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x39}, {0x4, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}, {@none, 0x1, 0x53, 0x2, "95ebd0", 0xffff}, {@none, 0x1, 0x1, 0x5, "cbf6fc", 0x876f}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xf2, 0x0, 0x0, "3d9124", 0x8001}]}}}, 0x3c) 00:11:33 executing program 0: r0 = socket(0x11, 0x2, 0x7f) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000000)=0x1) socket$isdn(0x22, 0x2, 0x11) [ 693.800094][T26060] trusted_key: encrypted_key: insufficient parameters specified 00:11:33 executing program 3: add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0) 00:11:33 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:33 executing program 5: socket$isdn(0x22, 0x2, 0x2) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000180)) add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) 00:11:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x54, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x54}}, 0x40010) [ 693.855973][T26063] delete_channel: no stack 00:11:33 executing program 0: r0 = socket(0x11, 0x2, 0x7f) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000000)=0x1) socket$isdn(0x22, 0x2, 0x11) 00:11:33 executing program 3: r0 = socket(0x11, 0x2, 0x7f) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000000)=0x1) socket$isdn(0x22, 0x2, 0x11) [ 693.881202][T26070] trusted_key: encrypted_key: insufficient parameters specified 00:11:33 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x2b}, {0x3, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}, {@none, 0x1, 0x53, 0x2, "95ebd0", 0xffff}, {@none, 0x1, 0x1, 0x5, "cbf6fc", 0x876f}]}}}, 0x2e) 00:11:33 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:33 executing program 5: socket$isdn(0x22, 0x2, 0x2) add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) 00:11:33 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x1d}, {0x2, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}, {@none, 0x1, 0x53, 0x2, "95ebd0", 0xffff}]}}}, 0x20) 00:11:33 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0xf619f54ca7361e47, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) [ 693.948101][T26083] trusted_key: encrypted_key: insufficient parameters specified 00:11:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x54, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x54}}, 0x40010) 00:11:33 executing program 5: add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) [ 693.964480][T26074] delete_channel: no stack [ 693.966859][T26072] delete_channel: no stack 00:11:33 executing program 3: r0 = socket(0x11, 0x2, 0x7f) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000000)=0x1) socket$isdn(0x22, 0x2, 0x11) 00:11:33 executing program 0: r0 = socket(0x11, 0x2, 0x7f) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000000)=0x1) socket$isdn(0x22, 0x2, 0x11) 00:11:34 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x54, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x54}}, 0x40010) [ 694.025974][T26093] trusted_key: encrypted_key: insufficient parameters specified 00:11:34 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0xf}, {0x1, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}]}}}, 0x12) 00:11:34 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0x0, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:34 executing program 5: add_key(0x0, &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) [ 694.063108][T26089] delete_channel: no stack [ 694.064398][T26088] delete_channel: no stack 00:11:34 executing program 3: r0 = socket(0x11, 0x2, 0x7f) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000000)=0x1) socket$isdn(0x22, 0x2, 0x11) 00:11:34 executing program 0: r0 = socket(0x11, 0x2, 0x7f) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000000)=0x1) 00:11:34 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0xf}, {0x1, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}]}}}, 0x12) 00:11:34 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0x0, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:34 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x4c, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x4c}}, 0x40010) 00:11:34 executing program 5: add_key(0x0, &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) [ 694.153210][T26102] delete_channel: no stack 00:11:34 executing program 3: r0 = socket(0x11, 0x2, 0x7f) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000000)=0x1) 00:11:34 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0x0, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:34 executing program 0: r0 = socket(0x11, 0x2, 0x7f) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) 00:11:34 executing program 5: add_key(0x0, &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) 00:11:34 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x4c, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x4c}}, 0x40010) 00:11:34 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0xf}, {0x1, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}]}}}, 0x12) 00:11:34 executing program 0: ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) 00:11:34 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x0, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:34 executing program 3: r0 = socket(0x11, 0x2, 0x7f) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) 00:11:34 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x4c, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x4c}}, 0x40010) 00:11:34 executing program 5: add_key(&(0x7f0000000000)='encrypted\x00', 0x0, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) 00:11:34 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x1d}, {0x2, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}, {@none, 0x0, 0x53, 0x2, "95ebd0", 0xffff}]}}}, 0x20) 00:11:34 executing program 0: ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) 00:11:34 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc, 0x99, {0x6, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:34 executing program 3: socket(0x11, 0x2, 0x7f) 00:11:34 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x38, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x38}}, 0x40010) 00:11:34 executing program 5: add_key(&(0x7f0000000000)='encrypted\x00', 0x0, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) 00:11:34 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x1d}, {0x2, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}, {@none, 0x0, 0x0, 0x2, "95ebd0", 0xffff}]}}}, 0x20) 00:11:34 executing program 0: ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) 00:11:34 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc, 0x99, {0x0, 0x66}}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:34 executing program 3: socket(0x0, 0x2, 0x7f) 00:11:34 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x38, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x38}}, 0x0) 00:11:34 executing program 5: add_key(&(0x7f0000000000)='encrypted\x00', 0x0, &(0x7f0000000080)="d2", 0x1, 0xfffffffffffffffb) 00:11:34 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x1d}, {0x2, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}, {@none, 0x0, 0x0, 0x0, "95ebd0", 0xffff}]}}}, 0x20) 00:11:34 executing program 0: r0 = socket(0x0, 0x2, 0x7f) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) 00:11:34 executing program 5: add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) 00:11:34 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x58}}, 0x40010) 00:11:34 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x1d}, {0x2, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1f, 0x81, 0x81, "df56f8", 0x5}, {@none, 0x0, 0x0, 0x0, "95ebd0"}]}}}, 0x20) 00:11:34 executing program 4: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000e40000740b49178ceded45cc77313cbe9d568262e8567c060d47ce0fcbedb50789f73c267d60ba6ca938e563d7153b4b81b16336262e88d5c23d5f40e6a825397d13379cf89c066c4b05615ba18e1318a312e43573cfe3d73ad68626c203a458066a7826a2256e593bb20279053ec7cbbbb612337dc0b455c722709f50d40e5eab6094cc81b6241bc0f78d5ea5cd10819c3d8a585926ab1019a12b7541fca827a3894de43540ad72b0749f0d57879441ca0ac7f02ec0d1d3442ce3dd3f90731dfaf2f6d73eecd5c397b18bdcbda21440aeeccb6a383122b0ec4e9f17927377e1d59019d2084a27b6c8997cd3b8d1a2795123efcea2d51ee52121f59d3130017611a685558519c86dfaf43048ad3e7c817488b7b0a575997dc46a27e1ff8a15ff5a01b2622dd86ba686db282250262d08a6c33216401796c48ffce9949758790ef09c64fec65eb035fd4b06a96ad1c2f7758a9badc30870350521fa50f12015c71f401942a53e1bb71fa0a87c0835eab41dead74b3592f2be528b96fa5b0dc0cf73fed8e8c586d46fb5b4b6f581c83c71467adb7f1fd3bb37a7e6941e91fb4018cec7981e0b4b141f09c0ed17cd6a395aa9c86168f5b811358a4d31f2888a6ed02e906223b0abdf9d3802cd171db0aa8988e3aac113234e3c"], 0x50}}, 0x0) 00:11:34 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0xf}, {0x1, [{@none, 0x0, 0x0, 0x0, "95ebd0"}]}}}, 0x12) 00:11:34 executing program 5: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000e40000740b49178ceded45cc77313cbe9d568262e8567c060d47ce0fcbedb50789f73c267d60ba6ca938e563d7153b4b81b16336262e88d5c23d5f40e6a825397d13379cf89c066c4b05615ba18e1318a312e43573cfe3d73ad68626c203a458066a7826a2256e593bb20279053ec7cbbbb612337dc0b455c722709f50d40e5eab6094cc81b6241bc0f78d5ea5cd10819c3d8a585926ab1019a12b7541fca827a3894de43540ad72b0749f0d57879441ca0ac7f02ec0d1d3442ce3dd3f90731dfaf2f6d73eecd5c397b18bdcbda21440aeeccb6a383122b0ec4e9f17927377e1d59019d2084a27b6c8997cd3b8d1a2795123efcea2d51ee52121f59d3130017611a685558519c86dfaf43048ad3e7c817488b7b0a575997dc46a27e1ff8a15ff5a01b2622dd86ba686db282250262d08a6c33216401796c48ffce9949758790ef09c64fec65eb035fd4b06a96ad1c2f7758a9badc30870350521fa50f12015c71f401942a53e1bb71fa0a87c0835eab41dead74b3592f2be528b96fa5b0dc0cf73fed8e8c586d46fb5b4b6f581c83c71467adb"], 0x50}}, 0x0) [ 694.587139][T26174] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'. 00:11:34 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x50, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x50}}, 0x40010) 00:11:34 executing program 3: socket(0x0, 0x2, 0x7f) 00:11:34 executing program 0: r0 = socket(0x0, 0x2, 0x7f) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) 00:11:34 executing program 4: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000e40000740b49178ceded45cc77313cbe9d568262e8567c060d47ce0fcbedb50789f73c267d60ba6ca938e563d7153b4b81b16336262e88d5c23d5f40e6a825397d13379cf89c066c4b05615ba18e1318a312e43573cfe3d73ad68626c203a458066a7826a2256e593bb20279053ec7cbbbb612337dc0b455c722709f50d40e5eab6094cc81b6241bc0f78d5ea5cd10819c3d8a585926ab1019a12b7541fca827a3894de43540ad72b0749f0d57879441ca0ac7f02ec0d1d3442ce3dd3f90731dfaf2f6d73eecd5c397b18bdcbda21440aeeccb6a383122b0ec4e9f17927377e1d59019d2084a27b6c8997cd3b8d1a2795123efcea2d51ee52121f59d3130017611a685558519c86dfaf43048ad3e7c817488b7b0a575997dc46a27e1ff8a15ff5a01b2622dd86ba686db282250262d08a6c33216401796c48ffce9949758790ef09c64fec65eb035fd4b06a96ad1c2f7758a9badc30870350521fa50f12015c71f401942a53e1bb71fa0a87c0835eab41dead74b3592f2be528b96fa5b0dc0cf73fed8e8c586d46fb5b4b6f581c83c71467adb"], 0x50}}, 0x0) 00:11:34 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0xf}, {0x1, [{@none, 0x0, 0x0, 0x0, "95ebd0"}]}}}, 0x12) [ 694.654444][T26180] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.5'. 00:11:34 executing program 5: socket$vsock_stream(0x28, 0x1, 0x0) socket$isdn(0x22, 0x2, 0x10) r0 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) connect$pppoe(r1, &(0x7f0000000040)={0x18, 0x0, {0x0, @local, 'bond_slave_1\x00'}}, 0x1e) 00:11:34 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x50, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x50}}, 0x40010) [ 694.709863][T26190] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'. 00:11:34 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0xf}, {0x1, [{@none, 0x0, 0x0, 0x0, "95ebd0"}]}}}, 0x12) 00:11:34 executing program 3: socket(0x0, 0x2, 0x7f) 00:11:34 executing program 4: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0], 0x50}}, 0x0) [ 694.751895][T26193] delete_channel: no stack 00:11:34 executing program 0: r0 = socket(0x0, 0x2, 0x7f) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) 00:11:34 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x50, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x50}}, 0x40010) 00:11:34 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x1d}, {0x2, [{@fixed, 0x1f, 0x81, 0x81, "df56f8", 0x5}, {@none, 0x0, 0x0, 0x0, "95ebd0"}]}}}, 0x20) 00:11:34 executing program 5: socket$vsock_stream(0x28, 0x1, 0x0) socket$isdn(0x22, 0x2, 0x10) r0 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) connect$pppoe(r1, &(0x7f0000000040)={0x18, 0x0, {0x0, @local, 'bond_slave_1\x00'}}, 0x1e) 00:11:34 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x58}}, 0x40010) [ 694.846342][T26205] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.4'. 00:11:34 executing program 3: socket(0x11, 0x0, 0x7f) 00:11:34 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x1d}, {0x2, [{@fixed, 0x0, 0x81, 0x81, "df56f8", 0x5}, {@none, 0x0, 0x0, 0x0, "95ebd0"}]}}}, 0x20) [ 694.881741][T26211] delete_channel: no stack 00:11:34 executing program 4: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={0x0, 0x50}}, 0x0) 00:11:34 executing program 0: r0 = socket(0x11, 0x0, 0x7f) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) 00:11:34 executing program 5: socket$vsock_stream(0x28, 0x1, 0x0) socket$isdn(0x22, 0x2, 0x10) r0 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) connect$pppoe(r1, &(0x7f0000000040)={0x18, 0x0, {0x0, @local, 'bond_slave_1\x00'}}, 0x1e) 00:11:34 executing program 3: socket(0x11, 0x0, 0x7f) 00:11:34 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x54, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x54}}, 0x40010) 00:11:34 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x1d}, {0x2, [{@fixed, 0x0, 0x0, 0x81, "df56f8", 0x5}, {@none, 0x0, 0x0, 0x0, "95ebd0"}]}}}, 0x20) [ 694.975667][T26222] delete_channel: no stack 00:11:34 executing program 0: r0 = socket(0x11, 0x0, 0x7f) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) 00:11:34 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x1d}, {0x2, [{@fixed, 0x0, 0x0, 0x0, "df56f8", 0x5}, {@none, 0x0, 0x0, 0x0, "95ebd0"}]}}}, 0x20) 00:11:34 executing program 4: r0 = socket$isdn(0x2, 0xa, 0xc879358cfd1025d3) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4) 00:11:34 executing program 5: socket$vsock_stream(0x28, 0x1, 0x0) socket$isdn(0x22, 0x2, 0x10) r0 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) 00:11:34 executing program 3: socket(0x11, 0x0, 0x7f) 00:11:35 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x54, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x54}}, 0x40010) [ 695.046844][T26236] delete_channel: no stack 00:11:35 executing program 0: r0 = socket(0x11, 0x0, 0x7f) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) 00:11:35 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x1d}, {0x2, [{@fixed, 0x0, 0x0, 0x0, "df56f8"}, {@none, 0x0, 0x0, 0x0, "95ebd0"}]}}}, 0x20) 00:11:35 executing program 3: socket(0x11, 0x2, 0x0) 00:11:35 executing program 4: r0 = socket$isdn(0x2, 0xa, 0xc879358cfd1025d3) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4) 00:11:35 executing program 5: socket$vsock_stream(0x28, 0x1, 0x0) socket$isdn(0x22, 0x2, 0x10) r0 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) 00:11:35 executing program 0: r0 = socket(0x11, 0x2, 0x0) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) 00:11:35 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x54, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x54}}, 0x40010) 00:11:35 executing program 2: sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x5c, 0x0, 0x800, 0x70bd2a, 0x25dfdbff, {}, [@FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e22}, @FOU_ATTR_PEER_V6={0x14, 0x9, @private1={0xfc, 0x1, '\x00', 0x1}}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e21}, @FOU_ATTR_PEER_V4={0x8, 0x8, @empty}]}, 0x5c}}, 0x885) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, 0x0, 0x100, 0x70bd2d, 0x25dfdbff, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f0000000380)={&(0x7f0000000080)={0x20, r1, 0x2, 0x470bd2c, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x7a7, 0x77}}}}, ["", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x40040) socket$isdn(0x2, 0xa, 0x24) 00:11:35 executing program 4: r0 = socket$isdn(0x2, 0xa, 0xc879358cfd1025d3) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4) [ 695.161063][T26249] delete_channel: no stack 00:11:35 executing program 0: socket(0x11, 0x2, 0x0) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) 00:11:35 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_DIRTYFB(r0, 0xc01864b1, &(0x7f0000000040)={0xe91e, 0x3, 0x42eb}) 00:11:35 executing program 5: socket$vsock_stream(0x28, 0x1, 0x0) socket$isdn(0x22, 0x2, 0x10) r0 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) 00:11:35 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x4c, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x4c}}, 0x40010) [ 695.237433][ T5502] Bluetooth: Wrong link type (-22) 00:11:35 executing program 4: setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4) 00:11:35 executing program 0: socket(0x11, 0x2, 0x0) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) 00:11:35 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_DIRTYFB(r0, 0xc01864b1, &(0x7f0000000040)={0xe91e, 0x3, 0x42eb}) [ 695.265220][T26265] delete_channel: no stack 00:11:35 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_DIRTYFB(r0, 0xc01864b1, &(0x7f0000000040)={0xe91e, 0x3, 0x42eb}) 00:11:35 executing program 4: setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4) 00:11:35 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x4c, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x4c}}, 0x40010) [ 695.300948][ T5502] Bluetooth: Wrong link type (-22) 00:11:35 executing program 5: socket$vsock_stream(0x28, 0x1, 0x0) socket$isdn(0x22, 0x2, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) 00:11:35 executing program 0: socket(0x11, 0x2, 0x0) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) [ 695.334360][ T5502] Bluetooth: Wrong link type (-22) 00:11:35 executing program 2: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, 0x0, 0x0) [ 695.367829][T26282] delete_channel: no stack 00:11:35 executing program 4: setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4) 00:11:35 executing program 0: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, 0x0, 0x0) 00:11:35 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x4c, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "ce45858c7baac8ec2fb357f658"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x4c}}, 0x40010) 00:11:35 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_DIRTYFB(r0, 0xc01864b1, &(0x7f0000000040)={0xe91e, 0x3, 0x42eb}) 00:11:35 executing program 5: socket$vsock_stream(0x28, 0x1, 0x0) socket$isdn(0x22, 0x2, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) 00:11:35 executing program 4: r0 = socket$isdn(0x2, 0xa, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4) 00:11:35 executing program 0: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, 0x0, 0x0) 00:11:35 executing program 2: r0 = socket$isdn(0x22, 0x2, 0x3) sendto$isdn(r0, &(0x7f0000000000)={0x9, 0x4, "6c04a8bcb0d3c56c0bd480683f22f6f8f8f9f34238bb7f33244879c14e801009012226433157ed48dd2b8665c3aedc9367f10257285563f69488f5d8f7d5f53a9dcbc496e9e7a6fd1fcbaa25da6c80b8d279faa8b8f7c5d6"}, 0x60, 0x80041, 0x0, 0x0) pipe2$watch_queue(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r1, 0xc01064c2, &(0x7f0000000100)={0x0, 0x1, r2}) [ 695.468763][T26292] delete_channel: no stack [ 695.470134][ T5943] Bluetooth: Wrong link type (-22) [ 695.471283][ T5943] Bluetooth: hci4: link tx timeout [ 695.472535][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:35 executing program 5: socket$vsock_stream(0x28, 0x1, 0x0) socket$isdn(0x22, 0x2, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) 00:11:35 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) 00:11:35 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x38, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x38}}, 0x40010) 00:11:35 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x38, r1, 0xf619f54ca7361e47, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "045740667f"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x38}}, 0x0) 00:11:35 executing program 2: r0 = socket$isdn(0x22, 0x2, 0x3) sendto$isdn(r0, &(0x7f0000000000)={0x9, 0x4, "6c04a8bcb0d3c56c0bd480683f22f6f8f8f9f34238bb7f33244879c14e801009012226433157ed48dd2b8665c3aedc9367f10257285563f69488f5d8f7d5f53a9dcbc496e9e7a6fd1fcbaa25da6c80b8d279faa8b8f7c5d6"}, 0x60, 0x80041, 0x0, 0x0) pipe2$watch_queue(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r1, 0xc01064c2, &(0x7f0000000100)={0x0, 0x1, r2}) 00:11:35 executing program 4: socket$isdn(0x2, 0xa, 0x0) setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4) [ 695.582082][ T5502] Bluetooth: Wrong link type (-22) [ 695.583528][ T5502] Bluetooth: hci4: link tx timeout [ 695.584683][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:35 executing program 1: r0 = socket$isdn(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000080)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e21, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3f}}, 0x24) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000140)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e21, 0x7f, @local, 0x80}}, 0x24) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x501002, 0x0) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r1, 0x110, 0x3) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz0\x00', 0x1ff) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000000c0), 0x131041, 0x0) set_tid_address(&(0x7f0000000040)) ioctl$IMCLEAR_L2(r2, 0x80044946, &(0x7f0000000000)=0x101) [ 695.613652][T26313] delete_channel: no stack 00:11:35 executing program 0: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, 0x0, 0x0) 00:11:35 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) 00:11:35 executing program 4: socket$isdn(0x2, 0xa, 0x0) setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4) [ 695.640296][ T5943] Bluetooth: Wrong link type (-22) [ 695.641558][ T5943] Bluetooth: hci4: link tx timeout [ 695.642679][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:35 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) 00:11:35 executing program 5: socket$vsock_stream(0x28, 0x1, 0x0) r0 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) [ 695.663611][ T5502] Bluetooth: Wrong link type (-22) [ 695.664868][ T5502] Bluetooth: hci4: link tx timeout [ 695.665938][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:35 executing program 3: 00:11:35 executing program 1: r0 = socket$isdn(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000080)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e21, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3f}}, 0x24) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000140)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e21, 0x7f, @local, 0x80}}, 0x24) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x501002, 0x0) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r1, 0x110, 0x3) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz0\x00', 0x1ff) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000000c0), 0x131041, 0x0) set_tid_address(&(0x7f0000000040)) ioctl$IMCLEAR_L2(r2, 0x80044946, &(0x7f0000000000)=0x101) 00:11:35 executing program 2: r0 = socket$isdn(0x22, 0x2, 0x3) sendto$isdn(r0, &(0x7f0000000000)={0x9, 0x4, "6c04a8bcb0d3c56c0bd480683f22f6f8f8f9f34238bb7f33244879c14e801009012226433157ed48dd2b8665c3aedc9367f10257285563f69488f5d8f7d5f53a9dcbc496e9e7a6fd1fcbaa25da6c80b8d279faa8b8f7c5d6"}, 0x60, 0x80041, 0x0, 0x0) pipe2$watch_queue(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r1, 0xc01064c2, &(0x7f0000000100)={0x0, 0x1, r2}) 00:11:35 executing program 2: r0 = socket$isdn(0x22, 0x2, 0x3) sendto$isdn(r0, &(0x7f0000000000)={0x9, 0x4, "6c04a8bcb0d3c56c0bd480683f22f6f8f8f9f34238bb7f33244879c14e801009012226433157ed48dd2b8665c3aedc9367f10257285563f69488f5d8f7d5f53a9dcbc496e9e7a6fd1fcbaa25da6c80b8d279faa8b8f7c5d6"}, 0x60, 0x80041, 0x0, 0x0) pipe2$watch_queue(&(0x7f0000000080), 0x80) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) 00:11:35 executing program 5: r0 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) 00:11:35 executing program 3: 00:11:35 executing program 4: socket$isdn(0x2, 0xa, 0x0) setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4) 00:11:35 executing program 0: socket$isdn(0x2, 0xa, 0x0) setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4) 00:11:35 executing program 2: r0 = socket$isdn(0x22, 0x2, 0x3) sendto$isdn(r0, &(0x7f0000000000)={0x9, 0x4, "6c04a8bcb0d3c56c0bd480683f22f6f8f8f9f34238bb7f33244879c14e801009012226433157ed48dd2b8665c3aedc9367f10257285563f69488f5d8f7d5f53a9dcbc496e9e7a6fd1fcbaa25da6c80b8d279faa8b8f7c5d6"}, 0x60, 0x80041, 0x0, 0x0) pipe2$watch_queue(&(0x7f0000000080), 0x80) 00:11:35 executing program 5: socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) 00:11:35 executing program 1: r0 = socket$isdn(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000080)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e21, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3f}}, 0x24) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000140)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e21, 0x7f, @local, 0x80}}, 0x24) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x501002, 0x0) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r1, 0x110, 0x3) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz0\x00', 0x1ff) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000000c0), 0x131041, 0x0) set_tid_address(&(0x7f0000000040)) ioctl$IMCLEAR_L2(r2, 0x80044946, &(0x7f0000000000)=0x101) 00:11:35 executing program 2: r0 = socket$isdn(0x22, 0x2, 0x3) sendto$isdn(r0, &(0x7f0000000000)={0x9, 0x4, "6c04a8bcb0d3c56c0bd480683f22f6f8f8f9f34238bb7f33244879c14e801009012226433157ed48dd2b8665c3aedc9367f10257285563f69488f5d8f7d5f53a9dcbc496e9e7a6fd1fcbaa25da6c80b8d279faa8b8f7c5d6"}, 0x60, 0x80041, 0x0, 0x0) 00:11:35 executing program 3: 00:11:35 executing program 5: socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) 00:11:35 executing program 0: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r4, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000e40000740b49178ceded45cc77313cbe9d568262e8567c060d47ce0fcbedb50789f73c267d60ba6ca938e563d7153b4b81b16336262e88d5c23d5f40e6a825397d13379cf89c066c4b05615ba18e1318a312e43573cfe3d73ad68626c203a458066a7826a2256e593bb20279053ec7cbbbb612337dc0b455c722709f50d40e5eab6094cc81b6241bc0f78d5ea5cd10819c3d8a585926ab1019a12b7541fca827a3894de43540ad72b0749f0d57879441ca0ac7f02ec0d1d3442ce3dd3f90731dfaf2f6d73eecd5c397b18bdcbda21440aeeccb6a383122b0ec4e9f17927377e1d59019d2084a27b6c8997cd3b8d1a2795123efcea2d51ee52121f59d3130017611a685558519c86dfaf43048ad3e7c817488b7b0a575997dc46a27e1ff8a15ff5a01b2622dd86ba686db282250262d08a6c33216401796c48ffce9949758790ef09c64fec65eb035fd4b06a96ad1c2f7758a9badc30870350521fa50f12015c71f401942a53e1bb71fa0a87c0835eab41dead74b3592f2be528b96fa5b0dc0cf73fed8e8c586d46fb5b4b6f581c83c71467adb7f1fd3bb37a7e6941e91fb4018cec7981e0b4b141f09c0ed17cd6a395aa9c86168f5b811358a4d31f2888a6ed02e906223b0abdf9d3802cd171db0aa8988e3aac113234e3c85e0a8bd246de6b9f1097e98d81ef1a28b110e3c2f2bc57b576c40cc0e553e375c0d44065f57b3d254244038851ca8a265b1f607dabff329671c00"/553], 0x50}}, 0x0) 00:11:35 executing program 4: r0 = socket$isdn(0x2, 0xa, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, 0x0, 0x0) 00:11:35 executing program 2: sendto$isdn(0xffffffffffffffff, &(0x7f0000000000)={0x9, 0x4, "6c04a8bcb0d3c56c0bd480683f22f6f8f8f9f34238bb7f33244879c14e801009012226433157ed48dd2b8665c3aedc9367f10257285563f69488f5d8f7d5f53a9dcbc496e9e7a6fd1fcbaa25da6c80b8d279faa8b8f7c5d6"}, 0x60, 0x80041, 0x0, 0x0) 00:11:35 executing program 3: syz_emit_vhci(0x0, 0x0) 00:11:35 executing program 5: socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) 00:11:35 executing program 2: sendto$isdn(0xffffffffffffffff, &(0x7f0000000000)={0x9, 0x4, "6c04a8bcb0d3c56c0bd480683f22f6f8f8f9f34238bb7f33244879c14e801009012226433157ed48dd2b8665c3aedc9367f10257285563f69488f5d8f7d5f53a9dcbc496e9e7a6fd1fcbaa25da6c80b8d279faa8b8f7c5d6"}, 0x60, 0x80041, 0x0, 0x0) 00:11:35 executing program 0: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000e40000740b49178ceded45cc77313cbe9d568262e8567c060d47ce0fcbedb50789f73c267d60ba6ca938e563d7153b4b81b16336262e88d5c23d5f40e6a825397d13379cf89c066c4b05615ba18e1318a312e43573cfe3d73ad68626c203a458066a7826a2256e593bb20279053ec7cbbbb612337dc0b455c722709f50d40e5eab6094cc81b6241bc0f78d5ea5cd10819c3d8a585926ab1019a12b7541fca827a3894de43540ad72b0749f0d57879441ca0ac7f02ec0d1d3442ce3dd3f90731dfaf2f6d73eecd5c397b18bdcbda21440aeeccb6a383122b0ec4e9f17927377e1d59019d2084a27b6c8997cd3b8d1a2795123efcea2d51ee52121f59d3130017611a685558519c86dfaf43048ad3e7c817488b7b0a575997dc46a27e1ff8a15ff5a01b2622dd86ba686db282250262d08a6c33216401796c48ffce9949758790ef09c64fec65eb035fd4b06a96ad1c2f7758a9badc30870350521fa50f12015c71f401942a53e1bb71fa0a87c0835eab41dead74b3592f2be528b96fa5b0dc0cf73fed8e8c586d46fb5b4b6f581c83c71467adb7f1fd3bb37a7e6941e91fb4018cec7981e0b4b141f09c0ed17cd6a395aa9c86168f5b811358a4d31f2888a6ed02e906223b0abdf9d3802cd171db0aa8988e3aac113234e3c85e0a8bd246de6b9f1097e98d81ef1a28b110e3c2f2bc57b576c40cc0e553e375c0d44065f57b3d254244038851ca8a265b1f607dabff329671c00"/553], 0x50}}, 0x0) 00:11:35 executing program 1: r0 = socket$isdn(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000080)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e21, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3f}}, 0x24) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000140)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e21, 0x7f, @local, 0x80}}, 0x24) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x501002, 0x0) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r1, 0x110, 0x3) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz0\x00', 0x1ff) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000000c0), 0x131041, 0x0) set_tid_address(&(0x7f0000000040)) 00:11:35 executing program 3: syz_emit_vhci(0x0, 0x0) 00:11:35 executing program 4: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}}, 0x20}}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000e40000740b49178ceded45cc77313cbe9d568262e8567c060d47ce0fcbedb50789f73c267d60ba6ca938e563d7153b4b81b16336262e88d5c23d5f40e6a825397d13379cf89c066c4b05615ba18e1318a312e43573cfe3d73ad68626c203a458066a7826a2256e593bb20279053ec7cbbbb612337dc0b455c722709f50d40e5eab6094cc81b6241bc0f78d5ea5cd10819c3d8a585926ab1019a12b7541fca827a3894de43540ad72b0749f0d57879441ca0ac7f02ec0d1d3442ce3dd3f90731dfaf2f6d73eecd5c397b18bdcbda21440aeeccb6a383122b0ec4e9f17927377e1d59019d2084a27b6c8997cd3b8d1a2795123efcea2d51ee52121f59d3130017611a685558519c86dfaf43048ad3e7c817488b7b0a575997dc46a27e1ff8a15ff5a01b2622dd86ba686db282250262d08a6c33216401796c48ffce9949758790ef09c64fec65eb035fd4b06a96ad1c2f7758a9badc30870350521fa50f12015c71f401942a53e1bb71fa0a87c0835eab41dead74b3592f2be528b96fa5b0dc0cf73fed8e8c586d46fb5b4b6f581c83c71467adb7f1fd3bb37a7e6941e91fb4018cec7981e0b4b141f09c0ed17cd6a395aa9c86168f5b811358a4d31f2888a6ed02e906223b0abdf9d3802cd171db0aa8988e3aac113234e3c85e0a8bd246de6b9f1097e98d81ef1a28b110e3c2f2bc57b576c40cc0e553e375c0d44065f57b3d254244038851ca8a265b1f607dabff329671c00"/553], 0x50}}, 0x0) 00:11:35 executing program 5: r0 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) 00:11:36 executing program 1: r0 = socket$isdn(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000080)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e21, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3f}}, 0x24) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000140)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e21, 0x7f, @local, 0x80}}, 0x24) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x501002, 0x0) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r1, 0x110, 0x3) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz0\x00', 0x1ff) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000000c0), 0x131041, 0x0) 00:11:36 executing program 2: sendto$isdn(0xffffffffffffffff, &(0x7f0000000000)={0x9, 0x4, "6c04a8bcb0d3c56c0bd480683f22f6f8f8f9f34238bb7f33244879c14e801009012226433157ed48dd2b8665c3aedc9367f10257285563f69488f5d8f7d5f53a9dcbc496e9e7a6fd1fcbaa25da6c80b8d279faa8b8f7c5d6"}, 0x60, 0x80041, 0x0, 0x0) 00:11:36 executing program 3: syz_emit_vhci(0x0, 0x0) [ 696.057254][T26373] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'. [ 696.060038][T26374] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'. 00:11:36 executing program 0: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x2c, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000e40000740b49178ceded45cc77313cbe9d568262e8567c060d47ce0fcbedb50789f73c267d60ba6ca938e563d7153b4b81b16336262e88d5c23d5f40e6a825397d13379cf89c066c4b05615ba18e1318a312e43573cfe3d73ad68626c203a458066a7826a2256e593bb20279053ec7cbbbb612337dc0b455c722709f50d40e5eab6094cc81b6241bc0f78d5ea5cd10819c3d8a585926ab1019a12b7541fca827a3894de43540ad72b0749f0d57879441ca0ac7f02ec0d1d3442ce3dd3f90731dfaf2f6d73eecd5c397b18bdcbda21440aeeccb6a383122b0ec4e9f17927377e1d59019d2084a27b6c8997cd3b8d1a2795123efcea2d51ee52121f59d3130017611a685558519c86dfaf43048ad3e7c817488b7b0a575997dc46a27e1ff8a15ff5a01b2622dd86ba686db282250262d08a6c33216401796c48ffce9949758790ef09c64fec65eb035fd4b06a96ad1c2f7758a9badc30870350521fa50f12015c71f401942a53e1bb71fa0a87c0835eab41dead74b3592f2be528b96fa5b0dc0cf73fed8e8c586d46fb5b4b6f581c83c71467adb7f1fd3bb37a7e6941e91fb4018cec7981e0b4b141f09c0ed17cd6a395aa9c86168f5b811358a4d31f2888a6ed02e906223b0abdf9d3802cd171db0aa8988e3aac113234e3c85e0a8bd246de6b9f1097e98d81ef1a28b110e3c2f2bc57b576c40cc0e553e375c0d44065f57b3d254244038851ca8a265b1f607dabff329671c00"/553], 0x50}}, 0x0) 00:11:36 executing program 5: r0 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) 00:11:36 executing program 2: r0 = socket$isdn(0x22, 0x2, 0x0) sendto$isdn(r0, &(0x7f0000000000)={0x9, 0x4, "6c04a8bcb0d3c56c0bd480683f22f6f8f8f9f34238bb7f33244879c14e801009012226433157ed48dd2b8665c3aedc9367f10257285563f69488f5d8f7d5f53a9dcbc496e9e7a6fd1fcbaa25da6c80b8d279faa8b8f7c5d6"}, 0x60, 0x80041, 0x0, 0x0) 00:11:36 executing program 1: r0 = socket$isdn(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000080)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e21, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3f}}, 0x24) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000140)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e21, 0x7f, @local, 0x80}}, 0x24) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x501002, 0x0) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r1, 0x110, 0x3) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz0\x00', 0x1ff) 00:11:36 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x2, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) 00:11:36 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_channel_selected={{0x41, 0x1}, {0xc8}}}, 0x4) 00:11:36 executing program 5: r0 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) [ 696.147733][ T5943] Bluetooth: hci4: ACL packet for unknown connection handle 0 00:11:36 executing program 1: r0 = socket$isdn(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000080)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e21, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3f}}, 0x24) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000140)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e21, 0x7f, @local, 0x80}}, 0x24) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x501002, 0x0) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r1, 0x110, 0x3) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) 00:11:36 executing program 2: r0 = socket$isdn(0x22, 0x2, 0x0) sendto$isdn(r0, &(0x7f0000000000)={0x9, 0x4, "6c04a8bcb0d3c56c0bd480683f22f6f8f8f9f34238bb7f33244879c14e801009012226433157ed48dd2b8665c3aedc9367f10257285563f69488f5d8f7d5f53a9dcbc496e9e7a6fd1fcbaa25da6c80b8d279faa8b8f7c5d6"}, 0x60, 0x80041, 0x0, 0x0) [ 696.165313][T26390] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'. 00:11:36 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_channel_selected={{0x41, 0x1}, {0xc8}}}, 0x4) 00:11:36 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x2, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) 00:11:36 executing program 5: socket$isdn(0x2, 0xa, 0x300) 00:11:36 executing program 0: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x1454b138ec91dbb2, 0x0) accept4$vsock_stream(r0, &(0x7f00000001c0), 0x10, 0x80000) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000140)={0xe0e}, 0x4) r1 = add_key$fscrypt_provisioning(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, &(0x7f0000000180)=ANY=[@ANYBLOB="2607000000000fbb56672a8ce84db500006162636465666768696a6b6c6d6e6f7071727375767778797a303132"], 0x29, 0xfffffffffffffffc) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x100000e4) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, &(0x7f0000000000)=0xfffffffb) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000100)={0x0, 0xea8d45e679023bdf}) socket$isdn(0x22, 0x2, 0x3) 00:11:36 executing program 2: r0 = socket$isdn(0x22, 0x2, 0x0) sendto$isdn(r0, &(0x7f0000000000)={0x9, 0x4, "6c04a8bcb0d3c56c0bd480683f22f6f8f8f9f34238bb7f33244879c14e801009012226433157ed48dd2b8665c3aedc9367f10257285563f69488f5d8f7d5f53a9dcbc496e9e7a6fd1fcbaa25da6c80b8d279faa8b8f7c5d6"}, 0x60, 0x80041, 0x0, 0x0) [ 696.230495][ T5943] Bluetooth: hci4: ACL packet for unknown connection handle 0 00:11:36 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_channel_selected={{0x41, 0x1}, {0xc8}}}, 0x4) 00:11:36 executing program 1: r0 = socket$isdn(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000080)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e21, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3f}}, 0x24) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000140)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e21, 0x7f, @local, 0x80}}, 0x24) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x501002, 0x0) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r1, 0x110, 0x3) 00:11:36 executing program 2: socket$isdn(0x22, 0x2, 0x3) sendto$isdn(0xffffffffffffffff, &(0x7f0000000000)={0x9, 0x4, "6c04a8bcb0d3c56c0bd480683f22f6f8f8f9f34238bb7f33244879c14e801009012226433157ed48dd2b8665c3aedc9367f10257285563f69488f5d8f7d5f53a9dcbc496e9e7a6fd1fcbaa25da6c80b8d279faa8b8f7c5d6"}, 0x60, 0x80041, 0x0, 0x0) 00:11:36 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x2, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) 00:11:36 executing program 0: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x1454b138ec91dbb2, 0x0) accept4$vsock_stream(r0, &(0x7f00000001c0), 0x10, 0x80000) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000140)={0xe0e}, 0x4) r1 = add_key$fscrypt_provisioning(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, &(0x7f0000000180)=ANY=[@ANYBLOB="2607000000000fbb56672a8ce84db500006162636465666768696a6b6c6d6e6f7071727375767778797a303132"], 0x29, 0xfffffffffffffffc) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x100000e4) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, &(0x7f0000000000)=0xfffffffb) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000100)={0x0, 0xea8d45e679023bdf}) socket$isdn(0x22, 0x2, 0x3) 00:11:36 executing program 5: socket$isdn(0x2, 0xa, 0x300) 00:11:36 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) [ 696.321898][ T5943] Bluetooth: hci4: ACL packet for unknown connection handle 0 00:11:36 executing program 2: socket$isdn(0x22, 0x2, 0x3) sendto$isdn(0xffffffffffffffff, &(0x7f0000000000)={0x9, 0x4, "6c04a8bcb0d3c56c0bd480683f22f6f8f8f9f34238bb7f33244879c14e801009012226433157ed48dd2b8665c3aedc9367f10257285563f69488f5d8f7d5f53a9dcbc496e9e7a6fd1fcbaa25da6c80b8d279faa8b8f7c5d6"}, 0x60, 0x80041, 0x0, 0x0) 00:11:36 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) 00:11:36 executing program 1: r0 = socket$isdn(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000080)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e21, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3f}}, 0x24) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000140)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e21, 0x7f, @local, 0x80}}, 0x24) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100), 0x501002, 0x0) [ 696.385483][ T5943] Bluetooth: Wrong link type (-22) [ 696.386828][ T5943] Bluetooth: hci4: link tx timeout [ 696.387953][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:36 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) 00:11:36 executing program 0: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x1454b138ec91dbb2, 0x0) accept4$vsock_stream(r0, &(0x7f00000001c0), 0x10, 0x80000) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000140)={0xe0e}, 0x4) r1 = add_key$fscrypt_provisioning(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, &(0x7f0000000180)=ANY=[@ANYBLOB="2607000000000fbb56672a8ce84db500006162636465666768696a6b6c6d6e6f7071727375767778797a303132"], 0x29, 0xfffffffffffffffc) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x100000e4) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, &(0x7f0000000000)=0xfffffffb) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000100)={0x0, 0xea8d45e679023bdf}) socket$isdn(0x22, 0x2, 0x3) 00:11:36 executing program 5: socket$isdn(0x2, 0xa, 0x300) 00:11:36 executing program 2: socket$isdn(0x22, 0x2, 0x3) sendto$isdn(0xffffffffffffffff, &(0x7f0000000000)={0x9, 0x4, "6c04a8bcb0d3c56c0bd480683f22f6f8f8f9f34238bb7f33244879c14e801009012226433157ed48dd2b8665c3aedc9367f10257285563f69488f5d8f7d5f53a9dcbc496e9e7a6fd1fcbaa25da6c80b8d279faa8b8f7c5d6"}, 0x60, 0x80041, 0x0, 0x0) 00:11:36 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x0, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) 00:11:36 executing program 5: socket$isdn(0x2, 0xa, 0x0) 00:11:36 executing program 4: syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x4}}, 0x9) 00:11:36 executing program 1: r0 = socket$isdn(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000080)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e21, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3f}}, 0x24) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000140)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e21, 0x7f, @local, 0x80}}, 0x24) 00:11:36 executing program 0: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x1454b138ec91dbb2, 0x0) accept4$vsock_stream(r0, &(0x7f00000001c0), 0x10, 0x80000) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000140)={0xe0e}, 0x4) r1 = add_key$fscrypt_provisioning(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, &(0x7f0000000180)=ANY=[@ANYBLOB="2607000000000fbb56672a8ce84db500006162636465666768696a6b6c6d6e6f7071727375767778797a303132"], 0x29, 0xfffffffffffffffc) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x100000e4) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, &(0x7f0000000000)=0xfffffffb) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000100)={0x0, 0xea8d45e679023bdf}) 00:11:36 executing program 2: r0 = socket$isdn(0x22, 0x2, 0x3) sendto$isdn(r0, 0x0, 0x0, 0x80041, 0x0, 0x0) 00:11:36 executing program 5: socket$isdn(0x2, 0xa, 0x0) 00:11:36 executing program 1: r0 = socket$isdn(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000080)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e21, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3f}}, 0x24) 00:11:36 executing program 4: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_channel_selected={{0x41, 0x1}, {0xc8}}}, 0x4) 00:11:36 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x0, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) 00:11:36 executing program 2: r0 = socket$isdn(0x22, 0x2, 0x3) sendto$isdn(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:11:36 executing program 0: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x1454b138ec91dbb2, 0x0) accept4$vsock_stream(r0, &(0x7f00000001c0), 0x10, 0x80000) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000140)={0xe0e}, 0x4) r1 = add_key$fscrypt_provisioning(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, &(0x7f0000000180)=ANY=[@ANYBLOB="2607000000000fbb56672a8ce84db500006162636465666768696a6b6c6d6e6f7071727375767778797a303132"], 0x29, 0xfffffffffffffffc) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x100000e4) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, &(0x7f0000000000)=0xfffffffb) 00:11:36 executing program 5: socket$isdn(0x2, 0xa, 0x0) 00:11:36 executing program 4: syz_emit_vhci(0x0, 0x0) 00:11:36 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x0, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) 00:11:36 executing program 1: r0 = socket$isdn(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) 00:11:36 executing program 2: r0 = socket$isdn(0x22, 0x2, 0x3) sendto$isdn(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:11:36 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x0, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) 00:11:36 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x0, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) 00:11:36 executing program 4: syz_emit_vhci(0x0, 0x0) 00:11:36 executing program 0: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x1454b138ec91dbb2, 0x0) accept4$vsock_stream(r0, &(0x7f00000001c0), 0x10, 0x80000) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000140)={0xe0e}, 0x4) r1 = add_key$fscrypt_provisioning(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, &(0x7f0000000180)=ANY=[@ANYBLOB="2607000000000fbb56672a8ce84db500006162636465666768696a6b6c6d6e6f7071727375767778797a303132"], 0x29, 0xfffffffffffffffc) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x100000e4) [ 696.736695][ T5502] Bluetooth: Wrong link type (-22) [ 696.737944][ T5502] Bluetooth: hci4: link tx timeout [ 696.739050][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:36 executing program 2: r0 = socket$isdn(0x22, 0x2, 0x3) sendto$isdn(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:11:36 executing program 1: ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) 00:11:36 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x0, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) 00:11:36 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x0, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) 00:11:36 executing program 0: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x1454b138ec91dbb2, 0x0) accept4$vsock_stream(r0, &(0x7f00000001c0), 0x10, 0x80000) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000140)={0xe0e}, 0x4) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r0, 0x100000e4) 00:11:36 executing program 1: ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) 00:11:36 executing program 2: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x48, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0xee}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x101}]}, 0x48}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000e40000740b49178ceded45cc77313cbe9d568262e8567c060d47ce0fcbedb50789f73c267d60ba6ca938e563d7153b4b81b16336262e88d5c23d5f40e6a825397d13379cf89c066c4b05615ba18e1318a312e43573cfe3d73ad68626c203a458066a7826a2256e593bb20279053ec7cbbbb612337dc0b455c722709f50d40e5eab6094cc81b6241bc0f78d5ea5cd10819c3d8a585926ab1019a12b7541fca827a3894de43540ad72b0749f0d57879441ca0ac7f02ec0d1d3442ce3dd3f90731dfaf2f6d73eecd5c397b18bdcbda21440aeeccb6a383122b0ec4e9f17927377e1d59019d2084a27b6c8997cd3b8d1a2795123efcea2d51ee52121f59d3130017611a685558519c86dfaf43048ad3e7c817488b7b0a575997dc46a27e1ff8a15ff5a01b2622dd86ba686db282250262d08a6c33216401796c48ffce9949758790ef09c64fec65eb035fd4b06a96ad1c2f7758a9badc30870350521fa50f12015c71f401942a53e1bb71fa0a87c0835eab41dead74b3592f2be528b96fa5b0dc0cf73fed8e8c586d46fb5b4b6f581c83c71467adb7f1fd3bb37a7e6941e91fb4018cec7981e0b4b141f09c0ed17cd6a395aa9c86168f5b811358a4d31f2888a6ed02e906223b0abdf9d3802cd171db0aa8988e3aac113234e3c85e0a8bd246de6b9f1097e98d81ef1a28b110e3c2f2bc57b576c40cc0e553e375c0d44065f57b3d254244038851ca8a265b1f607dabff329671c00"/553], 0x50}}, 0x0) 00:11:36 executing program 4: syz_emit_vhci(0x0, 0x0) [ 696.847952][ T5943] Bluetooth: Wrong link type (-22) [ 696.849208][ T5943] Bluetooth: hci4: link tx timeout [ 696.850335][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:36 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x0, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) 00:11:36 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x0, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) 00:11:36 executing program 4: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_channel_selected={{0x41, 0x1}}}, 0x4) 00:11:36 executing program 1: ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) [ 696.871990][T26489] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 00:11:36 executing program 0: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x1454b138ec91dbb2, 0x0) accept4$vsock_stream(r0, &(0x7f00000001c0), 0x10, 0x80000) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r0, 0x100000e4) [ 696.893580][ T5502] Bluetooth: Wrong link type (-22) [ 696.894822][ T5502] Bluetooth: hci4: link tx timeout [ 696.895958][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:36 executing program 4: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_channel_selected={{0x41, 0x1}}}, 0x4) 00:11:36 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x0, 0x0, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) [ 696.941429][ T5943] Bluetooth: Wrong link type (-22) [ 696.942680][ T5943] Bluetooth: hci4: link tx timeout 00:11:36 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 696.944290][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:36 executing program 1: socket$isdn(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) 00:11:36 executing program 5: 00:11:36 executing program 0: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x1454b138ec91dbb2, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r0, 0x100000e4) 00:11:37 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x0, 0x0, 0x0, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) 00:11:37 executing program 4: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_channel_selected={{0x41, 0x1}}}, 0x4) 00:11:37 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:37 executing program 5: 00:11:37 executing program 0: keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x100000e4) [ 697.124474][ T5502] Bluetooth: Wrong link type (-22) [ 697.125814][ T5502] Bluetooth: hci4: link tx timeout [ 697.126867][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:37 executing program 1: socket$isdn(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) [ 697.130909][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:37 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) 00:11:37 executing program 5: 00:11:37 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:37 executing program 4: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x58, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0xee}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x101}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x9}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x58}]}, 0x58}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000e40000740b49178ceded45cc77313cbe9d568262e8567c060d47ce0fcbedb50789f73c267d60ba6ca938e563d7153b4b81b16336262e88d5c23d5f40e6a825397d13379cf89c066c4b05615ba18e1318a312e43573cfe3d73ad68626c203a458066a7826a2256e593bb20279053ec7cbbbb612337dc0b455c722709f50d40e5eab6094cc81b6241bc0f78d5ea5cd10819c3d8a585926ab1019a12b7541fca827a3894de43540ad72b0749f0d57879441ca0ac7f02ec0d1d3442ce3dd3f90731dfaf2f6d73eecd5c397b18bdcbda21440aeeccb6a383122b0ec4e9f17927377e1d59019d2084a27b6c8997cd3b8d1a2795123efcea2d51ee52121f59d3130017611a685558519c86dfaf43048ad3e7c817488b7b0a575997dc46a27e1ff8a15ff5a01b2622dd86ba686db282250262d08a6c33216401796c48ffce9949758790ef09c64fec65eb035fd4b06a96ad1c2f7758a9badc30870350521fa50f12015c71f401942a53e1bb71fa0a87c0835eab41dead74b3592f2be528b96fa5b0dc0cf73fed8e8c586d46fb5b4b6f581c83c71467adb7f1fd3bb37a7e6941e91fb4018cec7981e0b4b141f09c0ed17cd6a395aa9c86168f5b811358a4d31f2888a6ed02e906223b0abdf9d3802cd171db0aa8988e3aac113234e3c85e0a8bd246de6b9f1097e98d81ef1a28b110e3c2f2bc57b576c40cc0e553e375c0d44065f57b3d254244038851ca8a265b1f607dabff329671c00"/553], 0x50}}, 0x0) [ 697.206842][ T5502] Bluetooth: Wrong link type (-22) [ 697.208102][ T5502] Bluetooth: hci4: link tx timeout [ 697.209217][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 697.216038][T26531] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'. 00:11:37 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x18}, @l2cap_cid_le_signaling={{0x14}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x10}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c, 0xdb4, 0x1000]}}}}, 0x1d) 00:11:37 executing program 1: socket$isdn(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) 00:11:37 executing program 0: keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0) [ 697.247199][ T5943] Bluetooth: Unexpected start frame (len 4) [ 697.248616][ T5943] Bluetooth: Wrong link type (-22) [ 697.249756][ T5943] Bluetooth: hci4: link tx timeout [ 697.250810][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:37 executing program 5: syz_emit_vhci(0x0, 0x0) 00:11:37 executing program 4: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x6c, r5, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0xee}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x101}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x9}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x58}, @NL80211_ATTR_PMK={0x14, 0xfe, "af395780d99bc17134b07ff633399da4"}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000e40000740b49178ceded45cc77313cbe9d568262e8567c060d47ce0fcbedb50789f73c267d60ba6ca938e563d7153b4b81b16336262e88d5c23d5f40e6a825397d13379cf89c066c4b05615ba18e1318a312e43573cfe3d73ad68626c203a458066a7826a2256e593bb20279053ec7cbbbb612337dc0b455c722709f50d40e5eab6094cc81b6241bc0f78d5ea5cd10819c3d8a585926ab1019a12b7541fca827a3894de43540ad72b0749f0d57879441ca0ac7f02ec0d1d3442ce3dd3f90731dfaf2f6d73eecd5c397b18bdcbda21440aeeccb6a383122b0ec4e9f17927377e1d59019d2084a27b6c8997cd3b8d1a2795123efcea2d51ee52121f59d3130017611a685558519c86dfaf43048ad3e7c817488b7b0a575997dc46a27e1ff8a15ff5a01b2622dd86ba686db282250262d08a6c33216401796c48ffce9949758790ef09c64fec65eb035fd4b06a96ad1c2f7758a9badc30870350521fa50f12015c71f401942a53e1bb71fa0a87c0835eab41dead74b3592f2be528b96fa5b0dc0cf73fed8e8c586d46fb5b4b6f581c83c71467adb7f1fd3bb37a7e6941e91fb4018cec7981e0b4b141f09c0ed17cd6a395aa9c86168f5b811358a4d31f2888a6ed02e906223b0abdf9d3802cd171db0aa8988e3aac113234e3c85e0a8bd246de6b9f1097e98d81ef1a28b110e3c2f2bc57b576c40cc0e553e375c0d44065f57b3d254244038851ca8a265b1f607dabff329671c00"/553], 0x50}}, 0x0) 00:11:37 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:37 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x18}, @l2cap_cid_le_signaling={{0x14}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x10}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c, 0xdb4, 0x1000]}}}}, 0x1d) [ 697.295248][ T5502] Bluetooth: Unexpected start frame (len 4) 00:11:37 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 697.334011][T26539] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'. [ 697.345280][ T5502] Bluetooth: Wrong link type (-22) [ 697.346494][ T5502] Bluetooth: hci4: link tx timeout 00:11:37 executing program 5: syz_emit_vhci(0x0, 0x0) [ 697.347688][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:37 executing program 0: keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0) 00:11:37 executing program 1: r0 = socket$isdn(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) [ 697.381824][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:37 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x18}, @l2cap_cid_le_signaling={{0x14}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x10}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c, 0xdb4, 0x1000]}}}}, 0x1d) 00:11:37 executing program 5: syz_emit_vhci(0x0, 0x0) 00:11:37 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 697.435657][ T5502] Bluetooth: Wrong link type (-22) [ 697.436914][ T5502] Bluetooth: hci4: link tx timeout [ 697.438057][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:37 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:37 executing program 0: keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0) 00:11:37 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x16}, @l2cap_cid_le_signaling={{0x12}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xe}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c, 0xdb4]}}}}, 0x1b) 00:11:37 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:37 executing program 1: r0 = socket$isdn(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) [ 697.539384][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:37 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:37 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x0, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) [ 697.566726][ T5943] Bluetooth: Unexpected start frame (len 4) [ 697.583572][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:37 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:37 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 697.606824][ T5943] Bluetooth: Unexpected start frame (len 4) [ 697.610261][ T5943] Bluetooth: Wrong link type (-22) [ 697.611451][ T5943] Bluetooth: hci4: link tx timeout [ 697.612502][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:37 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d47008d0eb"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x115043, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000040), 0x4) [ 697.625200][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:37 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 697.644875][ T5943] Bluetooth: Unexpected start frame (len 4) [ 697.648268][ T5943] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:37 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x16}, @l2cap_cid_le_signaling={{0x12}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xe}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c, 0xdb4]}}}}, 0x1b) 00:11:37 executing program 1: r0 = socket$isdn(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) 00:11:37 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:37 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) 00:11:37 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x0, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) [ 697.710682][ T5943] Bluetooth: Wrong link type (-22) [ 697.711983][ T5943] Bluetooth: hci4: link tx timeout [ 697.713772][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:37 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xc}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c]}}}}, 0x19) [ 697.730974][ T5943] Bluetooth: Wrong link type (-22) [ 697.732107][ T5943] Bluetooth: hci4: link tx timeout [ 697.733481][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:37 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d47008d0eb"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x115043, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000040), 0x4) 00:11:37 executing program 1: sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x88, r5, 0x1, 0x0, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffff857, 0x57}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0xee}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x101}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x9}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x58}, @NL80211_ATTR_PMK={0x14, 0xfe, "af395780d99bc17134b07ff633399da4"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0xfffffffa}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x4f}]}, 0x88}, 0x1, 0x0, 0x0, 0x4044040}, 0x4c000) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000002440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000e40000740b49178ceded45cc77313cbe9d568262e8567c060d47ce0fcbedb50789f73c267d60ba6ca938e563d7153b4b81b16336262e88d5c23d5f40e6a825397d13379cf89c066c4b05615ba18e1318a312e43573cfe3d73ad68626c203a458066a7826a2256e593bb20279053ec7cbbbb612337dc0b455c722709f50d40e5eab6094cc81b6241bc0f78d5ea5cd10819c3d8a585926ab1019a12b7541fca827a3894de43540ad72b0749f0d57879441ca0ac7f02ec0d1d3442ce3dd3f90731dfaf2f6d73eecd5c397b18bdcbda21440aeeccb6a383122b0ec4e9f17927377e1d59019d2084a27b6c8997cd3b8d1a2795123efcea2d51ee52121f59d3130017611a685558519c86dfaf43048ad3e7c817488b7b0a575997dc46a27e1ff8a15ff5a01b2622dd86ba686db282250262d08a6c33216401796c48ffce9949758790ef09c64fec65eb035fd4b06a96ad1c2f7758a9badc30870350521fa50f12015c71f401942a53e1bb71fa0a87c0835eab41dead74b3592f2be528b96fa5b0dc0cf73fed8e8c586d46fb5b4b6f581c83c71467adb7f1fd3bb37a7e6941e91fb4018cec7981e0b4b141f09c0ed17cd6a395aa9c86168f5b811358a4d31f2888a6ed02e906223b0abdf9d3802cd171db0aa8988e3aac113234e3c85e0a8bd246de6b9f1097e98d81ef1a28b110e3c2f2bc57b576c40cc0e553e375c0d44065f57b3d254244038851ca8a265b1f607dabff329671c00"/553], 0x50}}, 0x0) 00:11:37 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xc}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c]}}}}, 0x19) [ 697.758170][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:37 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 697.784185][T26591] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:37 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) [ 697.793313][T26591] Bluetooth: Wrong link type (-22) [ 697.794493][T26591] Bluetooth: hci4: link tx timeout [ 697.795603][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 697.806893][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:37 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d47008d0eb"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x115043, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000040), 0x4) 00:11:37 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xa}, {0x0, 0x0, 0x0, 0x0, [0x0]}}}}, 0x17) [ 697.824446][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:37 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x0, 0x12}, {0x9, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) 00:11:37 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d47008d0eb"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x115043, 0x0) 00:11:37 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 697.864273][T26600] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 697.872496][T26591] Bluetooth: Unexpected start frame (len 4) [ 697.881122][T26591] Bluetooth: Unexpected start frame (len 4) [ 697.892354][T26591] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 697.907948][T26591] Bluetooth: Wrong link type (-22) [ 697.909161][T26591] Bluetooth: hci4: link tx timeout [ 697.910235][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:37 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d47008d0eb"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) 00:11:37 executing program 1: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:37 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x0, 0x12}, {0x0, 0x2b, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) 00:11:37 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) 00:11:37 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 697.961211][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:37 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xa}, {0x0, 0x0, 0x0, 0x0, [0x0]}}}}, 0x17) 00:11:37 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d47008d0eb"], 0x9) [ 698.021748][T26591] Bluetooth: Unexpected start frame (len 4) [ 698.024760][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:38 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:38 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x0, 0x12}, {0x0, 0x0, 0x7, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) [ 698.056971][T26591] Bluetooth: Wrong link type (-22) [ 698.058172][T26591] Bluetooth: hci4: link tx timeout [ 698.059331][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:38 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xc}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c]}}}}, 0x19) 00:11:38 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 698.106991][ T5502] Bluetooth: Unexpected start frame (len 4) 00:11:38 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) [ 698.134260][ T5502] Bluetooth: Unexpected start frame (len 4) 00:11:38 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d47008d0eb"], 0x9) 00:11:38 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 698.160931][ T5502] Bluetooth: Wrong link type (-22) 00:11:38 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x0, 0x12}, {0x0, 0x0, 0x0, 0x7, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) [ 698.197201][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:38 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 698.218476][T26591] Bluetooth: Wrong link type (-22) [ 698.219898][T26591] Bluetooth: hci4: link tx timeout [ 698.221009][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:38 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xc}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c]}}}}, 0x19) [ 698.247038][ T5502] Bluetooth: Unexpected start frame (len 4) 00:11:38 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 698.263039][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:38 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:38 executing program 3: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:38 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d47008d0eb"], 0x9) 00:11:38 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x0, 0x12}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c, 0xdb4, 0x1000, 0x80]}}}}, 0x1f) [ 698.340031][T26591] Bluetooth: Wrong link type (-22) [ 698.349211][ T5502] Bluetooth: Unexpected start frame (len 4) 00:11:38 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 698.366539][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:38 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xc}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c]}}}}, 0x19) 00:11:38 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:38 executing program 3: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0435060000000000000b86256d8907b2cb6a9b5bb3566ac840ecd6934f3e557c93fdbb437b9c01690484f8b8a230ace54c8cf0fcf804ffab9671a4e5c6ff9fb771d169b5e0f60274c51cd35262b0d72b6238da15b75f369d096b36fd321dcad0021bf855191e9c1842577496a15268ff0cd925c67392eab46f68b8fe2fb90bdce82bc437f88b8652fa7fecda62"], 0x9) 00:11:38 executing program 0: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) 00:11:38 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x18}, @l2cap_cid_le_signaling={{0x14}, @l2cap_ecred_conn_req={{0x17, 0x0, 0x10}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c, 0xdb4, 0x1000]}}}}, 0x1d) [ 698.463841][T26591] Bluetooth: Wrong link type (-22) [ 698.465100][T26591] Bluetooth: hci5: link tx timeout [ 698.466292][T26591] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa [ 698.471332][ T5502] Bluetooth: Unexpected start frame (len 4) 00:11:38 executing program 1: 00:11:38 executing program 3: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0435060000000000000b86256d8907b2cb6a9b5bb3566ac840ecd6934f3e557c93fdbb437b9c01690484f8b8a230ace54c8cf0fcf804ffab9671a4e5c6ff9fb771d169b5e0f60274c51cd35262b0d72b6238da15b75f369d096b36fd321dcad0021bf855191e9c1842577496a15268ff0cd925c67392eab46f68b8fe2fb90bdce82bc437f88b8652fa7fecda62"], 0x9) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0435060000000000000b86256d8907b2cb6a9b5bb3566ac840ecd6934f3e557c93fdbb437b9c01690484f8b8a230ace54c8cf0fcf804ffab9671a4e5c6ff9fb771d169b5e0f60274c51cd35262b0d72b6238da15b75f369d096b36fd321dcad0021bf855191e9c1842577496a15268ff0cd925c67392eab46f68b8fe2fb90bdce82bc437f88b8652fa7fecda62"], 0x9) (async) 00:11:38 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:38 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:38 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x16}, @l2cap_cid_le_signaling={{0x12}, @l2cap_ecred_conn_req={{0x17, 0x0, 0xe}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c, 0xdb4]}}}}, 0x1b) 00:11:38 executing program 0: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) 00:11:38 executing program 0: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) 00:11:38 executing program 1: 00:11:38 executing program 0: syz_emit_vhci(0x0, 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) [ 698.574448][T26591] Bluetooth: Unexpected start frame (len 4) [ 698.582236][ T5502] Bluetooth: Unexpected start frame (len 4) 00:11:38 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x0, 0xc}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c]}}}}, 0x19) 00:11:38 executing program 1: 00:11:38 executing program 0: syz_emit_vhci(0x0, 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) 00:11:38 executing program 1: syz_emit_vhci(0x0, 0x0) 00:11:38 executing program 3: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0435060000000000000b86256d8907b2cb6a9b5bb3566ac840ecd6934f3e557c93fdbb437b9c01690484f8b8a230ace54c8cf0fcf804ffab9671a4e5c6ff9fb771d169b5e0f60274c51cd35262b0d72b6238da15b75f369d096b36fd321dcad0021bf855191e9c1842577496a15268ff0cd925c67392eab46f68b8fe2fb90bdce82bc437f88b8652fa7fecda62"], 0x9) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0435060000000000000b86256d8907b2cb6a9b5bb3566ac840ecd6934f3e557c93fdbb437b9c01690484f8b8a230ace54c8cf0fcf804ffab9671a4e5c6ff9fb771d169b5e0f60274c51cd35262b0d72b6238da15b75f369d096b36fd321dcad0021bf855191e9c1842577496a15268ff0cd925c67392eab46f68b8fe2fb90bdce82bc437f88b8652fa7fecda62"], 0x9) (async) 00:11:38 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:38 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:38 executing program 0: syz_emit_vhci(0x0, 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) 00:11:38 executing program 1: syz_emit_vhci(0x0, 0x0) 00:11:38 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_conn_req={{0x17, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, [0x0]}}}}, 0x17) [ 698.705148][T26591] Bluetooth: Unexpected start frame (len 4) [ 698.709607][ T5502] Bluetooth: Unexpected start frame (len 4) 00:11:38 executing program 3: socket$l2tp(0x2, 0x2, 0x73) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) 00:11:38 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:38 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 698.774216][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:38 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x0, 0x8}}}}, 0x15) 00:11:38 executing program 1: syz_emit_vhci(0x0, 0x0) [ 698.795829][ T5502] Bluetooth: Unexpected start frame (len 4) [ 698.804556][T26591] Bluetooth: Unexpected start frame (len 16) [ 698.805949][T26591] Bluetooth: Wrong link type (-22) [ 698.807270][T26591] Bluetooth: hci4: link tx timeout [ 698.808482][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:38 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:38 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:38 executing program 3: socket$l2tp(0x2, 0x2, 0x73) (async) socket$l2tp(0x2, 0x2, 0x73) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) 00:11:38 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) 00:11:38 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xc}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c]}}}}, 0x19) [ 698.869044][T26591] Bluetooth: hci5: ACL packet for unknown connection handle 0 00:11:38 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xc}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c]}}}}, 0x19) 00:11:38 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0435060000000000000b86256d8907b2cb6a9b5bb3566ac840ecd6934f3e557c93fdbb437b9c01690484f8b8a230ace54c8cf0fcf804ffab9671a4e5c6ff9fb771d169b5e0f60274c51cd35262b0d72b6238da15b75f369d096b36fd321dcad0021bf855191e9c1842577496a15268ff0cd925c67392eab46f68b8fe2fb90bdce82bc437f88b8652fa7fecda62"], 0x9) [ 698.902769][T26591] Bluetooth: hci5: ACL packet for unknown connection handle 0 [ 698.906575][T26591] Bluetooth: Wrong link type (-22) [ 698.907863][T26591] Bluetooth: hci4: link tx timeout [ 698.909049][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 698.910794][ T5502] Bluetooth: Unexpected start frame (len 4) 00:11:38 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xc}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c]}}}}, 0x19) 00:11:38 executing program 3: socket$l2tp(0x2, 0x2, 0x73) (async) socket$l2tp(0x2, 0x2, 0x73) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) 00:11:38 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 698.937338][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:38 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) [ 698.946728][ T5502] Bluetooth: hci5: ACL packet for unknown connection handle 0 [ 698.974682][ T5502] Bluetooth: Wrong link type (-22) [ 698.975870][ T5502] Bluetooth: hci4: link tx timeout [ 698.976980][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:38 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0435060000000000000b86256d8907b2cb6a9b5bb3566ac840ecd6934f3e557c93fdbb437b9c01690484f8b8a230ace54c8cf0fcf804ffab9671a4e5c6ff9fb771d169b5e0f60274c51cd35262b0d72b6238da15b75f369d096b36fd321dcad0021bf855191e9c1842577496a15268ff0cd925c67392eab46f68b8fe2fb90bdce82bc437f88b8652fa7fecda62"], 0x9) 00:11:38 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:38 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x0, 0xc}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c]}}}}, 0x19) [ 699.005477][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:38 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:39 executing program 3: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$NL80211_CMD_ABORT_SCAN(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, 0x0, 0x300, 0x70bd27, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x5, 0x6b}}}}, ["", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000881) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x16}, @l2cap_cid_le_signaling={{0x12}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xe}, {0x0, 0x0, 0x0, 0x0, [0x7ff, 0x1f, 0x7ff]}}}}, 0x1b) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r0, &(0x7f0000000140)="d411330f4b47177e0beb699b24afdc2b40bfc2582ad287ac7a1f17e52c7b2966cf4dbed983fcaef57a56ef8ead5e66e3fcfa7e64089aa9ac90d141a51d6059dd1e3a604a0fab34e6207566c6b26d7104010165b66571671b135d8acb95ebaf7a156758b418d7ed5a7624ad3fe1", &(0x7f00000001c0)=@udp6}, 0x20) [ 699.024163][T26591] Bluetooth: Unexpected start frame (len 4) [ 699.038602][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:39 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:39 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) 00:11:39 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:39 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0435060000000000000b86256d8907b2cb6a9b5bb3566ac840ecd6934f3e557c93fdbb437b9c01690484f8b8a230ace54c8cf0fcf804ffab9671a4e5c6ff9fb771d169b5e0f60274c51cd35262b0d72b6238da15b75f369d096b36fd321dcad0021bf855191e9c1842577496a15268ff0cd925c67392eab46f68b8fe2fb90bdce82bc437f88b8652fa7fecda62"], 0x9) 00:11:39 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x0, 0xc}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c]}}}}, 0x19) [ 699.115971][ T5502] Bluetooth: Wrong link type (-22) [ 699.117278][ T5502] Bluetooth: hci4: link tx timeout [ 699.118406][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 699.149018][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:39 executing program 3: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) sendmsg$NL80211_CMD_ABORT_SCAN(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, 0x0, 0x300, 0x70bd27, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x5, 0x6b}}}}, ["", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000881) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x16}, @l2cap_cid_le_signaling={{0x12}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xe}, {0x0, 0x0, 0x0, 0x0, [0x7ff, 0x1f, 0x7ff]}}}}, 0x1b) (async) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r0, &(0x7f0000000140)="d411330f4b47177e0beb699b24afdc2b40bfc2582ad287ac7a1f17e52c7b2966cf4dbed983fcaef57a56ef8ead5e66e3fcfa7e64089aa9ac90d141a51d6059dd1e3a604a0fab34e6207566c6b26d7104010165b66571671b135d8acb95ebaf7a156758b418d7ed5a7624ad3fe1", &(0x7f00000001c0)=@udp6}, 0x20) [ 699.157943][ T5502] Bluetooth: Unexpected start frame (len 4) 00:11:39 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:39 executing program 5: 00:11:39 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 699.223451][ T5502] Bluetooth: Wrong link type (-22) [ 699.225160][ T5502] Bluetooth: hci4: link tx timeout [ 699.226185][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:39 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) [ 699.234567][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:39 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x0, 0xc}, {0x0, 0x0, 0x0, 0x0, [0x0, 0xff8c]}}}}, 0x19) 00:11:39 executing program 3: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) sendmsg$NL80211_CMD_ABORT_SCAN(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, 0x0, 0x300, 0x70bd27, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x5, 0x6b}}}}, ["", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000881) (async, rerun: 64) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x16}, @l2cap_cid_le_signaling={{0x12}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xe}, {0x0, 0x0, 0x0, 0x0, [0x7ff, 0x1f, 0x7ff]}}}}, 0x1b) (rerun: 64) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r0, &(0x7f0000000140)="d411330f4b47177e0beb699b24afdc2b40bfc2582ad287ac7a1f17e52c7b2966cf4dbed983fcaef57a56ef8ead5e66e3fcfa7e64089aa9ac90d141a51d6059dd1e3a604a0fab34e6207566c6b26d7104010165b66571671b135d8acb95ebaf7a156758b418d7ed5a7624ad3fe1", &(0x7f00000001c0)=@udp6}, 0x20) [ 699.269542][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:39 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:39 executing program 5: 00:11:39 executing program 4: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 699.336968][T26591] Bluetooth: Unexpected start frame (len 4) [ 699.340570][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:39 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xa}, {0x0, 0x0, 0x0, 0x0, [0x0]}}}}, 0x17) 00:11:39 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) 00:11:39 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 699.357959][T26591] Bluetooth: Wrong link type (-22) [ 699.359242][T26591] Bluetooth: hci4: link tx timeout [ 699.360367][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 699.362278][T26591] Bluetooth: Wrong link type (-22) [ 699.363699][T26591] Bluetooth: hci4: link tx timeout [ 699.364838][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 699.368630][T26591] Bluetooth: Wrong link type (-22) [ 699.369902][T26591] Bluetooth: hci4: link tx timeout [ 699.371047][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 699.373057][T26591] Bluetooth: Wrong link type (-22) [ 699.374279][T26591] Bluetooth: hci4: link tx timeout [ 699.375370][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:39 executing program 4: r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 699.381210][T26591] Bluetooth: Wrong link type (-22) [ 699.382453][T26591] Bluetooth: hci4: link tx timeout [ 699.383736][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 699.385890][T26591] Bluetooth: Wrong link type (-22) [ 699.387143][T26591] Bluetooth: hci4: link tx timeout [ 699.388302][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:39 executing program 5: [ 699.395355][T26591] Bluetooth: Wrong link type (-22) [ 699.396577][T26591] Bluetooth: Wrong link type (-22) [ 699.397729][T26591] Bluetooth: Wrong link type (-22) [ 699.398867][T26591] Bluetooth: Wrong link type (-22) [ 699.400040][T26591] Bluetooth: Wrong link type (-22) [ 699.401172][T26591] Bluetooth: Wrong link type (-22) [ 699.402290][T26591] Bluetooth: Wrong link type (-22) [ 699.403581][T26591] Bluetooth: Wrong link type (-22) [ 699.404747][T26591] Bluetooth: Wrong link type (-22) [ 699.406315][T26591] Bluetooth: Wrong link type (-22) [ 699.407468][T26591] Bluetooth: Wrong link type (-22) [ 699.408734][T26591] Bluetooth: Wrong link type (-22) [ 699.409620][ T5502] Bluetooth: Wrong link type (-22) [ 699.409863][T26591] Bluetooth: Wrong link type (-22) [ 699.411001][ T5502] Bluetooth: hci5: link tx timeout [ 699.412111][T26591] Bluetooth: Wrong link type (-22) [ 699.413202][ T5502] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa [ 699.414790][T26591] Bluetooth: Wrong link type (-22) [ 699.417017][T26591] Bluetooth: Wrong link type (-22) [ 699.418152][T26591] Bluetooth: Wrong link type (-22) [ 699.419325][T26591] Bluetooth: Wrong link type (-22) [ 699.420442][T26591] Bluetooth: Wrong link type (-22) [ 699.421550][T26591] Bluetooth: Wrong link type (-22) [ 699.422686][T26591] Bluetooth: Wrong link type (-22) [ 699.424312][T26591] Bluetooth: Wrong link type (-22) [ 699.425511][T26591] Bluetooth: Wrong link type (-22) [ 699.426667][T26591] Bluetooth: Wrong link type (-22) [ 699.427914][T26591] Bluetooth: Wrong link type (-22) [ 699.429058][T26591] Bluetooth: Wrong link type (-22) [ 699.430251][T26591] Bluetooth: Wrong link type (-22) [ 699.431375][T26591] Bluetooth: Wrong link type (-22) [ 699.432488][T26591] Bluetooth: Wrong link type (-22) [ 699.433818][T26591] Bluetooth: Wrong link type (-22) [ 699.434944][T26591] Bluetooth: Wrong link type (-22) [ 699.436051][T26591] Bluetooth: Wrong link type (-22) [ 699.437237][T26591] Bluetooth: Wrong link type (-22) [ 699.438448][T26591] Bluetooth: Wrong link type (-22) [ 699.439586][T26591] Bluetooth: Wrong link type (-22) [ 699.440727][T26591] Bluetooth: Wrong link type (-22) [ 699.441919][T26591] Bluetooth: Wrong link type (-22) [ 699.443174][T26591] Bluetooth: Wrong link type (-22) [ 699.444272][T26591] Bluetooth: Wrong link type (-22) [ 699.445427][T26591] Bluetooth: Wrong link type (-22) 00:11:39 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c000500570808000000000000000000"], 0x15) [ 699.446525][T26591] Bluetooth: Wrong link type (-22) [ 699.447659][T26591] Bluetooth: Wrong link type (-22) [ 699.448746][T26591] Bluetooth: Wrong link type (-22) [ 699.449874][T26591] Bluetooth: Wrong link type (-22) [ 699.451104][T26591] Bluetooth: Wrong link type (-22) [ 699.452285][T26591] Bluetooth: Wrong link type (-22) [ 699.454349][T26591] Bluetooth: Wrong link type (-22) [ 699.455539][T26591] Bluetooth: Wrong link type (-22) [ 699.456660][T26591] Bluetooth: Wrong link type (-22) [ 699.457818][T26591] Bluetooth: Wrong link type (-22) [ 699.458871][T26591] Bluetooth: Wrong link type (-22) [ 699.459975][T26591] Bluetooth: Wrong link type (-22) [ 699.461096][T26591] Bluetooth: Wrong link type (-22) 00:11:39 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xa}, {0x0, 0x0, 0x0, 0x0, [0x0]}}}}, 0x17) [ 699.462165][T26591] Bluetooth: Wrong link type (-22) [ 699.463447][T26591] Bluetooth: Wrong link type (-22) [ 699.464550][T26591] Bluetooth: Wrong link type (-22) [ 699.465759][T26591] Bluetooth: Wrong link type (-22) [ 699.466928][T26591] Bluetooth: Wrong link type (-22) [ 699.468000][T26591] Bluetooth: Wrong link type (-22) [ 699.469189][T26591] Bluetooth: hci4: link tx timeout [ 699.470232][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:39 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) [ 699.503025][T26591] Bluetooth: Unknown LE signaling command 0x57 [ 699.504490][T26591] Bluetooth: Wrong link type (-22) [ 699.505694][T26591] Bluetooth: hci4: link tx timeout [ 699.506872][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 699.515877][T26591] Bluetooth: Unexpected start frame (len 4) [ 699.519012][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:39 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c000500570808000000000000000000"], 0x15) [ 699.529093][T26591] Bluetooth: Wrong link type (-22) 00:11:39 executing program 5: syz_emit_vhci(0x0, 0x9) [ 699.530393][T26591] Bluetooth: hci5: link tx timeout [ 699.531559][T26591] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:39 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) [ 699.552386][T26591] Bluetooth: Wrong link type (-22) 00:11:39 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 699.553745][T26591] Bluetooth: hci5: link tx timeout [ 699.554856][T26591] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:39 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c000500570808000000000000000000"], 0x15) 00:11:39 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 699.621501][T26591] Bluetooth: Unknown LE signaling command 0x57 [ 699.623064][T26591] Bluetooth: Wrong link type (-22) [ 699.624243][T26591] Bluetooth: hci4: link tx timeout [ 699.625393][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 699.648783][T26591] Bluetooth: Unknown LE signaling command 0x57 [ 699.650179][T26591] Bluetooth: Wrong link type (-22) [ 699.651356][T26591] Bluetooth: hci5: link tx timeout [ 699.652500][T26591] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:39 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c000500570808000000000000000000"], 0x15) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c000500570808000000000000000000"], 0x15) (async) 00:11:39 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d4"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) [ 699.681588][T26591] Bluetooth: Unexpected start frame (len 4) [ 699.684581][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:39 executing program 5: syz_emit_vhci(0x0, 0x9) 00:11:39 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c000500570808000000000000000000"], 0x15) [ 699.726460][T26591] Bluetooth: Unknown LE signaling command 0x57 00:11:39 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 699.727832][T26591] Bluetooth: Wrong link type (-22) [ 699.728991][T26591] Bluetooth: Unknown LE signaling command 0x57 [ 699.730389][T26591] Bluetooth: Wrong link type (-22) [ 699.731676][T26591] Bluetooth: hci4: link tx timeout [ 699.732738][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:39 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:39 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x1, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) socket$inet6_udplite(0xa, 0x2, 0x88) [ 699.801118][T26591] Bluetooth: Unexpected start frame (len 4) [ 699.804997][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:39 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(0x0, 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 699.825492][T26591] Bluetooth: Unknown LE signaling command 0x57 [ 699.826796][T26591] Bluetooth: Wrong link type (-22) [ 699.828308][T26591] Bluetooth: hci5: link tx timeout [ 699.829431][T26591] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:39 executing program 5: syz_emit_vhci(0x0, 0x9) 00:11:39 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d4"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) 00:11:39 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c000500570808000000000000000000"], 0x15) [ 699.891165][T26591] Bluetooth: Unexpected start frame (len 4) [ 699.896063][ T5943] Bluetooth: Unknown LE signaling command 0x57 [ 699.897389][ T5943] Bluetooth: Wrong link type (-22) [ 699.898584][ T5943] Bluetooth: hci5: link tx timeout [ 699.899656][ T5943] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:39 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x1, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) socket$inet6_udplite(0xa, 0x2, 0x88) 00:11:39 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:39 executing program 1: 00:11:39 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[], 0x9) 00:11:39 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(0x0, 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 699.952706][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:39 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d4"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) 00:11:39 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x1, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x1, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) socket$inet6_udplite(0xa, 0x2, 0x88) 00:11:39 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:39 executing program 1: 00:11:40 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(0x0, 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:40 executing program 1: 00:11:40 executing program 3: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c90010000c000500170808000800000000000000aead2ab33592802dffb306069151bce73f580362c76259b47a3dc1ef08394f7ef1d8a43de543185ca3a6e1823c8c7c2f52e74c1809a30e8509b6849491997c94fc4aec0637f9b43ed635f874fde5ab58b4608f01851a5f6fc059a4dd02fcdbfc0624101c51e9977b6380a975600d85c1e86cd1d91701c9320bb5652d4cc1b050a23312e2736ae3bde2b16658a37cb7a3d4d4f18bb024c56300614a68b8756dce729e9175674deb93cb793d56b64b18f74e973a8109f7ea52519b39bb86ef4199992f2c0b882ff40e91d71a2e75dd4bba671506e769903c68a2"], 0x15) 00:11:40 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d47008"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) 00:11:40 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[], 0x9) [ 700.102120][ T5943] Bluetooth: Unexpected start frame (len 4) [ 700.104386][ T5943] Bluetooth: Wrong link type (-22) [ 700.105590][ T5943] Bluetooth: hci4: link tx timeout [ 700.106609][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:40 executing program 1: syz_emit_vhci(0x0, 0x15) 00:11:40 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:40 executing program 3: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c90010000c000500170808000800000000000000aead2ab33592802dffb306069151bce73f580362c76259b47a3dc1ef08394f7ef1d8a43de543185ca3a6e1823c8c7c2f52e74c1809a30e8509b6849491997c94fc4aec0637f9b43ed635f874fde5ab58b4608f01851a5f6fc059a4dd02fcdbfc0624101c51e9977b6380a975600d85c1e86cd1d91701c9320bb5652d4cc1b050a23312e2736ae3bde2b16658a37cb7a3d4d4f18bb024c56300614a68b8756dce729e9175674deb93cb793d56b64b18f74e973a8109f7ea52519b39bb86ef4199992f2c0b882ff40e91d71a2e75dd4bba671506e769903c68a2"], 0x15) 00:11:40 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 700.150559][T26591] Bluetooth: Wrong link type (-22) [ 700.151729][T26591] Bluetooth: hci4: link tx timeout [ 700.152768][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:40 executing program 3: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c90010000c000500170808000800000000000000aead2ab33592802dffb306069151bce73f580362c76259b47a3dc1ef08394f7ef1d8a43de543185ca3a6e1823c8c7c2f52e74c1809a30e8509b6849491997c94fc4aec0637f9b43ed635f874fde5ab58b4608f01851a5f6fc059a4dd02fcdbfc0624101c51e9977b6380a975600d85c1e86cd1d91701c9320bb5652d4cc1b050a23312e2736ae3bde2b16658a37cb7a3d4d4f18bb024c56300614a68b8756dce729e9175674deb93cb793d56b64b18f74e973a8109f7ea52519b39bb86ef4199992f2c0b882ff40e91d71a2e75dd4bba671506e769903c68a2"], 0x15) 00:11:40 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d4"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) [ 700.181742][ T5943] Bluetooth: Wrong link type (-22) 00:11:40 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[], 0x9) [ 700.183745][ T5943] Bluetooth: hci4: link tx timeout [ 700.184857][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:40 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c000500170808000000000000000000"], 0x15) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(r0, 0x3ba0, &(0x7f0000000100)={0x38, 0x3, r1, 0x0, 0x3, 0xb7, &(0x7f0000000040)="e1566e81122ea5949903fa716e6b78c851cbabf9df4256dfcfb6cae6a5f9a00157a4bebbbdad02f114ab24d60fa3a39518e84231e4579e697b918de50f41183d9cb68b39396635b8ebf1e9399a7ac49be8d525b8582296208a076d4ef0349d9b4c24e9bd6dc953fe31557c935cc57997f07d270357be2c2f7aa3abaada041babd9eef55ea3c57b31ee041ec1616952eba2f52102d92be1e36d84ea3db43b210b2a8130aa930a041315427476611f0627814575fecaaf24"}) [ 700.209134][T26591] Bluetooth: Wrong link type (-22) [ 700.210368][T26591] Bluetooth: hci4: link tx timeout [ 700.211485][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 700.214536][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:40 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:40 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c000500170808000000000000000000"], 0x15) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(r0, 0x3ba0, &(0x7f0000000100)={0x38, 0x3, r1, 0x0, 0x3, 0xb7, &(0x7f0000000040)="e1566e81122ea5949903fa716e6b78c851cbabf9df4256dfcfb6cae6a5f9a00157a4bebbbdad02f114ab24d60fa3a39518e84231e4579e697b918de50f41183d9cb68b39396635b8ebf1e9399a7ac49be8d525b8582296208a076d4ef0349d9b4c24e9bd6dc953fe31557c935cc57997f07d270357be2c2f7aa3abaada041babd9eef55ea3c57b31ee041ec1616952eba2f52102d92be1e36d84ea3db43b210b2a8130aa930a041315427476611f0627814575fecaaf24"}) [ 700.241475][T26591] Bluetooth: Wrong link type (-22) [ 700.242785][T26591] Bluetooth: hci4: link tx timeout [ 700.243975][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 700.275267][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:40 executing program 1: syz_emit_vhci(0x0, 0x15) 00:11:40 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:40 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c000500170808000000000000000000"], 0x15) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(r0, 0x3ba0, &(0x7f0000000100)={0x38, 0x3, r1, 0x0, 0x3, 0xb7, &(0x7f0000000040)="e1566e81122ea5949903fa716e6b78c851cbabf9df4256dfcfb6cae6a5f9a00157a4bebbbdad02f114ab24d60fa3a39518e84231e4579e697b918de50f41183d9cb68b39396635b8ebf1e9399a7ac49be8d525b8582296208a076d4ef0349d9b4c24e9bd6dc953fe31557c935cc57997f07d270357be2c2f7aa3abaada041babd9eef55ea3c57b31ee041ec1616952eba2f52102d92be1e36d84ea3db43b210b2a8130aa930a041315427476611f0627814575fecaaf24"}) 00:11:40 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d4"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) [ 700.313940][T26591] Bluetooth: Wrong link type (-22) [ 700.315110][T26591] Bluetooth: hci4: link tx timeout [ 700.316169][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:40 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB], 0x9) 00:11:40 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:40 executing program 1: syz_emit_vhci(0x0, 0x15) 00:11:40 executing program 3: syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_conn_req={{0x17, 0x48, 0xa}, {0x4, 0x0, 0xffff, 0x0, [0x3ff]}}}}, 0x17) syz_emit_vhci(&(0x7f0000000040)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xa2}, "e123b7bad9a3d1ecbb8b45b14f725755c4226915b3f9b9222444db19c39d66bf63c2c695db2f16d8e10206e4698945c1900f48aeac73ddd4bef59bfd847e60a119549669dcc968130fb00368ab581a2b78dd82728c9f8b7043686ed66f58b89761a941b1e6d9de5134adac2ed97bc25927ce0dd57abd42595a32e34c4716c3f2fd1ef765b70a1db95ba462a5705a4f883010051b71ab0c0f0bf339534c0c7a9cd0b3"}, 0xa6) socket$inet_udp(0x2, 0x2, 0x0) [ 700.410851][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:40 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:40 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, 0x0, 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:40 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d4"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) 00:11:40 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x15) [ 700.454130][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:40 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:40 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB], 0x9) [ 700.479932][ T5943] Bluetooth: Wrong link type (-22) [ 700.481280][ T5943] Bluetooth: hci4: link tx timeout [ 700.482428][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:40 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, 0x0, 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:40 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d470"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) 00:11:40 executing program 3: syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_conn_req={{0x17, 0x48, 0xa}, {0x4, 0x0, 0xffff, 0x0, [0x3ff]}}}}, 0x17) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xa2}, "e123b7bad9a3d1ecbb8b45b14f725755c4226915b3f9b9222444db19c39d66bf63c2c695db2f16d8e10206e4698945c1900f48aeac73ddd4bef59bfd847e60a119549669dcc968130fb00368ab581a2b78dd82728c9f8b7043686ed66f58b89761a941b1e6d9de5134adac2ed97bc25927ce0dd57abd42595a32e34c4716c3f2fd1ef765b70a1db95ba462a5705a4f883010051b71ab0c0f0bf339534c0c7a9cd0b3"}, 0xa6) (async) socket$inet_udp(0x2, 0x2, 0x0) 00:11:40 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x15) [ 700.546850][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:40 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, 0x0, 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 700.575806][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:40 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:40 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d4"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) [ 700.596292][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:40 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:40 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:40 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB], 0x9) 00:11:40 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x15) [ 700.631409][T26591] Bluetooth: Unexpected start frame (len 4) [ 700.649558][T26591] Bluetooth: Wrong link type (-22) [ 700.650781][T26591] Bluetooth: hci4: link tx timeout [ 700.651795][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:40 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 700.675912][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:40 executing program 3: syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_conn_req={{0x17, 0x48, 0xa}, {0x4, 0x0, 0xffff, 0x0, [0x3ff]}}}}, 0x17) syz_emit_vhci(&(0x7f0000000040)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xa2}, "e123b7bad9a3d1ecbb8b45b14f725755c4226915b3f9b9222444db19c39d66bf63c2c695db2f16d8e10206e4698945c1900f48aeac73ddd4bef59bfd847e60a119549669dcc968130fb00368ab581a2b78dd82728c9f8b7043686ed66f58b89761a941b1e6d9de5134adac2ed97bc25927ce0dd57abd42595a32e34c4716c3f2fd1ef765b70a1db95ba462a5705a4f883010051b71ab0c0f0bf339534c0c7a9cd0b3"}, 0xa6) (async) socket$inet_udp(0x2, 0x2, 0x0) 00:11:40 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0435060000000000000b86256d8907b2cb6a9b5bb3566ac840ecd6934f3e557c93fdbb437b9c01690484f8b8a230ace54c8cf0fcf804ffab9671a4e5c6ff9fb771d169b5e0f602"], 0x9) 00:11:40 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe8"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 700.718068][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:40 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 700.741903][T26591] Bluetooth: hci2: ACL packet for unknown connection handle 0 00:11:40 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d4"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) 00:11:40 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 700.764562][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:40 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 700.794615][ T5943] Bluetooth: Wrong link type (-22) [ 700.795847][ T5943] Bluetooth: hci4: link tx timeout [ 700.797030][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:40 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x15) [ 700.816993][T26591] Bluetooth: hci2: ACL packet for unknown connection handle 0 00:11:40 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) 00:11:40 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$nci(r0, &(0x7f0000000080)=@NCI_OP_RF_DISCOVER_MAP_RSP={0x1, 0x1, 0x2, 0x0, 0x3f, 0x1}, 0x4) 00:11:40 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 700.878867][ T5943] Bluetooth: Wrong link type (-22) [ 700.880000][ T5943] Bluetooth: hci4: link tx timeout [ 700.881058][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 700.902156][T26591] Bluetooth: hci3: Received unexpected HCI Event 0x00 00:11:40 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d4"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) [ 700.932451][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:40 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x15) 00:11:40 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) [ 700.961178][ T5943] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 700.979234][T26591] Bluetooth: hci3: Received unexpected HCI Event 0x00 00:11:40 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:40 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$nci(r0, &(0x7f0000000080)=@NCI_OP_RF_DISCOVER_MAP_RSP={0x1, 0x1, 0x2, 0x0, 0x3f, 0x1}, 0x4) 00:11:41 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888c"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:41 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x15) 00:11:41 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) 00:11:41 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d470"], 0x9) syz_emit_vhci(0x0, 0x0) [ 701.039739][T26591] Bluetooth: Unexpected start frame (len 4) [ 701.041204][T26591] Bluetooth: Unexpected start frame (len 4) [ 701.047832][ T5943] Bluetooth: Wrong link type (-22) [ 701.049024][ T5943] Bluetooth: hci4: link tx timeout [ 701.050152][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 701.053739][T26591] Bluetooth: hci3: Received unexpected HCI Event 0x00 00:11:41 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888c"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:41 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:41 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005005708"], 0x15) 00:11:41 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0435060000000000000b86256d8907b2cb6a9b5bb3566ac840ecd6934f3e557c93fdbb43"], 0x9) 00:11:41 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$nci(r0, &(0x7f0000000080)=@NCI_OP_RF_DISCOVER_MAP_RSP={0x1, 0x1, 0x2, 0x0, 0x3f, 0x1}, 0x4) [ 701.151661][T26591] Bluetooth: Wrong link type (-22) [ 701.152937][T26591] Bluetooth: hci4: link tx timeout [ 701.154042][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:41 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d470"], 0x9) syz_emit_vhci(0x0, 0x0) 00:11:41 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) [ 701.205654][T26591] Bluetooth: Unexpected start frame (len 4) [ 701.213257][T26591] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 701.218427][T26591] Bluetooth: Unexpected start frame (len 4) [ 701.220904][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:41 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) 00:11:41 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:41 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005005708"], 0x15) 00:11:41 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:41 executing program 3: syz_emit_vhci(&(0x7f00000000c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x46}, @l2cap_cid_signaling={{0x42}, [@l2cap_move_chan_rsp={{0xf, 0x40, 0x4}, {0x7, 0x3ff}}, @l2cap_create_chan_rsp={{0xd, 0x19, 0x8}, {0x7ff, 0xfffc, 0x326, 0x6}}, @l2cap_disconn_req={{0x6, 0x3a, 0x4}, {0xfffa, 0x4}}, @l2cap_conn_rsp={{0x3, 0x4, 0x8}, {0xffc3, 0xf000, 0x8000, 0x2}}, @l2cap_disconn_rsp={{0x7, 0x7c, 0x4}, {0x4, 0x5}}, @l2cap_cmd_rej_unk={{0x1, 0x0, 0x2}}, @l2cap_cmd_rej_unk={{0x1, 0x6, 0x2}, {0x7}}, @l2cap_cmd_rej_unk={{0x1, 0x4e, 0x2}, {0xffff}}]}}, 0x4b) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0) ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x20080}) [ 701.270321][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:41 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d470"], 0x9) syz_emit_vhci(0x0, 0x0) 00:11:41 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 701.314313][T26591] Bluetooth: hci3: Received unexpected HCI Event 0x00 00:11:41 executing program 3: syz_emit_vhci(&(0x7f00000000c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x46}, @l2cap_cid_signaling={{0x42}, [@l2cap_move_chan_rsp={{0xf, 0x40, 0x4}, {0x7, 0x3ff}}, @l2cap_create_chan_rsp={{0xd, 0x19, 0x8}, {0x7ff, 0xfffc, 0x326, 0x6}}, @l2cap_disconn_req={{0x6, 0x3a, 0x4}, {0xfffa, 0x4}}, @l2cap_conn_rsp={{0x3, 0x4, 0x8}, {0xffc3, 0xf000, 0x8000, 0x2}}, @l2cap_disconn_rsp={{0x7, 0x7c, 0x4}, {0x4, 0x5}}, @l2cap_cmd_rej_unk={{0x1, 0x0, 0x2}}, @l2cap_cmd_rej_unk={{0x1, 0x6, 0x2}, {0x7}}, @l2cap_cmd_rej_unk={{0x1, 0x4e, 0x2}, {0xffff}}]}}, 0x4b) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0) (async) ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x20080}) [ 701.334111][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:41 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) [ 701.348896][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:41 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005005708"], 0x15) 00:11:41 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:41 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d470"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) 00:11:41 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c00050057080800000000"], 0x15) 00:11:41 executing program 3: syz_emit_vhci(&(0x7f00000000c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x46}, @l2cap_cid_signaling={{0x42}, [@l2cap_move_chan_rsp={{0xf, 0x40, 0x4}, {0x7, 0x3ff}}, @l2cap_create_chan_rsp={{0xd, 0x19, 0x8}, {0x7ff, 0xfffc, 0x326, 0x6}}, @l2cap_disconn_req={{0x6, 0x3a, 0x4}, {0xfffa, 0x4}}, @l2cap_conn_rsp={{0x3, 0x4, 0x8}, {0xffc3, 0xf000, 0x8000, 0x2}}, @l2cap_disconn_rsp={{0x7, 0x7c, 0x4}, {0x4, 0x5}}, @l2cap_cmd_rej_unk={{0x1, 0x0, 0x2}}, @l2cap_cmd_rej_unk={{0x1, 0x6, 0x2}, {0x7}}, @l2cap_cmd_rej_unk={{0x1, 0x4e, 0x2}, {0xffff}}]}}, 0x4b) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0) ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x20080}) (async) ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x20080}) [ 701.391419][T26591] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 701.399657][T26591] Bluetooth: Unknown LE signaling command 0x57 [ 701.401089][T26591] Bluetooth: Wrong link type (-22) [ 701.402265][T26591] Bluetooth: hci5: link tx timeout [ 701.404228][T26591] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:41 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 701.410119][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:41 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005005708"], 0x15) 00:11:41 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0435060000000000000b86256d8907b2cb6a9b"], 0x9) [ 701.473660][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:41 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005005708"], 0x15) 00:11:41 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:41 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475c"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:41 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d470"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) 00:11:41 executing program 3: syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0x1, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x0, 0x2, 0x0, 0x0, [0xc0ca, 0x8, 0xd3, 0x7, 0x1000]}}}}, 0x1f) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x10100, 0x0) 00:11:41 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0435"], 0x9) 00:11:41 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005005708"], 0x15) [ 701.558014][T26591] Bluetooth: Unexpected start frame (len 4) [ 701.565172][T26591] Bluetooth: hci4: ACL packet for unknown connection handle 1 [ 701.568164][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:41 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d470"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) 00:11:41 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(0x0, 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:41 executing program 3: syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0x1, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x0, 0x2, 0x0, 0x0, [0xc0ca, 0x8, 0xd3, 0x7, 0x1000]}}}}, 0x1f) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x10100, 0x0) [ 701.611744][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:41 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d470"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x2d}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17"}}, 0x30) [ 701.632668][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:41 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d470"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x1}, "b5"}}, 0x4) 00:11:41 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB], 0x9) 00:11:41 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 701.669997][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:41 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d470"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) [ 701.682380][T26591] Bluetooth: hci4: ACL packet for unknown connection handle 1 00:11:41 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB], 0x9) [ 701.718099][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:41 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005005708080000"], 0x15) 00:11:41 executing program 3: syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0x1, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x12}, {0x0, 0x2, 0x0, 0x0, [0xc0ca, 0x8, 0xd3, 0x7, 0x1000]}}}}, 0x1f) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x10100, 0x0) (async) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x10100, 0x0) 00:11:41 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:41 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(0x0, 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 701.774103][T26591] Bluetooth: Unexpected start frame (len 4) [ 701.806080][T26591] Bluetooth: Unknown LE signaling command 0x57 [ 701.807458][T26591] Bluetooth: Wrong link type (-22) [ 701.808613][T26591] Bluetooth: hci5: link tx timeout [ 701.809653][T26591] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:41 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB], 0x9) 00:11:41 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d470"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) 00:11:41 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(0x0, 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:41 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 701.837739][T26591] Bluetooth: hci4: ACL packet for unknown connection handle 1 00:11:41 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) 00:11:41 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:41 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c000500570808"], 0x15) [ 701.880205][T26591] Bluetooth: Unexpected start frame (len 4) 00:11:41 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:41 executing program 3: syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_req={{0x6, 0x20, 0x4}, {0x2004, 0x736}}}}, 0x11) prctl$PR_SET_TIMERSLACK(0x1d, 0x2) 00:11:41 executing program 0: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d470"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) [ 701.893136][T26591] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 701.918489][T26591] Bluetooth: hci4: link tx timeout [ 701.919666][T26591] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:41 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) [ 701.936648][T26591] Bluetooth: Unexpected start frame (len 4) [ 701.937078][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:41 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:41 executing program 3: syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_req={{0x6, 0x20, 0x4}, {0x2004, 0x736}}}}, 0x11) (async) prctl$PR_SET_TIMERSLACK(0x1d, 0x2) [ 701.966259][ T5943] Bluetooth: Unknown LE signaling command 0x57 [ 701.967633][ T5943] Bluetooth: Wrong link type (-22) [ 701.968812][ T5943] Bluetooth: hci5: link tx timeout [ 701.969879][ T5943] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa [ 701.979968][ T5943] Bluetooth: hci3: Received unexpected HCI Event 0x00 00:11:41 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:41 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:41 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c000500570808"], 0x15) [ 701.990258][ T5943] Bluetooth: hci4: link tx timeout [ 701.991384][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:41 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) [ 702.006389][ T5943] Bluetooth: hci3: Received unexpected HCI Event 0x00 00:11:42 executing program 0: syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_req={{0x6, 0x20, 0x4}, {0x2004, 0x736}}}}, 0x11) prctl$PR_SET_TIMERSLACK(0x1d, 0x2) [ 702.034520][ T5943] Bluetooth: Unexpected start frame (len 12) [ 702.035989][ T5943] Bluetooth: hci0: link tx timeout [ 702.037136][ T5943] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 702.038848][ T5943] Bluetooth: hci0: link tx timeout [ 702.039911][ T5943] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa 00:11:42 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:42 executing program 3: syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_req={{0x6, 0x20, 0x4}, {0x2004, 0x736}}}}, 0x11) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_req={{0x6, 0x20, 0x4}, {0x2004, 0x736}}}}, 0x11) prctl$PR_SET_TIMERSLACK(0x1d, 0x2) 00:11:42 executing program 5: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0435060000000000000b86256d8907b2cb6a9b"], 0x9) 00:11:42 executing program 0: syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_req={{0x6, 0x20, 0x4}, {0x2004, 0x736}}}}, 0x11) prctl$PR_SET_TIMERSLACK(0x1d, 0x2) [ 702.068621][ T5943] Bluetooth: Unknown LE signaling command 0x57 [ 702.070006][ T5943] Bluetooth: Wrong link type (-22) [ 702.071120][ T5943] Bluetooth: hci5: link tx timeout [ 702.072212][ T5943] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:42 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 702.120678][ T5943] Bluetooth: hci4: link tx timeout [ 702.122011][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 702.124296][ T5943] Bluetooth: hci4: link tx timeout [ 702.125478][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:42 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:42 executing program 3: r0 = getuid() getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES8=r0], 0xfffffffffffffefb) 00:11:42 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c00050057"], 0x15) 00:11:42 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d470"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) 00:11:42 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f12"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:42 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:42 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c00050057"], 0x15) 00:11:42 executing program 3: r0 = getuid() getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)) (async) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES8=r0], 0xfffffffffffffefb) 00:11:42 executing program 0: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005005708"], 0x15) 00:11:42 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d470"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) 00:11:42 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 702.306543][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:42 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:42 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:42 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:42 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c00050057"], 0x15) 00:11:42 executing program 3: r0 = getuid() (async) getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES8=r0], 0xfffffffffffffefb) 00:11:42 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) [ 702.391361][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:42 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c92004"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 702.418722][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 00:11:42 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d470"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) 00:11:42 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005005708"], 0x15) 00:11:42 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c92004"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:42 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) 00:11:42 executing program 3: pselect6(0x40, &(0x7f0000000040)={0x20, 0xffffffffffffffff, 0x20, 0x6, 0x8001, 0x39305a7e, 0x7, 0x2}, &(0x7f0000000080)={0x81, 0x3, 0x0, 0x7, 0x100000000, 0x9, 0x10001, 0x8}, &(0x7f00000000c0)={0x20, 0x1, 0xd347, 0x100000001, 0x8001, 0x10000, 0xea, 0x5}, &(0x7f0000000100)={0x0, 0x989680}, &(0x7f0000000180)={&(0x7f0000000140)={[0x6]}, 0x8}) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) 00:11:42 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe8"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 702.485704][ T5943] Bluetooth: Wrong link type (-22) [ 702.487066][ T5943] Bluetooth: hci4: link tx timeout [ 702.488203][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:42 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c92004"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:42 executing program 3: pselect6(0x40, &(0x7f0000000040)={0x20, 0xffffffffffffffff, 0x20, 0x6, 0x8001, 0x39305a7e, 0x7, 0x2}, &(0x7f0000000080)={0x81, 0x3, 0x0, 0x7, 0x100000000, 0x9, 0x10001, 0x8}, &(0x7f00000000c0)={0x20, 0x1, 0xd347, 0x100000001, 0x8001, 0x10000, 0xea, 0x5}, &(0x7f0000000100)={0x0, 0x989680}, &(0x7f0000000180)={&(0x7f0000000140)={[0x6]}, 0x8}) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) [ 702.514955][ T5943] Bluetooth: Unexpected start frame (len 4) [ 702.528478][ T5943] Bluetooth: Wrong link type (-22) [ 702.529674][ T5943] Bluetooth: hci4: link tx timeout [ 702.530787][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:42 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:42 executing program 3: pselect6(0x40, &(0x7f0000000040)={0x20, 0xffffffffffffffff, 0x20, 0x6, 0x8001, 0x39305a7e, 0x7, 0x2}, &(0x7f0000000080)={0x81, 0x3, 0x0, 0x7, 0x100000000, 0x9, 0x10001, 0x8}, &(0x7f00000000c0)={0x20, 0x1, 0xd347, 0x100000001, 0x8001, 0x10000, 0xea, 0x5}, &(0x7f0000000100)={0x0, 0x989680}, &(0x7f0000000180)={&(0x7f0000000140)={[0x6]}, 0x8}) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) 00:11:42 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d470"], 0x9) [ 702.558517][ T5943] Bluetooth: Wrong link type (-22) [ 702.559754][ T5943] Bluetooth: hci4: link tx timeout [ 702.560816][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 702.561328][T26591] Bluetooth: Unexpected start frame (len 4) [ 702.562627][ T5943] Bluetooth: Wrong link type (-22) [ 702.565546][T26591] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 702.565756][ T5943] Bluetooth: hci4: link tx timeout [ 702.568205][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:42 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) 00:11:42 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005005708"], 0x15) 00:11:42 executing program 3: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x200002, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) socketpair(0x25, 0x2, 0x3, &(0x7f0000000080)={0xffffffffffffffff}) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r0, 0x110, 0x3) 00:11:42 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe8"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 702.630338][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:42 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 702.647124][ T5943] Bluetooth: Wrong link type (-22) [ 702.648355][ T5943] Bluetooth: hci4: link tx timeout [ 702.649451][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:42 executing program 3: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x200002, 0x0) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) socketpair(0x25, 0x2, 0x3, &(0x7f0000000080)={0xffffffffffffffff}) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r0, 0x110, 0x3) [ 702.684535][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 00:11:42 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d470"], 0x9) [ 702.698790][ T5943] Bluetooth: Wrong link type (-22) [ 702.700089][ T5943] Bluetooth: hci4: link tx timeout [ 702.701182][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:42 executing program 3: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x200002, 0x0) (async, rerun: 64) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async, rerun: 64) socketpair(0x25, 0x2, 0x3, &(0x7f0000000080)={0xffffffffffffffff}) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r0, 0x110, 0x3) 00:11:42 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 702.726094][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:42 executing program 0: 00:11:42 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005005708"], 0x15) [ 702.768667][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:42 executing program 1: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe8"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:42 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f12"], 0x9) syz_emit_vhci(0x0, 0x0) 00:11:42 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe8"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:42 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d470"], 0x9) [ 702.819837][ T5943] Bluetooth: Unexpected start frame (len 4) [ 702.831075][ T5943] Bluetooth: Wrong link type (-22) [ 702.832277][ T5943] Bluetooth: Wrong link type (-22) [ 702.833557][ T5943] Bluetooth: Wrong link type (-22) [ 702.834689][ T5943] Bluetooth: Wrong link type (-22) [ 702.835890][ T5943] Bluetooth: Wrong link type (-22) [ 702.837013][ T5943] Bluetooth: Wrong link type (-22) [ 702.838136][ T5943] Bluetooth: Wrong link type (-22) [ 702.839206][ T5943] Bluetooth: Wrong link type (-22) [ 702.840361][ T5943] Bluetooth: Wrong link type (-22) [ 702.841491][ T5943] Bluetooth: Wrong link type (-22) [ 702.842610][ T5943] Bluetooth: Wrong link type (-22) [ 702.846056][ T5943] Bluetooth: Wrong link type (-22) [ 702.847243][ T5943] Bluetooth: Wrong link type (-22) [ 702.848362][ T5943] Bluetooth: Wrong link type (-22) [ 702.849429][ T5943] Bluetooth: Wrong link type (-22) 00:11:42 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f12"], 0x9) syz_emit_vhci(0x0, 0x0) [ 702.850538][ T5943] Bluetooth: Wrong link type (-22) [ 702.851701][ T5943] Bluetooth: Wrong link type (-22) [ 702.852959][ T5943] Bluetooth: Wrong link type (-22) [ 702.854124][ T5943] Bluetooth: Wrong link type (-22) [ 702.855222][ T5943] Bluetooth: Wrong link type (-22) [ 702.856414][ T5943] Bluetooth: Wrong link type (-22) [ 702.857545][ T5943] Bluetooth: Wrong link type (-22) [ 702.858723][ T5943] Bluetooth: Wrong link type (-22) 00:11:42 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20e"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 702.859940][ T5943] Bluetooth: Wrong link type (-22) 00:11:42 executing program 3: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c90010000c000500170808000000000000000000af5fd36858e92c5a3bb1f478d39f476984f58b59736cc624890097f21a0f61280f0800e40d08ecddd4c2644e6bfda7c7408d90d56179f0c999351976f9d452e8a9fa7ae1f3ea18a456fb72bc6e3c3001abc608af8330805f0c57ddff9ed63df36a1a41002640633167e1ccae82c57c348472152f69a0172f0eed5b3cfb8fab56555aebc3a9871077c5952787559e1d1dd8fb3320f20021501a5b85b78a39108974e65c623e9a67af052d022bf8b6fab53a220c223f4d96b27a7266a49df7ca888f3c5e83594d0f56da3d6ac77931e3d111f41c5ad91526b8"], 0x15) [ 702.861048][ T5943] Bluetooth: Wrong link type (-22) [ 702.862168][ T5943] Bluetooth: Wrong link type (-22) [ 702.865771][ T5943] Bluetooth: Wrong link type (-22) [ 702.867038][ T5943] Bluetooth: Wrong link type (-22) [ 702.868199][ T5943] Bluetooth: Wrong link type (-22) [ 702.869360][ T5943] Bluetooth: Wrong link type (-22) [ 702.870520][ T5943] Bluetooth: Wrong link type (-22) [ 702.871758][ T5943] Bluetooth: Wrong link type (-22) 00:11:42 executing program 0: [ 702.872953][ T5943] Bluetooth: Wrong link type (-22) [ 702.874059][ T5943] Bluetooth: Wrong link type (-22) [ 702.875161][ T5943] Bluetooth: Wrong link type (-22) [ 702.876365][ T5943] Bluetooth: Wrong link type (-22) [ 702.877512][ T5943] Bluetooth: Wrong link type (-22) [ 702.878649][ T5943] Bluetooth: Wrong link type (-22) [ 702.879774][ T5943] Bluetooth: Wrong link type (-22) [ 702.880860][ T5943] Bluetooth: Wrong link type (-22) [ 702.881976][ T5943] Bluetooth: Wrong link type (-22) [ 702.889273][ T5943] Bluetooth: Wrong link type (-22) [ 702.890400][ T5943] Bluetooth: Wrong link type (-22) [ 702.891495][ T5943] Bluetooth: Wrong link type (-22) [ 702.892655][ T5943] Bluetooth: Wrong link type (-22) [ 702.893942][ T5943] Bluetooth: Wrong link type (-22) [ 702.895052][ T5943] Bluetooth: Wrong link type (-22) [ 702.896198][ T5943] Bluetooth: Wrong link type (-22) [ 702.897326][ T5943] Bluetooth: Wrong link type (-22) [ 702.898449][ T5943] Bluetooth: Wrong link type (-22) [ 702.899603][ T5943] Bluetooth: Wrong link type (-22) [ 702.900706][ T5943] Bluetooth: Wrong link type (-22) [ 702.901907][ T5943] Bluetooth: Wrong link type (-22) [ 702.903106][ T5943] Bluetooth: Wrong link type (-22) 00:11:42 executing program 1: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe8"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 702.904296][ T5943] Bluetooth: Wrong link type (-22) [ 702.905450][ T5943] Bluetooth: Wrong link type (-22) [ 702.906567][ T5943] Bluetooth: Wrong link type (-22) [ 702.907768][ T5943] Bluetooth: Wrong link type (-22) [ 702.908874][ T5943] Bluetooth: Wrong link type (-22) [ 702.910005][ T5943] Bluetooth: Wrong link type (-22) [ 702.911153][ T5943] Bluetooth: Wrong link type (-22) [ 702.912312][ T5943] Bluetooth: Wrong link type (-22) [ 702.913892][ T5943] Bluetooth: Wrong link type (-22) [ 702.915103][ T5943] Bluetooth: Wrong link type (-22) [ 702.916224][ T5943] Bluetooth: Wrong link type (-22) [ 702.917398][ T5943] Bluetooth: hci4: link tx timeout [ 702.918492][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 702.923836][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:42 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) 00:11:42 executing program 0: [ 702.948654][ T5943] Bluetooth: Wrong link type (-22) [ 702.949827][ T5943] Bluetooth: hci4: link tx timeout [ 702.950934][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 702.951143][ T5502] Bluetooth: Unexpected start frame (len 4) [ 702.963283][ T5502] Bluetooth: Unexpected start frame (len 4) 00:11:42 executing program 0: syz_emit_vhci(0x0, 0x9) 00:11:42 executing program 4: openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f12"], 0x9) syz_emit_vhci(0x0, 0x0) 00:11:42 executing program 3: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c90010000c000500170808000000000000000000af5fd36858e92c5a3bb1f478d39f476984f58b59736cc624890097f21a0f61280f0800e40d08ecddd4c2644e6bfda7c7408d90d56179f0c999351976f9d452e8a9fa7ae1f3ea18a456fb72bc6e3c3001abc608af8330805f0c57ddff9ed63df36a1a41002640633167e1ccae82c57c348472152f69a0172f0eed5b3cfb8fab56555aebc3a9871077c5952787559e1d1dd8fb3320f20021501a5b85b78a39108974e65c623e9a67af052d022bf8b6fab53a220c223f4d96b27a7266a49df7ca888f3c5e83594d0f56da3d6ac77931e3d111f41c5ad91526b8"], 0x15) [ 703.020006][ T5502] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20e"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 703.039791][ T5502] Bluetooth: Wrong link type (-22) [ 703.041048][ T5502] Bluetooth: hci4: link tx timeout [ 703.042138][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:43 executing program 0: syz_emit_vhci(0x0, 0x9) [ 703.052356][ T5502] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:43 executing program 1: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe8"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:43 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) 00:11:43 executing program 3: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c90010000c000500170808000000000000000000af5fd36858e92c5a3bb1f478d39f476984f58b59736cc624890097f21a0f61280f0800e40d08ecddd4c2644e6bfda7c7408d90d56179f0c999351976f9d452e8a9fa7ae1f3ea18a456fb72bc6e3c3001abc608af8330805f0c57ddff9ed63df36a1a41002640633167e1ccae82c57c348472152f69a0172f0eed5b3cfb8fab56555aebc3a9871077c5952787559e1d1dd8fb3320f20021501a5b85b78a39108974e65c623e9a67af052d022bf8b6fab53a220c223f4d96b27a7266a49df7ca888f3c5e83594d0f56da3d6ac77931e3d111f41c5ad91526b8"], 0x15) [ 703.094044][ T5502] Bluetooth: Unexpected start frame (len 4) [ 703.153867][ T5502] Bluetooth: Unexpected start frame (len 4) [ 703.155673][ T5502] Bluetooth: Wrong link type (-22) [ 703.156900][ T5502] Bluetooth: hci4: link tx timeout [ 703.157994][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:43 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20e"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:43 executing program 0: syz_emit_vhci(0x0, 0x9) [ 703.170186][ T5502] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:43 executing program 1: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe8"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 703.219676][ T5502] Bluetooth: Unexpected start frame (len 4) [ 703.220182][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 5: syz_emit_vhci(0x0, 0x0) 00:11:43 executing program 3: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c80010000c00050017089f050408000000000000"], 0x15) socket$inet6_udplite(0xa, 0x2, 0x88) 00:11:43 executing program 1: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe8"], 0x9) [ 703.248094][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf776"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:43 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[], 0x9) 00:11:43 executing program 4: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:43 executing program 5: syz_emit_vhci(0x0, 0x0) 00:11:43 executing program 3: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c80010000c00050017089f050408000000000000"], 0x15) (async) socket$inet6_udplite(0xa, 0x2, 0x88) [ 703.316258][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[], 0x9) 00:11:43 executing program 1: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe8"], 0x9) [ 703.343406][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 5: syz_emit_vhci(0x0, 0x0) 00:11:43 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf776"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 703.381340][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[], 0x9) [ 703.405424][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 3: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c80010000c00050017089f050408000000000000"], 0x15) socket$inet6_udplite(0xa, 0x2, 0x88) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c80010000c00050017089f050408000000000000"], 0x15) (async) socket$inet6_udplite(0xa, 0x2, 0x88) (async) 00:11:43 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d4"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) [ 703.442432][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 4: syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="bb09703b1e1bc671319948966acbc8e495497c3d60a343b5c771a034f6a5f7587134114fa604cd4745cb413a88ca780ad6c3d67d97973888a9e5e79024052eec64b7d91aeed342e0e7ee9de60fd89e1adbe8fb90e1c774a09cea2dfdaa2ecfde9c405e220741dece57a53aa045bcbb91a1e139b57aee680a0a9f639ee395149ed32f3910b5d7cdcaea8dbb16a4cd81f30bc237ecf5f27f9365d60f76a40d0b43d9ef654962d94bc43982503ef430b95c52d1fced68"], 0x3) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) mkdirat$cgroup(r1, &(0x7f0000001080)='syz0\x00', 0x1ff) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000000)={0x5, 0xc69, {0x0}, {}, 0x1, 0x80}) write$damon_init_regions(r0, &(0x7f0000000040)={{' ', r2}, {' ', 0x6}, {' ', 0x6}}, 0x3f) 00:11:43 executing program 1: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe8"], 0x9) 00:11:43 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d4"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) [ 703.458698][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf776"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 703.509203][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB], 0x9) 00:11:43 executing program 3: syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x5b}, "d2b1c4271b03cd909f79d169b1334b75d9138265eb22d2bb04a0f4bc7df6e26be98ceb71b9be577bacedcce29cb2f1b3cf8f03090000000800000000000000f0e2fd3e7d32008516d6710d8d1a3e023a9c4bebd2cc6ddb8291f3ad"}, 0x5f) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}, {0x2, 0xc9, @none, 0x2, 0x40, 0x9, 0x8, 0x7fff, 0x1}}}, 0x14) 00:11:43 executing program 1: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:43 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d4"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x59}, "b55c303008512f8acf664e782f3dcc8450a90ff2a8e54a1ca8e29081e9e0e58d6da67407196ddc6b504bdb2b17ed24a3dce1ae6539e1cf1cea30f90be1cabea7f137665115168a8370d1e3f1fb317bd54957f0f9814a371779"}}, 0x5c) [ 703.553872][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 703.577810][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:43 executing program 4: syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="bb09703b1e1bc671319948966acbc8e495497c3d60a343b5c771a034f6a5f7587134114fa604cd4745cb413a88ca780ad6c3d67d97973888a9e5e79024052eec64b7d91aeed342e0e7ee9de60fd89e1adbe8fb90e1c774a09cea2dfdaa2ecfde9c405e220741dece57a53aa045bcbb91a1e139b57aee680a0a9f639ee395149ed32f3910b5d7cdcaea8dbb16a4cd81f30bc237ecf5f27f9365d60f76a40d0b43d9ef654962d94bc43982503ef430b95c52d1fced68"], 0x3) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) mkdirat$cgroup(r1, &(0x7f0000001080)='syz0\x00', 0x1ff) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000000)={0x5, 0xc69, {0x0}, {}, 0x1, 0x80}) write$damon_init_regions(r0, &(0x7f0000000040)={{' ', r2}, {' ', 0x6}, {' ', 0x6}}, 0x3f) [ 703.601557][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:43 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB], 0x9) [ 703.626259][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 3: syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x5b}, "d2b1c4271b03cd909f79d169b1334b75d9138265eb22d2bb04a0f4bc7df6e26be98ceb71b9be577bacedcce29cb2f1b3cf8f03090000000800000000000000f0e2fd3e7d32008516d6710d8d1a3e023a9c4bebd2cc6ddb8291f3ad"}, 0x5f) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}, {0x2, 0xc9, @none, 0x2, 0x40, 0x9, 0x8, 0x7fff, 0x1}}}, 0x14) 00:11:43 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41ea"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:43 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB], 0x9) [ 703.651464][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c92004d4"], 0x9) 00:11:43 executing program 3: syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x5b}, "d2b1c4271b03cd909f79d169b1334b75d9138265eb22d2bb04a0f4bc7df6e26be98ceb71b9be577bacedcce29cb2f1b3cf8f03090000000800000000000000f0e2fd3e7d32008516d6710d8d1a3e023a9c4bebd2cc6ddb8291f3ad"}, 0x5f) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}, {0x2, 0xc9, @none, 0x2, 0x40, 0x9, 0x8, 0x7fff, 0x1}}}, 0x14) 00:11:43 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41ea"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:43 executing program 1: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:43 executing program 4: syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="bb09703b1e1bc671319948966acbc8e495497c3d60a343b5c771a034f6a5f7587134114fa604cd4745cb413a88ca780ad6c3d67d97973888a9e5e79024052eec64b7d91aeed342e0e7ee9de60fd89e1adbe8fb90e1c774a09cea2dfdaa2ecfde9c405e220741dece57a53aa045bcbb91a1e139b57aee680a0a9f639ee395149ed32f3910b5d7cdcaea8dbb16a4cd81f30bc237ecf5f27f9365d60f76a40d0b43d9ef654962d94bc43982503ef430b95c52d1fced68"], 0x3) (async) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) mkdirat$cgroup(r1, &(0x7f0000001080)='syz0\x00', 0x1ff) (async) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000000)={0x5, 0xc69, {0x0}, {}, 0x1, 0x80}) write$damon_init_regions(r0, &(0x7f0000000040)={{' ', r2}, {' ', 0x6}, {' ', 0x6}}, 0x3f) 00:11:43 executing program 0: syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x5b}, "d2b1c4271b03cd909f79d169b1334b75d9138265eb22d2bb04a0f4bc7df6e26be98ceb71b9be577bacedcce29cb2f1b3cf8f03090000000800000000000000f0e2fd3e7d32008516d6710d8d1a3e023a9c4bebd2cc6ddb8291f3ad"}, 0x5f) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}, {0x2, 0xc9, @none, 0x2, 0x40, 0x9, 0x8, 0x7fff, 0x1}}}, 0x14) [ 703.762485][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 5: 00:11:43 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000180)={0x0, 0x9}) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x60c280, 0x0) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000226bd7000fbdbdf25550000000800010b6a000000"], 0x1c}}, 0x800) socket$inet6(0xa, 0x2, 0x101) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000015c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001580)={&(0x7f0000000300)={0x1264, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CSA_IES={0xc34, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_PROBE_RESP={0x50d, 0x91, "1e899196b82f35f5281a6386a101ad7b5fe8a2577bb8917df5d1440aca1b4074881756e3dc8561dfb89365dc31f7adcdb86916f299236670a6368d8b7349e318aa711eb3d78eb9ee08bc6e2ad8c446d1dfee50438d9e744251fe372d28e44a7a3d403a56370475c9ce1999ae3f8f673b68077c2ca1d0f1a642407b1a6517fc17064fbdc210f5edce36cd64fedf24a52f9f3fcd546512e6ac1aa506fc15f1d26a90573944e9f9b68eea58f892c4f898462fc0f7f1efe515aa4ed057784491c7c40aee8591754bc6b98b3947559b586fb972444eb38f8aebfc59a6caa3ca4e8ef847904bdf836b7d6d974ff639144119de33a382cf5e1504686bd219342151a2b744d78d86b40cdc206f15a9f8258327494f036fda3951f3c866678bb66d987470389e480ffeb9652fd3cb626cf57f6d2f56b20396d6d9c34033539f31a7559f25475ca501ce2136f9d1d724dadb90a1fd23dce6ddb22628f53baf7763f52c47de7a003ec8f3ed2f4abb9673f7f19d88a902d838ca2561e70d2f1d0c1d0b83e4670ed1b9426be634768782f94743198194145a33c6110048f2573bfd50fc7c0198d8e6fc26b0f7ab293413856031fa5a6f15fb9c8be67dfb57d6630da5ad24b4e93112264145a38a593c35a8021f0d09f6e4ccbca269b30a849fd0d225296d5dd8c6bccb7de78fae4f743986b80454e526dd2ad05e06dd054b02bebeddeae90076fa8b72b202ea8804875197cce0a76420162032aad83cf7107732d8867fd4ae36a5a0099a76bbb9db225189dabb32b5d077756189a91caa7547df08685ef0219f04d4dd79c3bf9d4a12c404e1b11b519eaef8d1183eeb19df9417e90399c013bf87b5739f0de71c510f9e361964a3a8a7c71d57b980856b251b00a03d13311210c159bc14508740a0a194f93e15b8509dd025c35366d157dbad150d6d9027322b05320d0b54cbee51aec566d614424ee186292a8ac5253afd286b40ae457b7598b04f51d4905c47c9706f114c3515601cf1ad3ec812364acc9ab8500d191b251045a28ecd975782405203cfb14ace9cfc189410318fcd3cc8f47b359baad7be757d176eba58bd6befa4fb5183d6832f3037f27d62981795d6d4decadb5da76b6e0e9cb1a8f69ef58249bf8774deee8d207bf353982462b71281ecf553294a2afc60c354e4f4278942c43d181daa77ce554286a43c8ec828091c2cf9253353d295763b7f85241b0c88f53d0f0f86c00963c3f790adf100b083b89b54a3b2d914e0460f2c5673e6b53ef07d6c96bd806068c2c4f092ed13c774f340c5a094b5dd97f9762691759cca28b2d1efe8fe32255608ec10bf317dc1290026295b025c21c8e1c4f11e77f46ff6939c62314bcd247771e81a7735786976e67d8d1cd01a7c6eedabf0aaae46add24e93ff94279bb0396a7868a0cde04ad97b4f53cb2e4b6675e314bbc1293bf770db7adb66960546d4711aa2553854144253b1a1ffa78a6c60435e34c3052371d10c7ce1e9e9679d4f3bca3e1b5b002395531ce4b0e13bc754dc47703b28d3b12c4b07a5faa80f70072731225bc2fa738c01831b0306abeec9e1b439a62716ccaf5bb4f8d9cc9773e9b6a8e657c21b2b83bacec38ee334f7ae04cc910768aadbd3d4427510d567a98c56a899d5731d5cfc1ef9e6cb86de1f643da03eb4518b5dda38f82277bce5548b90ca8f657d8e7c5e3f9cd589a811f2ac0b7c8c1da74ecfd0c836408dffaa04e9e6397e72a3e31a8bf634d975625edee6d12dfc6afe76180b0be0bca3d420b74d94b1fe567b05215ae75b0190bb59c7b66c7883bd6cbc32f99f"}, @NL80211_ATTR_IE_ASSOC_RESP={0x149, 0x80, [@ext_channel_switch={0x3c, 0x4, {0x0, 0xf1, 0xa9, 0x5a}}, @random_vendor={0xdd, 0x72, "1407a75e0e812646fa50ef0b895c8afb050e78e3f1c998d673de41759822ce2e7f7d38dfe9ec780008649ba5a781a34fd16684ee1e96ec7a182ee917875206f18636dc25bc5f16d1bebceda18e258f5581370682856751dcf5b79e75434242a27d715572a25865b66920bd5dc0ca959f5a00"}, @perr={0x84, 0xc9, {0x3, 0xd, [@not_ext={{}, @device_b, 0x9, "", 0x1f}, @ext={{}, @device_a, 0x5, @broadcast, 0x19}, @not_ext={{}, @device_a, 0x7, "", 0x35}, @not_ext={{}, @device_b, 0x4, "", 0x37}, @not_ext={{}, @device_a, 0x5, "", 0x2c}, @ext={{}, @device_b, 0x8}, @not_ext={{}, @device_a, 0x1, "", 0x16}, @not_ext={{}, @device_b, 0x95, "", 0x30}, @ext={{}, @broadcast, 0x10000000, @device_a, 0x15}, @ext={{}, @broadcast, 0x6, @device_b, 0x30}, @not_ext={{}, @device_b, 0x9, "", 0x3e}, @ext={{}, @broadcast, 0x30, @device_b, 0x2a}, @not_ext={{}, @device_b, 0x8, "", 0x2e}]}}]}, @NL80211_ATTR_IE={0x28, 0x2a, [@prep={0x83, 0x1f, @not_ext={{}, 0x6, 0x85, @device_b, 0x6, "", 0x3f, 0x4, @device_a, 0x9}}, @dsss={0x3, 0x1, 0xad}]}, @NL80211_ATTR_FTM_RESPONDER={0xd0, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xa, 0x3, "4f87708961a4"}, @NL80211_FTM_RESP_ATTR_LCI={0x23, 0x2, "1515248804e34829f02efe0beaed3e783173ad6612cfad0dd1405fde8e9041"}, @NL80211_FTM_RESP_ATTR_LCI={0x95, 0x2, "28fa2ba5cae12cb0590f9fe1f292e8030fb4554003f02e517515280442e8751075dba123036e483d36ac3d497b5321c0016ea46d70015fed11b48dbb4b2f9ae0030afeae695f563dd2c9182b482f02cffa8fe0500095b4b0d2cdec543bdba9399ac32602e4bee255efa8de0b460755a7dbaf02099aa019ac0b5d6bb45bdf16d722e9b6579fe955fc79a7d2912992249406"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_BEACON_HEAD={0x48f, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x7b47}, @device_a, @broadcast, @from_mac=@device_b, {0x4, 0x5}}, @ver_80211n={0x0, 0x81, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x1, @random=0x6, 0x0, @void, @void, @val={0x3, 0x1, 0x70}, @void, @void, @val={0x5, 0x8b, {0xff, 0x3b, 0xd7, "771a8171a7aa7613e61fb5f18a0b55a85521c412cdb1760558cc07a24918e040bd1c5ca99f8569315875adb838d4926aca4352bd505e14113ed8215a281c9aeab3ca2caa74996e9715fac6270085cf72d3660f3b07a859a3c6897b47ed09832edfdfa0dc8dbb2d0f3094955104081cd620dd121a2cbeb6842155a99ae96040dbefe2bd94d0c700ed"}}, @void, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x6, 0x74, 0x6}}, @val={0x2d, 0x1a, {0x4008, 0x3, 0x3, 0x0, {0x6842, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2}, 0x400, 0x0, 0x1f}}, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0xffffffffffffffff, 0x7, 0x69}}, @void, [{0xdd, 0x92, "0f7e5c9edae21ba1bf9c9eb07f8a0b3b02a1a9d3e01ba345e745f1d4f6e7497db69177f42f3fccb1901a77783eca74985c03b78536771ae4e444eafeb42325a329cab14170a4939061bc1b3cc9462cb665df9dd67344778498d637fe62fa745a73c698be7abbf3665e3584753de84d6d3a6a9b7b3c27ffd6782a255baa7860dac4bb79312a1d3c86fabd3ee2b9ddaaf0a7fe"}, {0xdd, 0xc9, "396b0de70791d88504b3b5d0b06720b09237bf48ad2140f25e13fd8603fc7614cf7849f7c474359f2a006999eaf37ac505cc42630bdf6b7b4db24c19dd9a84232e738bd7f9a334b92eb5e56a236c1041fced2da412447cae3d1ca94572a8fea4a2f8aad29e04cfd4510bb8bb0b4febbcce7ea46ae6decc86c30bdd9fe40ed4b85b53c34c36b085d0347c96465849fef4a52e70f75e4a4aa1fd8a939597d234108ce96c36fa4bd0edeb83ad6dee6d81c988356a43f85628d7d57e4dbfc4b5640b9c4e0729d05331378f"}, {0xdd, 0x4b, "3552703c827f7f2cf17afe87dd416164f7f4789d1a9781218b44b409d23a51755641bc584e422b942eaf47b153124a3b04976813e8b20c4dfbabdbd5d57f638b99b27172ad29633aa06236"}, {0xdd, 0xbf, "7844f48a09680a93008f620bf3b63dafc7406255cf7a71a0d0dd29dcc70173799c3236cc6bec070d7b218dcdc778c708fe39c82ed48a7bf229770fd470cc021a2a35342b9434780e98d6d91f08981fa591c0a62621054c83996fe90b1a334ac634b7aac8a02059fed05db33b3f5f556b6166705ef486f01af5890cc2e8f4f4cdb54b42dbf15f00567fb6da47fd0980d4daea80b872d1bb79d36d35e7b1cdf4c13611e84aba79bd34025a82fffa4eb4058ecc1c628f46273e0ea3c781d3bb43"}, {0xdd, 0x17, "e508338be0c867c41ec670e6d15af8f3dbeb24b76acc28"}, {0xdd, 0xa4, "827f7e6b96552cdc7734723326707f2c636bd6f73c15ec45070ca67814c969377521018be442286f25b6ea31c13a729fc5301a5f3d3eddb305c45c70f23513d748dc03aaea32dcde92f6794718fb03858740624e3d58ab67f689298d08395f6f87a522b7b0fc4918460df689da3008e8597480b8ebda9c55db266c385745f7191266ac1c2c94bc1d3bf07e957a5ee41faa4434b4601faa248da6ed9b62db3c1fb78c11a1"}, {0xdd, 0x77, "f58123fa7cf1ef2c417b16a9da38d9b7531ced4c2dfa91fb56f63b2529194c937f5d15c9664c717104bb03d8ad7c4261d40788f7629ee8394f86bd5a91a572dbf01aeb9aea8a44534d510837d912c817e3fdd8b950bfc50f68676d7164f090c510fcb1a0d70322e669f26e032bd985c2aea6ff69dc761f"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x11, 0x7f, [@tim={0x5, 0x3, {0x80, 0x9, 0x1}}, @ssid={0x0, 0x6, @default_ibss_ssid}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x6, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x7f, 0x7, 0x5, 0x9, 0xc5e, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x5, 0x7308, 0x1]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x14, 0xbb, [0x8, 0x7, 0x823, 0x6, 0x1f, 0x0, 0xff, 0x2]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CSA_IES={0x70, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_PRESP={0x16, 0xbb, [0x1, 0xfffb, 0x3f, 0x7f, 0x8, 0x9, 0x934, 0x8001, 0x5]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x5, 0x5, 0x9, 0x100]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0xff, 0x7, 0x200, 0x2, 0x1, 0x6, 0x9cd4]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x18, 0xbb, [0xd3cb, 0x8001, 0xffff, 0x2, 0x7, 0x100, 0x81, 0x8000, 0x3f, 0x200]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0x979f, 0x1, 0x9, 0x7f, 0x9, 0x1, 0x2]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x1, 0x80]}]}, @NL80211_ATTR_CSA_IES={0x5a0, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0xfff8, 0x401, 0x8000, 0x7f, 0x8, 0x1]}, @beacon_params=[@NL80211_ATTR_FTM_RESPONDER={0x3d4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xb2, 0x3, "acc2df72f4ce532afcedc46a9b320c4ca6ddada4023e13c1ba5528d06cbb292c0e4b98a8e2fce9a2fb71db05c07dadfcf90c52f37187f67fa1d88352ea210ec7dca8c0f68e2c29cb03f1034898115b97e2f0a64dab1f77e6b63cc59b0f94ac7c9e96d7061ec6d3547048a57f5149e4eacbc37d4432636eafa5b6b8f88e8be3c713901fa0dedd2f633ce5df93c85deefb34af1d08ad93efa65f95746b4a8a60336dfbc5ea35868b7edd037746a031"}, @NL80211_FTM_RESP_ATTR_LCI={0xa0, 0x2, "7dcff8351bdfaa5fec73af225d03667ca8df83a94aa641fae12381af692fe489c5f7e9291da371b4de291b4318d2a35ebcb7d0eff4c15f9d3f2ff83f19a779c0dc6ffec08658a28cce40798ebbdff1a819d04a6ae73b767a508533fc125280c52c61960c7ae6be14800f909b3632755a3551b1b7fd6676468f3ca2c017255c2d5c4abad84bff095a99cf58fa6bcf8c5008957bf7433ee60183bd317b"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x76, 0x3, "30fd7d06e019284ffa1c0996744fe50ef5ad634274cb651cf8d286a08b388de6852578e9f781a70d41fabb9b3a894ac3d805b6e1f7fece7cb0376b1cd21dce18e4c9704957c7d413ac5f436c91d63322d827b0f8cb5b9b85c82202eb23291fa1bd849d9ff92f8518215cf2e561527fe72062"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0xf1, 0x2, "450d00216ffd3af84c9220d0c13ca076497015ac19ebd03b8bd46861039e4d721bcd2b6202776c70cef16fc711c89b172c6e43fbe0b5e875d708e4488f5167ce106680853faa1e38cbbc0d8f7cbb9b1cd804729c14ad920f81b4c908b3b5864ede9b27e1bf53f9b48c6635bff9c5965018ecd7367ba9c390dedb7d6120b202d7f8e977e060507337a06bdd3dab9b2425459c2cea41707c4c359ba1fab73b768df9d0af028b12e0868f48071e1e496d347688819754eeb7fe550a3b060e8fab1040427add3934e220dc438ce02c126149f8e3e8ba7491f0d830aa8e4fe9b93cf5ab088e647594dbf0470166b8da"}, @NL80211_FTM_RESP_ATTR_LCI={0x32, 0x2, "cd421e4a796903ed1f702a93b6ed96c6195404c4e812b382ec64c606d01ca94ae50102c597e648c6d0edc9ea3465"}, @NL80211_FTM_RESP_ATTR_LCI={0x3a, 0x2, "5b9cbe426327edd4d3fe9aab2fd948179df95d7d37a1ad466a10628a23a63fa15c24f966e8ae0cf94752bab026c73a8c41b97b253c74"}, @NL80211_FTM_RESP_ATTR_LCI={0x25, 0x2, "150ec88cbc2ac4cd9bac11713d1fcd90e8405d9229accb7fdc39b9a1064ed97230"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "965d52c9cbd32163d0b256daa0f96a9c7e2fbe71c786bb511713a955f18bdcd1d2d46f1271c83fb1cd1679d2a21d2950602d7a4ba5b8ef4ed481a0ae88875750750b925e97408c3886b8c43bb89f51570fb5108304d37af561ee9b8eba40d34db425c4399f4bea586cd0d941f9"}]}, @NL80211_ATTR_FTM_RESPONDER={0x190, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x1b, 0x2, "6e17c4c3c658bb63bf895af974568ff34da81153d24198"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x99, 0x3, "1eb5e619933dc8d7d943468b3261c3fd0c0c8d9fc8767c20bb24bec12d86500d759183384a2809cd30bf564f6298f42c2d8b72fe9659026f8dcb813d8c10a1f93f5452db20240132d9d4da4be778157cca031aaf3b01df0417919326d03afa848d0b4a2f925faccd601a1b9290a5d5d1ce7592d552e6c27d4e0ceeb526afba97dc39a1e80f5c74136cb6772bfbeb598da08b2dee2b"}, @NL80211_FTM_RESP_ATTR_LCI={0xaa, 0x2, "da8689f6604f6366928d6972872e845e0f59f2119bbea4c785502a643f6662d5b195bd9536902a0318e6093872580b2e95ba5035a84970a6e0a25f18daf0dc74476c613bc7981b9a5bf8e3bac78840f138a550b147f5b0f8aec2057bc21c62f66acd18060ab59909d187dcf373af84252a4ab020cb8d029da18e252ea00884d29675eb9db8a9159bf2155d516d68bc8a779b1fc841ff6bbf507b6973823733ac76bf8c2cab1a"}, @NL80211_FTM_RESP_ATTR_LCI={0x22, 0x2, "ea82404e6ea152167116e89f38dd22ea9919219aaa39b06349e2b9d4c5cf"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @NL80211_ATTR_CSA_C_OFF_BEACON={0x8, 0xba, [0xfff7, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xc, 0xba, [0x400, 0x4, 0x7, 0xfff]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x7ff, 0x5]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x80b, 0x800, 0x0]}]}]}, 0x1264}, 0x1, 0x0, 0x0, 0x8080}, 0x20000000) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) connect$nfc_raw(r1, &(0x7f0000000200)={0x27, 0x0, 0x1, 0x1}, 0x10) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33", 0x2}}}, 0x1a) socket(0x11, 0x6, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000240)) 00:11:43 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41ea"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 703.789702][ T5943] Bluetooth: Wrong link type (-22) [ 703.790991][ T5943] Bluetooth: hci4: link tx timeout [ 703.792098][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:43 executing program 1: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:43 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_ext_features={{0x23, 0xd}, {0x6, 0xc8, 0xf8, 0xff, "5b89b11045d9dbcb"}}}, 0x10) socket$can_j1939(0x1d, 0x2, 0x7) 00:11:43 executing program 1: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) [ 703.836011][ T5502] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_ext_features={{0x23, 0xd}, {0x6, 0xc8, 0xf8, 0xff, "5b89b11045d9dbcb"}}}, 0x10) (async) socket$can_j1939(0x1d, 0x2, 0x7) 00:11:43 executing program 0: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41ea"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:43 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae659"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:43 executing program 5: [ 703.916613][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:43 executing program 1: syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) 00:11:43 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae659"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) [ 703.956922][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:44 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000180)={0x0, 0x9}) (async) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x60c280, 0x0) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000226bd7000fbdbdf25550000000800010b6a000000"], 0x1c}}, 0x800) (async) socket$inet6(0xa, 0x2, 0x101) (async) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000015c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001580)={&(0x7f0000000300)={0x1264, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CSA_IES={0xc34, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_PROBE_RESP={0x50d, 0x91, "1e899196b82f35f5281a6386a101ad7b5fe8a2577bb8917df5d1440aca1b4074881756e3dc8561dfb89365dc31f7adcdb86916f299236670a6368d8b7349e318aa711eb3d78eb9ee08bc6e2ad8c446d1dfee50438d9e744251fe372d28e44a7a3d403a56370475c9ce1999ae3f8f673b68077c2ca1d0f1a642407b1a6517fc17064fbdc210f5edce36cd64fedf24a52f9f3fcd546512e6ac1aa506fc15f1d26a90573944e9f9b68eea58f892c4f898462fc0f7f1efe515aa4ed057784491c7c40aee8591754bc6b98b3947559b586fb972444eb38f8aebfc59a6caa3ca4e8ef847904bdf836b7d6d974ff639144119de33a382cf5e1504686bd219342151a2b744d78d86b40cdc206f15a9f8258327494f036fda3951f3c866678bb66d987470389e480ffeb9652fd3cb626cf57f6d2f56b20396d6d9c34033539f31a7559f25475ca501ce2136f9d1d724dadb90a1fd23dce6ddb22628f53baf7763f52c47de7a003ec8f3ed2f4abb9673f7f19d88a902d838ca2561e70d2f1d0c1d0b83e4670ed1b9426be634768782f94743198194145a33c6110048f2573bfd50fc7c0198d8e6fc26b0f7ab293413856031fa5a6f15fb9c8be67dfb57d6630da5ad24b4e93112264145a38a593c35a8021f0d09f6e4ccbca269b30a849fd0d225296d5dd8c6bccb7de78fae4f743986b80454e526dd2ad05e06dd054b02bebeddeae90076fa8b72b202ea8804875197cce0a76420162032aad83cf7107732d8867fd4ae36a5a0099a76bbb9db225189dabb32b5d077756189a91caa7547df08685ef0219f04d4dd79c3bf9d4a12c404e1b11b519eaef8d1183eeb19df9417e90399c013bf87b5739f0de71c510f9e361964a3a8a7c71d57b980856b251b00a03d13311210c159bc14508740a0a194f93e15b8509dd025c35366d157dbad150d6d9027322b05320d0b54cbee51aec566d614424ee186292a8ac5253afd286b40ae457b7598b04f51d4905c47c9706f114c3515601cf1ad3ec812364acc9ab8500d191b251045a28ecd975782405203cfb14ace9cfc189410318fcd3cc8f47b359baad7be757d176eba58bd6befa4fb5183d6832f3037f27d62981795d6d4decadb5da76b6e0e9cb1a8f69ef58249bf8774deee8d207bf353982462b71281ecf553294a2afc60c354e4f4278942c43d181daa77ce554286a43c8ec828091c2cf9253353d295763b7f85241b0c88f53d0f0f86c00963c3f790adf100b083b89b54a3b2d914e0460f2c5673e6b53ef07d6c96bd806068c2c4f092ed13c774f340c5a094b5dd97f9762691759cca28b2d1efe8fe32255608ec10bf317dc1290026295b025c21c8e1c4f11e77f46ff6939c62314bcd247771e81a7735786976e67d8d1cd01a7c6eedabf0aaae46add24e93ff94279bb0396a7868a0cde04ad97b4f53cb2e4b6675e314bbc1293bf770db7adb66960546d4711aa2553854144253b1a1ffa78a6c60435e34c3052371d10c7ce1e9e9679d4f3bca3e1b5b002395531ce4b0e13bc754dc47703b28d3b12c4b07a5faa80f70072731225bc2fa738c01831b0306abeec9e1b439a62716ccaf5bb4f8d9cc9773e9b6a8e657c21b2b83bacec38ee334f7ae04cc910768aadbd3d4427510d567a98c56a899d5731d5cfc1ef9e6cb86de1f643da03eb4518b5dda38f82277bce5548b90ca8f657d8e7c5e3f9cd589a811f2ac0b7c8c1da74ecfd0c836408dffaa04e9e6397e72a3e31a8bf634d975625edee6d12dfc6afe76180b0be0bca3d420b74d94b1fe567b05215ae75b0190bb59c7b66c7883bd6cbc32f99f"}, @NL80211_ATTR_IE_ASSOC_RESP={0x149, 0x80, [@ext_channel_switch={0x3c, 0x4, {0x0, 0xf1, 0xa9, 0x5a}}, @random_vendor={0xdd, 0x72, "1407a75e0e812646fa50ef0b895c8afb050e78e3f1c998d673de41759822ce2e7f7d38dfe9ec780008649ba5a781a34fd16684ee1e96ec7a182ee917875206f18636dc25bc5f16d1bebceda18e258f5581370682856751dcf5b79e75434242a27d715572a25865b66920bd5dc0ca959f5a00"}, @perr={0x84, 0xc9, {0x3, 0xd, [@not_ext={{}, @device_b, 0x9, "", 0x1f}, @ext={{}, @device_a, 0x5, @broadcast, 0x19}, @not_ext={{}, @device_a, 0x7, "", 0x35}, @not_ext={{}, @device_b, 0x4, "", 0x37}, @not_ext={{}, @device_a, 0x5, "", 0x2c}, @ext={{}, @device_b, 0x8}, @not_ext={{}, @device_a, 0x1, "", 0x16}, @not_ext={{}, @device_b, 0x95, "", 0x30}, @ext={{}, @broadcast, 0x10000000, @device_a, 0x15}, @ext={{}, @broadcast, 0x6, @device_b, 0x30}, @not_ext={{}, @device_b, 0x9, "", 0x3e}, @ext={{}, @broadcast, 0x30, @device_b, 0x2a}, @not_ext={{}, @device_b, 0x8, "", 0x2e}]}}]}, @NL80211_ATTR_IE={0x28, 0x2a, [@prep={0x83, 0x1f, @not_ext={{}, 0x6, 0x85, @device_b, 0x6, "", 0x3f, 0x4, @device_a, 0x9}}, @dsss={0x3, 0x1, 0xad}]}, @NL80211_ATTR_FTM_RESPONDER={0xd0, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xa, 0x3, "4f87708961a4"}, @NL80211_FTM_RESP_ATTR_LCI={0x23, 0x2, "1515248804e34829f02efe0beaed3e783173ad6612cfad0dd1405fde8e9041"}, @NL80211_FTM_RESP_ATTR_LCI={0x95, 0x2, "28fa2ba5cae12cb0590f9fe1f292e8030fb4554003f02e517515280442e8751075dba123036e483d36ac3d497b5321c0016ea46d70015fed11b48dbb4b2f9ae0030afeae695f563dd2c9182b482f02cffa8fe0500095b4b0d2cdec543bdba9399ac32602e4bee255efa8de0b460755a7dbaf02099aa019ac0b5d6bb45bdf16d722e9b6579fe955fc79a7d2912992249406"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_BEACON_HEAD={0x48f, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x7b47}, @device_a, @broadcast, @from_mac=@device_b, {0x4, 0x5}}, @ver_80211n={0x0, 0x81, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x1, @random=0x6, 0x0, @void, @void, @val={0x3, 0x1, 0x70}, @void, @void, @val={0x5, 0x8b, {0xff, 0x3b, 0xd7, "771a8171a7aa7613e61fb5f18a0b55a85521c412cdb1760558cc07a24918e040bd1c5ca99f8569315875adb838d4926aca4352bd505e14113ed8215a281c9aeab3ca2caa74996e9715fac6270085cf72d3660f3b07a859a3c6897b47ed09832edfdfa0dc8dbb2d0f3094955104081cd620dd121a2cbeb6842155a99ae96040dbefe2bd94d0c700ed"}}, @void, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x6, 0x74, 0x6}}, @val={0x2d, 0x1a, {0x4008, 0x3, 0x3, 0x0, {0x6842, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2}, 0x400, 0x0, 0x1f}}, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0xffffffffffffffff, 0x7, 0x69}}, @void, [{0xdd, 0x92, "0f7e5c9edae21ba1bf9c9eb07f8a0b3b02a1a9d3e01ba345e745f1d4f6e7497db69177f42f3fccb1901a77783eca74985c03b78536771ae4e444eafeb42325a329cab14170a4939061bc1b3cc9462cb665df9dd67344778498d637fe62fa745a73c698be7abbf3665e3584753de84d6d3a6a9b7b3c27ffd6782a255baa7860dac4bb79312a1d3c86fabd3ee2b9ddaaf0a7fe"}, {0xdd, 0xc9, "396b0de70791d88504b3b5d0b06720b09237bf48ad2140f25e13fd8603fc7614cf7849f7c474359f2a006999eaf37ac505cc42630bdf6b7b4db24c19dd9a84232e738bd7f9a334b92eb5e56a236c1041fced2da412447cae3d1ca94572a8fea4a2f8aad29e04cfd4510bb8bb0b4febbcce7ea46ae6decc86c30bdd9fe40ed4b85b53c34c36b085d0347c96465849fef4a52e70f75e4a4aa1fd8a939597d234108ce96c36fa4bd0edeb83ad6dee6d81c988356a43f85628d7d57e4dbfc4b5640b9c4e0729d05331378f"}, {0xdd, 0x4b, "3552703c827f7f2cf17afe87dd416164f7f4789d1a9781218b44b409d23a51755641bc584e422b942eaf47b153124a3b04976813e8b20c4dfbabdbd5d57f638b99b27172ad29633aa06236"}, {0xdd, 0xbf, "7844f48a09680a93008f620bf3b63dafc7406255cf7a71a0d0dd29dcc70173799c3236cc6bec070d7b218dcdc778c708fe39c82ed48a7bf229770fd470cc021a2a35342b9434780e98d6d91f08981fa591c0a62621054c83996fe90b1a334ac634b7aac8a02059fed05db33b3f5f556b6166705ef486f01af5890cc2e8f4f4cdb54b42dbf15f00567fb6da47fd0980d4daea80b872d1bb79d36d35e7b1cdf4c13611e84aba79bd34025a82fffa4eb4058ecc1c628f46273e0ea3c781d3bb43"}, {0xdd, 0x17, "e508338be0c867c41ec670e6d15af8f3dbeb24b76acc28"}, {0xdd, 0xa4, "827f7e6b96552cdc7734723326707f2c636bd6f73c15ec45070ca67814c969377521018be442286f25b6ea31c13a729fc5301a5f3d3eddb305c45c70f23513d748dc03aaea32dcde92f6794718fb03858740624e3d58ab67f689298d08395f6f87a522b7b0fc4918460df689da3008e8597480b8ebda9c55db266c385745f7191266ac1c2c94bc1d3bf07e957a5ee41faa4434b4601faa248da6ed9b62db3c1fb78c11a1"}, {0xdd, 0x77, "f58123fa7cf1ef2c417b16a9da38d9b7531ced4c2dfa91fb56f63b2529194c937f5d15c9664c717104bb03d8ad7c4261d40788f7629ee8394f86bd5a91a572dbf01aeb9aea8a44534d510837d912c817e3fdd8b950bfc50f68676d7164f090c510fcb1a0d70322e669f26e032bd985c2aea6ff69dc761f"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x11, 0x7f, [@tim={0x5, 0x3, {0x80, 0x9, 0x1}}, @ssid={0x0, 0x6, @default_ibss_ssid}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x6, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x7f, 0x7, 0x5, 0x9, 0xc5e, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x5, 0x7308, 0x1]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x14, 0xbb, [0x8, 0x7, 0x823, 0x6, 0x1f, 0x0, 0xff, 0x2]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CSA_IES={0x70, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_PRESP={0x16, 0xbb, [0x1, 0xfffb, 0x3f, 0x7f, 0x8, 0x9, 0x934, 0x8001, 0x5]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x5, 0x5, 0x9, 0x100]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0xff, 0x7, 0x200, 0x2, 0x1, 0x6, 0x9cd4]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x18, 0xbb, [0xd3cb, 0x8001, 0xffff, 0x2, 0x7, 0x100, 0x81, 0x8000, 0x3f, 0x200]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0x979f, 0x1, 0x9, 0x7f, 0x9, 0x1, 0x2]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x1, 0x80]}]}, @NL80211_ATTR_CSA_IES={0x5a0, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0xfff8, 0x401, 0x8000, 0x7f, 0x8, 0x1]}, @beacon_params=[@NL80211_ATTR_FTM_RESPONDER={0x3d4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xb2, 0x3, "acc2df72f4ce532afcedc46a9b320c4ca6ddada4023e13c1ba5528d06cbb292c0e4b98a8e2fce9a2fb71db05c07dadfcf90c52f37187f67fa1d88352ea210ec7dca8c0f68e2c29cb03f1034898115b97e2f0a64dab1f77e6b63cc59b0f94ac7c9e96d7061ec6d3547048a57f5149e4eacbc37d4432636eafa5b6b8f88e8be3c713901fa0dedd2f633ce5df93c85deefb34af1d08ad93efa65f95746b4a8a60336dfbc5ea35868b7edd037746a031"}, @NL80211_FTM_RESP_ATTR_LCI={0xa0, 0x2, "7dcff8351bdfaa5fec73af225d03667ca8df83a94aa641fae12381af692fe489c5f7e9291da371b4de291b4318d2a35ebcb7d0eff4c15f9d3f2ff83f19a779c0dc6ffec08658a28cce40798ebbdff1a819d04a6ae73b767a508533fc125280c52c61960c7ae6be14800f909b3632755a3551b1b7fd6676468f3ca2c017255c2d5c4abad84bff095a99cf58fa6bcf8c5008957bf7433ee60183bd317b"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x76, 0x3, "30fd7d06e019284ffa1c0996744fe50ef5ad634274cb651cf8d286a08b388de6852578e9f781a70d41fabb9b3a894ac3d805b6e1f7fece7cb0376b1cd21dce18e4c9704957c7d413ac5f436c91d63322d827b0f8cb5b9b85c82202eb23291fa1bd849d9ff92f8518215cf2e561527fe72062"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0xf1, 0x2, "450d00216ffd3af84c9220d0c13ca076497015ac19ebd03b8bd46861039e4d721bcd2b6202776c70cef16fc711c89b172c6e43fbe0b5e875d708e4488f5167ce106680853faa1e38cbbc0d8f7cbb9b1cd804729c14ad920f81b4c908b3b5864ede9b27e1bf53f9b48c6635bff9c5965018ecd7367ba9c390dedb7d6120b202d7f8e977e060507337a06bdd3dab9b2425459c2cea41707c4c359ba1fab73b768df9d0af028b12e0868f48071e1e496d347688819754eeb7fe550a3b060e8fab1040427add3934e220dc438ce02c126149f8e3e8ba7491f0d830aa8e4fe9b93cf5ab088e647594dbf0470166b8da"}, @NL80211_FTM_RESP_ATTR_LCI={0x32, 0x2, "cd421e4a796903ed1f702a93b6ed96c6195404c4e812b382ec64c606d01ca94ae50102c597e648c6d0edc9ea3465"}, @NL80211_FTM_RESP_ATTR_LCI={0x3a, 0x2, "5b9cbe426327edd4d3fe9aab2fd948179df95d7d37a1ad466a10628a23a63fa15c24f966e8ae0cf94752bab026c73a8c41b97b253c74"}, @NL80211_FTM_RESP_ATTR_LCI={0x25, 0x2, "150ec88cbc2ac4cd9bac11713d1fcd90e8405d9229accb7fdc39b9a1064ed97230"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "965d52c9cbd32163d0b256daa0f96a9c7e2fbe71c786bb511713a955f18bdcd1d2d46f1271c83fb1cd1679d2a21d2950602d7a4ba5b8ef4ed481a0ae88875750750b925e97408c3886b8c43bb89f51570fb5108304d37af561ee9b8eba40d34db425c4399f4bea586cd0d941f9"}]}, @NL80211_ATTR_FTM_RESPONDER={0x190, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x1b, 0x2, "6e17c4c3c658bb63bf895af974568ff34da81153d24198"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x99, 0x3, "1eb5e619933dc8d7d943468b3261c3fd0c0c8d9fc8767c20bb24bec12d86500d759183384a2809cd30bf564f6298f42c2d8b72fe9659026f8dcb813d8c10a1f93f5452db20240132d9d4da4be778157cca031aaf3b01df0417919326d03afa848d0b4a2f925faccd601a1b9290a5d5d1ce7592d552e6c27d4e0ceeb526afba97dc39a1e80f5c74136cb6772bfbeb598da08b2dee2b"}, @NL80211_FTM_RESP_ATTR_LCI={0xaa, 0x2, "da8689f6604f6366928d6972872e845e0f59f2119bbea4c785502a643f6662d5b195bd9536902a0318e6093872580b2e95ba5035a84970a6e0a25f18daf0dc74476c613bc7981b9a5bf8e3bac78840f138a550b147f5b0f8aec2057bc21c62f66acd18060ab59909d187dcf373af84252a4ab020cb8d029da18e252ea00884d29675eb9db8a9159bf2155d516d68bc8a779b1fc841ff6bbf507b6973823733ac76bf8c2cab1a"}, @NL80211_FTM_RESP_ATTR_LCI={0x22, 0x2, "ea82404e6ea152167116e89f38dd22ea9919219aaa39b06349e2b9d4c5cf"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @NL80211_ATTR_CSA_C_OFF_BEACON={0x8, 0xba, [0xfff7, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xc, 0xba, [0x400, 0x4, 0x7, 0xfff]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x7ff, 0x5]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x80b, 0x800, 0x0]}]}]}, 0x1264}, 0x1, 0x0, 0x0, 0x8080}, 0x20000000) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) connect$nfc_raw(r1, &(0x7f0000000200)={0x27, 0x0, 0x1, 0x1}, 0x10) (async) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33", 0x2}}}, 0x1a) (async) socket(0x11, 0x6, 0x0) (async) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000240)) 00:11:44 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae659"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:44 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRES8], 0x9) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000100)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r0, 0xc02864ca, &(0x7f00000000c0)={&(0x7f0000000000)=[0x0, 0x0, 0x0], &(0x7f0000000080)=[0x9, 0x80000001, 0x4839, 0x13660e7f, 0xb39, 0x4], 0x94ac, 0x3, 0x3}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) sendmsg$NL80211_CMD_TESTMODE(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r1, 0x20, 0x70bd28, 0x25dfdbfb, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x2000000) 00:11:44 executing program 5: [ 704.055788][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:44 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_ext_features={{0x23, 0xd}, {0x6, 0xc8, 0xf8, 0xff, "5b89b11045d9dbcb"}}}, 0x10) socket$can_j1939(0x1d, 0x2, 0x7) 00:11:44 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596c"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:44 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRES8], 0x9) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) syz_emit_vhci(&(0x7f0000000100)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) (async) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r0, 0xc02864ca, &(0x7f00000000c0)={&(0x7f0000000000)=[0x0, 0x0, 0x0], &(0x7f0000000080)=[0x9, 0x80000001, 0x4839, 0x13660e7f, 0xb39, 0x4], 0x94ac, 0x3, 0x3}) (async) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) sendmsg$NL80211_CMD_TESTMODE(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r1, 0x20, 0x70bd28, 0x25dfdbfb, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x2000000) 00:11:44 executing program 1: syz_emit_vhci(0x0, 0x0) [ 704.092896][ T5943] Bluetooth: hci0: command 0x0406 tx timeout [ 704.105726][ T5502] Bluetooth: Unexpected start frame (len 4) [ 704.111531][ T5502] Bluetooth: Wrong link type (-22) [ 704.112797][ T5502] Bluetooth: hci4: link tx timeout [ 704.114139][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:44 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596c"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:44 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async, rerun: 32) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000180)={0x0, 0x9}) (rerun: 32) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x60c280, 0x0) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000226bd7000fbdbdf25550000000800010b6a000000"], 0x1c}}, 0x800) (async) socket$inet6(0xa, 0x2, 0x101) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000015c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001580)={&(0x7f0000000300)={0x1264, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CSA_IES={0xc34, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_PROBE_RESP={0x50d, 0x91, "1e899196b82f35f5281a6386a101ad7b5fe8a2577bb8917df5d1440aca1b4074881756e3dc8561dfb89365dc31f7adcdb86916f299236670a6368d8b7349e318aa711eb3d78eb9ee08bc6e2ad8c446d1dfee50438d9e744251fe372d28e44a7a3d403a56370475c9ce1999ae3f8f673b68077c2ca1d0f1a642407b1a6517fc17064fbdc210f5edce36cd64fedf24a52f9f3fcd546512e6ac1aa506fc15f1d26a90573944e9f9b68eea58f892c4f898462fc0f7f1efe515aa4ed057784491c7c40aee8591754bc6b98b3947559b586fb972444eb38f8aebfc59a6caa3ca4e8ef847904bdf836b7d6d974ff639144119de33a382cf5e1504686bd219342151a2b744d78d86b40cdc206f15a9f8258327494f036fda3951f3c866678bb66d987470389e480ffeb9652fd3cb626cf57f6d2f56b20396d6d9c34033539f31a7559f25475ca501ce2136f9d1d724dadb90a1fd23dce6ddb22628f53baf7763f52c47de7a003ec8f3ed2f4abb9673f7f19d88a902d838ca2561e70d2f1d0c1d0b83e4670ed1b9426be634768782f94743198194145a33c6110048f2573bfd50fc7c0198d8e6fc26b0f7ab293413856031fa5a6f15fb9c8be67dfb57d6630da5ad24b4e93112264145a38a593c35a8021f0d09f6e4ccbca269b30a849fd0d225296d5dd8c6bccb7de78fae4f743986b80454e526dd2ad05e06dd054b02bebeddeae90076fa8b72b202ea8804875197cce0a76420162032aad83cf7107732d8867fd4ae36a5a0099a76bbb9db225189dabb32b5d077756189a91caa7547df08685ef0219f04d4dd79c3bf9d4a12c404e1b11b519eaef8d1183eeb19df9417e90399c013bf87b5739f0de71c510f9e361964a3a8a7c71d57b980856b251b00a03d13311210c159bc14508740a0a194f93e15b8509dd025c35366d157dbad150d6d9027322b05320d0b54cbee51aec566d614424ee186292a8ac5253afd286b40ae457b7598b04f51d4905c47c9706f114c3515601cf1ad3ec812364acc9ab8500d191b251045a28ecd975782405203cfb14ace9cfc189410318fcd3cc8f47b359baad7be757d176eba58bd6befa4fb5183d6832f3037f27d62981795d6d4decadb5da76b6e0e9cb1a8f69ef58249bf8774deee8d207bf353982462b71281ecf553294a2afc60c354e4f4278942c43d181daa77ce554286a43c8ec828091c2cf9253353d295763b7f85241b0c88f53d0f0f86c00963c3f790adf100b083b89b54a3b2d914e0460f2c5673e6b53ef07d6c96bd806068c2c4f092ed13c774f340c5a094b5dd97f9762691759cca28b2d1efe8fe32255608ec10bf317dc1290026295b025c21c8e1c4f11e77f46ff6939c62314bcd247771e81a7735786976e67d8d1cd01a7c6eedabf0aaae46add24e93ff94279bb0396a7868a0cde04ad97b4f53cb2e4b6675e314bbc1293bf770db7adb66960546d4711aa2553854144253b1a1ffa78a6c60435e34c3052371d10c7ce1e9e9679d4f3bca3e1b5b002395531ce4b0e13bc754dc47703b28d3b12c4b07a5faa80f70072731225bc2fa738c01831b0306abeec9e1b439a62716ccaf5bb4f8d9cc9773e9b6a8e657c21b2b83bacec38ee334f7ae04cc910768aadbd3d4427510d567a98c56a899d5731d5cfc1ef9e6cb86de1f643da03eb4518b5dda38f82277bce5548b90ca8f657d8e7c5e3f9cd589a811f2ac0b7c8c1da74ecfd0c836408dffaa04e9e6397e72a3e31a8bf634d975625edee6d12dfc6afe76180b0be0bca3d420b74d94b1fe567b05215ae75b0190bb59c7b66c7883bd6cbc32f99f"}, @NL80211_ATTR_IE_ASSOC_RESP={0x149, 0x80, [@ext_channel_switch={0x3c, 0x4, {0x0, 0xf1, 0xa9, 0x5a}}, @random_vendor={0xdd, 0x72, "1407a75e0e812646fa50ef0b895c8afb050e78e3f1c998d673de41759822ce2e7f7d38dfe9ec780008649ba5a781a34fd16684ee1e96ec7a182ee917875206f18636dc25bc5f16d1bebceda18e258f5581370682856751dcf5b79e75434242a27d715572a25865b66920bd5dc0ca959f5a00"}, @perr={0x84, 0xc9, {0x3, 0xd, [@not_ext={{}, @device_b, 0x9, "", 0x1f}, @ext={{}, @device_a, 0x5, @broadcast, 0x19}, @not_ext={{}, @device_a, 0x7, "", 0x35}, @not_ext={{}, @device_b, 0x4, "", 0x37}, @not_ext={{}, @device_a, 0x5, "", 0x2c}, @ext={{}, @device_b, 0x8}, @not_ext={{}, @device_a, 0x1, "", 0x16}, @not_ext={{}, @device_b, 0x95, "", 0x30}, @ext={{}, @broadcast, 0x10000000, @device_a, 0x15}, @ext={{}, @broadcast, 0x6, @device_b, 0x30}, @not_ext={{}, @device_b, 0x9, "", 0x3e}, @ext={{}, @broadcast, 0x30, @device_b, 0x2a}, @not_ext={{}, @device_b, 0x8, "", 0x2e}]}}]}, @NL80211_ATTR_IE={0x28, 0x2a, [@prep={0x83, 0x1f, @not_ext={{}, 0x6, 0x85, @device_b, 0x6, "", 0x3f, 0x4, @device_a, 0x9}}, @dsss={0x3, 0x1, 0xad}]}, @NL80211_ATTR_FTM_RESPONDER={0xd0, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xa, 0x3, "4f87708961a4"}, @NL80211_FTM_RESP_ATTR_LCI={0x23, 0x2, "1515248804e34829f02efe0beaed3e783173ad6612cfad0dd1405fde8e9041"}, @NL80211_FTM_RESP_ATTR_LCI={0x95, 0x2, "28fa2ba5cae12cb0590f9fe1f292e8030fb4554003f02e517515280442e8751075dba123036e483d36ac3d497b5321c0016ea46d70015fed11b48dbb4b2f9ae0030afeae695f563dd2c9182b482f02cffa8fe0500095b4b0d2cdec543bdba9399ac32602e4bee255efa8de0b460755a7dbaf02099aa019ac0b5d6bb45bdf16d722e9b6579fe955fc79a7d2912992249406"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_BEACON_HEAD={0x48f, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x7b47}, @device_a, @broadcast, @from_mac=@device_b, {0x4, 0x5}}, @ver_80211n={0x0, 0x81, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x1, @random=0x6, 0x0, @void, @void, @val={0x3, 0x1, 0x70}, @void, @void, @val={0x5, 0x8b, {0xff, 0x3b, 0xd7, "771a8171a7aa7613e61fb5f18a0b55a85521c412cdb1760558cc07a24918e040bd1c5ca99f8569315875adb838d4926aca4352bd505e14113ed8215a281c9aeab3ca2caa74996e9715fac6270085cf72d3660f3b07a859a3c6897b47ed09832edfdfa0dc8dbb2d0f3094955104081cd620dd121a2cbeb6842155a99ae96040dbefe2bd94d0c700ed"}}, @void, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x6, 0x74, 0x6}}, @val={0x2d, 0x1a, {0x4008, 0x3, 0x3, 0x0, {0x6842, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2}, 0x400, 0x0, 0x1f}}, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0xffffffffffffffff, 0x7, 0x69}}, @void, [{0xdd, 0x92, "0f7e5c9edae21ba1bf9c9eb07f8a0b3b02a1a9d3e01ba345e745f1d4f6e7497db69177f42f3fccb1901a77783eca74985c03b78536771ae4e444eafeb42325a329cab14170a4939061bc1b3cc9462cb665df9dd67344778498d637fe62fa745a73c698be7abbf3665e3584753de84d6d3a6a9b7b3c27ffd6782a255baa7860dac4bb79312a1d3c86fabd3ee2b9ddaaf0a7fe"}, {0xdd, 0xc9, "396b0de70791d88504b3b5d0b06720b09237bf48ad2140f25e13fd8603fc7614cf7849f7c474359f2a006999eaf37ac505cc42630bdf6b7b4db24c19dd9a84232e738bd7f9a334b92eb5e56a236c1041fced2da412447cae3d1ca94572a8fea4a2f8aad29e04cfd4510bb8bb0b4febbcce7ea46ae6decc86c30bdd9fe40ed4b85b53c34c36b085d0347c96465849fef4a52e70f75e4a4aa1fd8a939597d234108ce96c36fa4bd0edeb83ad6dee6d81c988356a43f85628d7d57e4dbfc4b5640b9c4e0729d05331378f"}, {0xdd, 0x4b, "3552703c827f7f2cf17afe87dd416164f7f4789d1a9781218b44b409d23a51755641bc584e422b942eaf47b153124a3b04976813e8b20c4dfbabdbd5d57f638b99b27172ad29633aa06236"}, {0xdd, 0xbf, "7844f48a09680a93008f620bf3b63dafc7406255cf7a71a0d0dd29dcc70173799c3236cc6bec070d7b218dcdc778c708fe39c82ed48a7bf229770fd470cc021a2a35342b9434780e98d6d91f08981fa591c0a62621054c83996fe90b1a334ac634b7aac8a02059fed05db33b3f5f556b6166705ef486f01af5890cc2e8f4f4cdb54b42dbf15f00567fb6da47fd0980d4daea80b872d1bb79d36d35e7b1cdf4c13611e84aba79bd34025a82fffa4eb4058ecc1c628f46273e0ea3c781d3bb43"}, {0xdd, 0x17, "e508338be0c867c41ec670e6d15af8f3dbeb24b76acc28"}, {0xdd, 0xa4, "827f7e6b96552cdc7734723326707f2c636bd6f73c15ec45070ca67814c969377521018be442286f25b6ea31c13a729fc5301a5f3d3eddb305c45c70f23513d748dc03aaea32dcde92f6794718fb03858740624e3d58ab67f689298d08395f6f87a522b7b0fc4918460df689da3008e8597480b8ebda9c55db266c385745f7191266ac1c2c94bc1d3bf07e957a5ee41faa4434b4601faa248da6ed9b62db3c1fb78c11a1"}, {0xdd, 0x77, "f58123fa7cf1ef2c417b16a9da38d9b7531ced4c2dfa91fb56f63b2529194c937f5d15c9664c717104bb03d8ad7c4261d40788f7629ee8394f86bd5a91a572dbf01aeb9aea8a44534d510837d912c817e3fdd8b950bfc50f68676d7164f090c510fcb1a0d70322e669f26e032bd985c2aea6ff69dc761f"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x11, 0x7f, [@tim={0x5, 0x3, {0x80, 0x9, 0x1}}, @ssid={0x0, 0x6, @default_ibss_ssid}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x6, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x7f, 0x7, 0x5, 0x9, 0xc5e, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x5, 0x7308, 0x1]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x14, 0xbb, [0x8, 0x7, 0x823, 0x6, 0x1f, 0x0, 0xff, 0x2]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CSA_IES={0x70, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_PRESP={0x16, 0xbb, [0x1, 0xfffb, 0x3f, 0x7f, 0x8, 0x9, 0x934, 0x8001, 0x5]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x5, 0x5, 0x9, 0x100]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0xff, 0x7, 0x200, 0x2, 0x1, 0x6, 0x9cd4]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x18, 0xbb, [0xd3cb, 0x8001, 0xffff, 0x2, 0x7, 0x100, 0x81, 0x8000, 0x3f, 0x200]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0x979f, 0x1, 0x9, 0x7f, 0x9, 0x1, 0x2]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x1, 0x80]}]}, @NL80211_ATTR_CSA_IES={0x5a0, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0xfff8, 0x401, 0x8000, 0x7f, 0x8, 0x1]}, @beacon_params=[@NL80211_ATTR_FTM_RESPONDER={0x3d4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xb2, 0x3, "acc2df72f4ce532afcedc46a9b320c4ca6ddada4023e13c1ba5528d06cbb292c0e4b98a8e2fce9a2fb71db05c07dadfcf90c52f37187f67fa1d88352ea210ec7dca8c0f68e2c29cb03f1034898115b97e2f0a64dab1f77e6b63cc59b0f94ac7c9e96d7061ec6d3547048a57f5149e4eacbc37d4432636eafa5b6b8f88e8be3c713901fa0dedd2f633ce5df93c85deefb34af1d08ad93efa65f95746b4a8a60336dfbc5ea35868b7edd037746a031"}, @NL80211_FTM_RESP_ATTR_LCI={0xa0, 0x2, "7dcff8351bdfaa5fec73af225d03667ca8df83a94aa641fae12381af692fe489c5f7e9291da371b4de291b4318d2a35ebcb7d0eff4c15f9d3f2ff83f19a779c0dc6ffec08658a28cce40798ebbdff1a819d04a6ae73b767a508533fc125280c52c61960c7ae6be14800f909b3632755a3551b1b7fd6676468f3ca2c017255c2d5c4abad84bff095a99cf58fa6bcf8c5008957bf7433ee60183bd317b"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x76, 0x3, "30fd7d06e019284ffa1c0996744fe50ef5ad634274cb651cf8d286a08b388de6852578e9f781a70d41fabb9b3a894ac3d805b6e1f7fece7cb0376b1cd21dce18e4c9704957c7d413ac5f436c91d63322d827b0f8cb5b9b85c82202eb23291fa1bd849d9ff92f8518215cf2e561527fe72062"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0xf1, 0x2, "450d00216ffd3af84c9220d0c13ca076497015ac19ebd03b8bd46861039e4d721bcd2b6202776c70cef16fc711c89b172c6e43fbe0b5e875d708e4488f5167ce106680853faa1e38cbbc0d8f7cbb9b1cd804729c14ad920f81b4c908b3b5864ede9b27e1bf53f9b48c6635bff9c5965018ecd7367ba9c390dedb7d6120b202d7f8e977e060507337a06bdd3dab9b2425459c2cea41707c4c359ba1fab73b768df9d0af028b12e0868f48071e1e496d347688819754eeb7fe550a3b060e8fab1040427add3934e220dc438ce02c126149f8e3e8ba7491f0d830aa8e4fe9b93cf5ab088e647594dbf0470166b8da"}, @NL80211_FTM_RESP_ATTR_LCI={0x32, 0x2, "cd421e4a796903ed1f702a93b6ed96c6195404c4e812b382ec64c606d01ca94ae50102c597e648c6d0edc9ea3465"}, @NL80211_FTM_RESP_ATTR_LCI={0x3a, 0x2, "5b9cbe426327edd4d3fe9aab2fd948179df95d7d37a1ad466a10628a23a63fa15c24f966e8ae0cf94752bab026c73a8c41b97b253c74"}, @NL80211_FTM_RESP_ATTR_LCI={0x25, 0x2, "150ec88cbc2ac4cd9bac11713d1fcd90e8405d9229accb7fdc39b9a1064ed97230"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "965d52c9cbd32163d0b256daa0f96a9c7e2fbe71c786bb511713a955f18bdcd1d2d46f1271c83fb1cd1679d2a21d2950602d7a4ba5b8ef4ed481a0ae88875750750b925e97408c3886b8c43bb89f51570fb5108304d37af561ee9b8eba40d34db425c4399f4bea586cd0d941f9"}]}, @NL80211_ATTR_FTM_RESPONDER={0x190, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x1b, 0x2, "6e17c4c3c658bb63bf895af974568ff34da81153d24198"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x99, 0x3, "1eb5e619933dc8d7d943468b3261c3fd0c0c8d9fc8767c20bb24bec12d86500d759183384a2809cd30bf564f6298f42c2d8b72fe9659026f8dcb813d8c10a1f93f5452db20240132d9d4da4be778157cca031aaf3b01df0417919326d03afa848d0b4a2f925faccd601a1b9290a5d5d1ce7592d552e6c27d4e0ceeb526afba97dc39a1e80f5c74136cb6772bfbeb598da08b2dee2b"}, @NL80211_FTM_RESP_ATTR_LCI={0xaa, 0x2, "da8689f6604f6366928d6972872e845e0f59f2119bbea4c785502a643f6662d5b195bd9536902a0318e6093872580b2e95ba5035a84970a6e0a25f18daf0dc74476c613bc7981b9a5bf8e3bac78840f138a550b147f5b0f8aec2057bc21c62f66acd18060ab59909d187dcf373af84252a4ab020cb8d029da18e252ea00884d29675eb9db8a9159bf2155d516d68bc8a779b1fc841ff6bbf507b6973823733ac76bf8c2cab1a"}, @NL80211_FTM_RESP_ATTR_LCI={0x22, 0x2, "ea82404e6ea152167116e89f38dd22ea9919219aaa39b06349e2b9d4c5cf"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @NL80211_ATTR_CSA_C_OFF_BEACON={0x8, 0xba, [0xfff7, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xc, 0xba, [0x400, 0x4, 0x7, 0xfff]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x7ff, 0x5]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x80b, 0x800, 0x0]}]}]}, 0x1264}, 0x1, 0x0, 0x0, 0x8080}, 0x20000000) (async) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) connect$nfc_raw(r1, &(0x7f0000000200)={0x27, 0x0, 0x1, 0x1}, 0x10) (async) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33", 0x2}}}, 0x1a) (async) socket(0x11, 0x6, 0x0) (async) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000240)) 00:11:44 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRES8], 0x9) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000100)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r0, 0xc02864ca, &(0x7f00000000c0)={&(0x7f0000000000)=[0x0, 0x0, 0x0], &(0x7f0000000080)=[0x9, 0x80000001, 0x4839, 0x13660e7f, 0xb39, 0x4], 0x94ac, 0x3, 0x3}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) sendmsg$NL80211_CMD_TESTMODE(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r1, 0x20, 0x70bd28, 0x25dfdbfb, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x2000000) [ 704.154784][ T5943] Bluetooth: Unexpected start frame (len 4) [ 704.163311][ T5502] Bluetooth: Wrong link type (-22) [ 704.164544][ T5502] Bluetooth: Wrong link type (-22) [ 704.165746][ T5502] Bluetooth: Wrong link type (-22) [ 704.166819][ T5502] Bluetooth: Wrong link type (-22) [ 704.167971][ T5502] Bluetooth: Wrong link type (-22) 00:11:44 executing program 5: syz_emit_vhci(0x0, 0x9) [ 704.169030][ T5502] Bluetooth: Wrong link type (-22) [ 704.170104][ T5502] Bluetooth: Wrong link type (-22) [ 704.171206][ T5502] Bluetooth: Wrong link type (-22) [ 704.172335][ T5502] Bluetooth: Wrong link type (-22) [ 704.174313][ T5502] Bluetooth: Wrong link type (-22) [ 704.175459][ T5502] Bluetooth: Wrong link type (-22) [ 704.176582][ T5502] Bluetooth: Wrong link type (-22) [ 704.177668][ T5502] Bluetooth: Wrong link type (-22) [ 704.178789][ T5502] Bluetooth: Wrong link type (-22) [ 704.179868][ T5502] Bluetooth: Wrong link type (-22) [ 704.181070][ T5502] Bluetooth: Wrong link type (-22) [ 704.182194][ T5502] Bluetooth: Wrong link type (-22) [ 704.184122][ T5502] Bluetooth: Wrong link type (-22) [ 704.185282][ T5502] Bluetooth: Wrong link type (-22) [ 704.186438][ T5502] Bluetooth: Wrong link type (-22) [ 704.187584][ T5502] Bluetooth: Wrong link type (-22) [ 704.188739][ T5502] Bluetooth: Wrong link type (-22) [ 704.189809][ T5502] Bluetooth: Wrong link type (-22) [ 704.190961][ T5502] Bluetooth: Wrong link type (-22) [ 704.192169][ T5502] Bluetooth: Wrong link type (-22) [ 704.193442][ T5502] Bluetooth: Wrong link type (-22) [ 704.194524][ T5502] Bluetooth: Wrong link type (-22) [ 704.195593][ T5502] Bluetooth: Wrong link type (-22) [ 704.196683][ T5502] Bluetooth: Wrong link type (-22) [ 704.197750][ T5502] Bluetooth: Wrong link type (-22) [ 704.198851][ T5502] Bluetooth: Wrong link type (-22) [ 704.200013][ T5502] Bluetooth: Wrong link type (-22) [ 704.201153][ T5502] Bluetooth: Wrong link type (-22) [ 704.202292][ T5502] Bluetooth: hci4: link tx timeout [ 704.203905][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:44 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) 00:11:44 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596c"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:44 executing program 1: syz_emit_vhci(0x0, 0x0) 00:11:44 executing program 5: syz_emit_vhci(0x0, 0x9) 00:11:44 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0xd1, 0x8}, {0x0, 0x0, 0x5}}}}, 0x15) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="d026fe4d5e43fe1112000020000000000000", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x8) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, r1, 0x8, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY_SEQ={0x5, 0xa, "8f"}, @NL80211_ATTR_KEY_TYPE={0x8}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "7661579b8de76502ad9a9f33fc"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_SEQ={0x4}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040000) [ 704.343771][ T5502] Bluetooth: Wrong link type (-22) [ 704.345024][ T5502] Bluetooth: hci4: link tx timeout [ 704.346115][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 704.347865][ T5502] Bluetooth: Unexpected start frame (len 4) 00:11:44 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="b6"], 0x9) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x1000, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x6000, 0x0) 00:11:44 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) (async) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) 00:11:44 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:44 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0xd1, 0x8}, {0x0, 0x0, 0x5}}}}, 0x15) r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="d026fe4d5e43fe1112000020000000000000", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x8) (async) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, r1, 0x8, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY_SEQ={0x5, 0xa, "8f"}, @NL80211_ATTR_KEY_TYPE={0x8}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "7661579b8de76502ad9a9f33fc"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_SEQ={0x4}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040000) 00:11:44 executing program 5: syz_emit_vhci(0x0, 0x9) 00:11:44 executing program 1: syz_emit_vhci(0x0, 0x0) [ 704.452016][ T5943] Bluetooth: Unexpected start frame (len 4) [ 704.467952][ T5943] Bluetooth: Wrong link type (-22) [ 704.469247][ T5943] Bluetooth: hci4: link tx timeout 00:11:44 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000180)={0x0, 0x9}) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x60c280, 0x0) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000226bd7000fbdbdf25550000000800010b6a000000"], 0x1c}}, 0x800) socket$inet6(0xa, 0x2, 0x101) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000015c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001580)={&(0x7f0000000300)={0x1264, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CSA_IES={0xc34, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_PROBE_RESP={0x50d, 0x91, "1e899196b82f35f5281a6386a101ad7b5fe8a2577bb8917df5d1440aca1b4074881756e3dc8561dfb89365dc31f7adcdb86916f299236670a6368d8b7349e318aa711eb3d78eb9ee08bc6e2ad8c446d1dfee50438d9e744251fe372d28e44a7a3d403a56370475c9ce1999ae3f8f673b68077c2ca1d0f1a642407b1a6517fc17064fbdc210f5edce36cd64fedf24a52f9f3fcd546512e6ac1aa506fc15f1d26a90573944e9f9b68eea58f892c4f898462fc0f7f1efe515aa4ed057784491c7c40aee8591754bc6b98b3947559b586fb972444eb38f8aebfc59a6caa3ca4e8ef847904bdf836b7d6d974ff639144119de33a382cf5e1504686bd219342151a2b744d78d86b40cdc206f15a9f8258327494f036fda3951f3c866678bb66d987470389e480ffeb9652fd3cb626cf57f6d2f56b20396d6d9c34033539f31a7559f25475ca501ce2136f9d1d724dadb90a1fd23dce6ddb22628f53baf7763f52c47de7a003ec8f3ed2f4abb9673f7f19d88a902d838ca2561e70d2f1d0c1d0b83e4670ed1b9426be634768782f94743198194145a33c6110048f2573bfd50fc7c0198d8e6fc26b0f7ab293413856031fa5a6f15fb9c8be67dfb57d6630da5ad24b4e93112264145a38a593c35a8021f0d09f6e4ccbca269b30a849fd0d225296d5dd8c6bccb7de78fae4f743986b80454e526dd2ad05e06dd054b02bebeddeae90076fa8b72b202ea8804875197cce0a76420162032aad83cf7107732d8867fd4ae36a5a0099a76bbb9db225189dabb32b5d077756189a91caa7547df08685ef0219f04d4dd79c3bf9d4a12c404e1b11b519eaef8d1183eeb19df9417e90399c013bf87b5739f0de71c510f9e361964a3a8a7c71d57b980856b251b00a03d13311210c159bc14508740a0a194f93e15b8509dd025c35366d157dbad150d6d9027322b05320d0b54cbee51aec566d614424ee186292a8ac5253afd286b40ae457b7598b04f51d4905c47c9706f114c3515601cf1ad3ec812364acc9ab8500d191b251045a28ecd975782405203cfb14ace9cfc189410318fcd3cc8f47b359baad7be757d176eba58bd6befa4fb5183d6832f3037f27d62981795d6d4decadb5da76b6e0e9cb1a8f69ef58249bf8774deee8d207bf353982462b71281ecf553294a2afc60c354e4f4278942c43d181daa77ce554286a43c8ec828091c2cf9253353d295763b7f85241b0c88f53d0f0f86c00963c3f790adf100b083b89b54a3b2d914e0460f2c5673e6b53ef07d6c96bd806068c2c4f092ed13c774f340c5a094b5dd97f9762691759cca28b2d1efe8fe32255608ec10bf317dc1290026295b025c21c8e1c4f11e77f46ff6939c62314bcd247771e81a7735786976e67d8d1cd01a7c6eedabf0aaae46add24e93ff94279bb0396a7868a0cde04ad97b4f53cb2e4b6675e314bbc1293bf770db7adb66960546d4711aa2553854144253b1a1ffa78a6c60435e34c3052371d10c7ce1e9e9679d4f3bca3e1b5b002395531ce4b0e13bc754dc47703b28d3b12c4b07a5faa80f70072731225bc2fa738c01831b0306abeec9e1b439a62716ccaf5bb4f8d9cc9773e9b6a8e657c21b2b83bacec38ee334f7ae04cc910768aadbd3d4427510d567a98c56a899d5731d5cfc1ef9e6cb86de1f643da03eb4518b5dda38f82277bce5548b90ca8f657d8e7c5e3f9cd589a811f2ac0b7c8c1da74ecfd0c836408dffaa04e9e6397e72a3e31a8bf634d975625edee6d12dfc6afe76180b0be0bca3d420b74d94b1fe567b05215ae75b0190bb59c7b66c7883bd6cbc32f99f"}, @NL80211_ATTR_IE_ASSOC_RESP={0x149, 0x80, [@ext_channel_switch={0x3c, 0x4, {0x0, 0xf1, 0xa9, 0x5a}}, @random_vendor={0xdd, 0x72, "1407a75e0e812646fa50ef0b895c8afb050e78e3f1c998d673de41759822ce2e7f7d38dfe9ec780008649ba5a781a34fd16684ee1e96ec7a182ee917875206f18636dc25bc5f16d1bebceda18e258f5581370682856751dcf5b79e75434242a27d715572a25865b66920bd5dc0ca959f5a00"}, @perr={0x84, 0xc9, {0x3, 0xd, [@not_ext={{}, @device_b, 0x9, "", 0x1f}, @ext={{}, @device_a, 0x5, @broadcast, 0x19}, @not_ext={{}, @device_a, 0x7, "", 0x35}, @not_ext={{}, @device_b, 0x4, "", 0x37}, @not_ext={{}, @device_a, 0x5, "", 0x2c}, @ext={{}, @device_b, 0x8}, @not_ext={{}, @device_a, 0x1, "", 0x16}, @not_ext={{}, @device_b, 0x95, "", 0x30}, @ext={{}, @broadcast, 0x10000000, @device_a, 0x15}, @ext={{}, @broadcast, 0x6, @device_b, 0x30}, @not_ext={{}, @device_b, 0x9, "", 0x3e}, @ext={{}, @broadcast, 0x30, @device_b, 0x2a}, @not_ext={{}, @device_b, 0x8, "", 0x2e}]}}]}, @NL80211_ATTR_IE={0x28, 0x2a, [@prep={0x83, 0x1f, @not_ext={{}, 0x6, 0x85, @device_b, 0x6, "", 0x3f, 0x4, @device_a, 0x9}}, @dsss={0x3, 0x1, 0xad}]}, @NL80211_ATTR_FTM_RESPONDER={0xd0, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xa, 0x3, "4f87708961a4"}, @NL80211_FTM_RESP_ATTR_LCI={0x23, 0x2, "1515248804e34829f02efe0beaed3e783173ad6612cfad0dd1405fde8e9041"}, @NL80211_FTM_RESP_ATTR_LCI={0x95, 0x2, "28fa2ba5cae12cb0590f9fe1f292e8030fb4554003f02e517515280442e8751075dba123036e483d36ac3d497b5321c0016ea46d70015fed11b48dbb4b2f9ae0030afeae695f563dd2c9182b482f02cffa8fe0500095b4b0d2cdec543bdba9399ac32602e4bee255efa8de0b460755a7dbaf02099aa019ac0b5d6bb45bdf16d722e9b6579fe955fc79a7d2912992249406"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_BEACON_HEAD={0x48f, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x7b47}, @device_a, @broadcast, @from_mac=@device_b, {0x4, 0x5}}, @ver_80211n={0x0, 0x81, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x1, @random=0x6, 0x0, @void, @void, @val={0x3, 0x1, 0x70}, @void, @void, @val={0x5, 0x8b, {0xff, 0x3b, 0xd7, "771a8171a7aa7613e61fb5f18a0b55a85521c412cdb1760558cc07a24918e040bd1c5ca99f8569315875adb838d4926aca4352bd505e14113ed8215a281c9aeab3ca2caa74996e9715fac6270085cf72d3660f3b07a859a3c6897b47ed09832edfdfa0dc8dbb2d0f3094955104081cd620dd121a2cbeb6842155a99ae96040dbefe2bd94d0c700ed"}}, @void, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x6, 0x74, 0x6}}, @val={0x2d, 0x1a, {0x4008, 0x3, 0x3, 0x0, {0x6842, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2}, 0x400, 0x0, 0x1f}}, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0xffffffffffffffff, 0x7, 0x69}}, @void, [{0xdd, 0x92, "0f7e5c9edae21ba1bf9c9eb07f8a0b3b02a1a9d3e01ba345e745f1d4f6e7497db69177f42f3fccb1901a77783eca74985c03b78536771ae4e444eafeb42325a329cab14170a4939061bc1b3cc9462cb665df9dd67344778498d637fe62fa745a73c698be7abbf3665e3584753de84d6d3a6a9b7b3c27ffd6782a255baa7860dac4bb79312a1d3c86fabd3ee2b9ddaaf0a7fe"}, {0xdd, 0xc9, "396b0de70791d88504b3b5d0b06720b09237bf48ad2140f25e13fd8603fc7614cf7849f7c474359f2a006999eaf37ac505cc42630bdf6b7b4db24c19dd9a84232e738bd7f9a334b92eb5e56a236c1041fced2da412447cae3d1ca94572a8fea4a2f8aad29e04cfd4510bb8bb0b4febbcce7ea46ae6decc86c30bdd9fe40ed4b85b53c34c36b085d0347c96465849fef4a52e70f75e4a4aa1fd8a939597d234108ce96c36fa4bd0edeb83ad6dee6d81c988356a43f85628d7d57e4dbfc4b5640b9c4e0729d05331378f"}, {0xdd, 0x4b, "3552703c827f7f2cf17afe87dd416164f7f4789d1a9781218b44b409d23a51755641bc584e422b942eaf47b153124a3b04976813e8b20c4dfbabdbd5d57f638b99b27172ad29633aa06236"}, {0xdd, 0xbf, "7844f48a09680a93008f620bf3b63dafc7406255cf7a71a0d0dd29dcc70173799c3236cc6bec070d7b218dcdc778c708fe39c82ed48a7bf229770fd470cc021a2a35342b9434780e98d6d91f08981fa591c0a62621054c83996fe90b1a334ac634b7aac8a02059fed05db33b3f5f556b6166705ef486f01af5890cc2e8f4f4cdb54b42dbf15f00567fb6da47fd0980d4daea80b872d1bb79d36d35e7b1cdf4c13611e84aba79bd34025a82fffa4eb4058ecc1c628f46273e0ea3c781d3bb43"}, {0xdd, 0x17, "e508338be0c867c41ec670e6d15af8f3dbeb24b76acc28"}, {0xdd, 0xa4, "827f7e6b96552cdc7734723326707f2c636bd6f73c15ec45070ca67814c969377521018be442286f25b6ea31c13a729fc5301a5f3d3eddb305c45c70f23513d748dc03aaea32dcde92f6794718fb03858740624e3d58ab67f689298d08395f6f87a522b7b0fc4918460df689da3008e8597480b8ebda9c55db266c385745f7191266ac1c2c94bc1d3bf07e957a5ee41faa4434b4601faa248da6ed9b62db3c1fb78c11a1"}, {0xdd, 0x77, "f58123fa7cf1ef2c417b16a9da38d9b7531ced4c2dfa91fb56f63b2529194c937f5d15c9664c717104bb03d8ad7c4261d40788f7629ee8394f86bd5a91a572dbf01aeb9aea8a44534d510837d912c817e3fdd8b950bfc50f68676d7164f090c510fcb1a0d70322e669f26e032bd985c2aea6ff69dc761f"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x11, 0x7f, [@tim={0x5, 0x3, {0x80, 0x9, 0x1}}, @ssid={0x0, 0x6, @default_ibss_ssid}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x6, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x7f, 0x7, 0x5, 0x9, 0xc5e, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x5, 0x7308, 0x1]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x14, 0xbb, [0x8, 0x7, 0x823, 0x6, 0x1f, 0x0, 0xff, 0x2]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CSA_IES={0x70, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_PRESP={0x16, 0xbb, [0x1, 0xfffb, 0x3f, 0x7f, 0x8, 0x9, 0x934, 0x8001, 0x5]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x5, 0x5, 0x9, 0x100]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0xff, 0x7, 0x200, 0x2, 0x1, 0x6, 0x9cd4]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x18, 0xbb, [0xd3cb, 0x8001, 0xffff, 0x2, 0x7, 0x100, 0x81, 0x8000, 0x3f, 0x200]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0x979f, 0x1, 0x9, 0x7f, 0x9, 0x1, 0x2]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x1, 0x80]}]}, @NL80211_ATTR_CSA_IES={0x5a0, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0xfff8, 0x401, 0x8000, 0x7f, 0x8, 0x1]}, @beacon_params=[@NL80211_ATTR_FTM_RESPONDER={0x3d4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xb2, 0x3, "acc2df72f4ce532afcedc46a9b320c4ca6ddada4023e13c1ba5528d06cbb292c0e4b98a8e2fce9a2fb71db05c07dadfcf90c52f37187f67fa1d88352ea210ec7dca8c0f68e2c29cb03f1034898115b97e2f0a64dab1f77e6b63cc59b0f94ac7c9e96d7061ec6d3547048a57f5149e4eacbc37d4432636eafa5b6b8f88e8be3c713901fa0dedd2f633ce5df93c85deefb34af1d08ad93efa65f95746b4a8a60336dfbc5ea35868b7edd037746a031"}, @NL80211_FTM_RESP_ATTR_LCI={0xa0, 0x2, "7dcff8351bdfaa5fec73af225d03667ca8df83a94aa641fae12381af692fe489c5f7e9291da371b4de291b4318d2a35ebcb7d0eff4c15f9d3f2ff83f19a779c0dc6ffec08658a28cce40798ebbdff1a819d04a6ae73b767a508533fc125280c52c61960c7ae6be14800f909b3632755a3551b1b7fd6676468f3ca2c017255c2d5c4abad84bff095a99cf58fa6bcf8c5008957bf7433ee60183bd317b"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x76, 0x3, "30fd7d06e019284ffa1c0996744fe50ef5ad634274cb651cf8d286a08b388de6852578e9f781a70d41fabb9b3a894ac3d805b6e1f7fece7cb0376b1cd21dce18e4c9704957c7d413ac5f436c91d63322d827b0f8cb5b9b85c82202eb23291fa1bd849d9ff92f8518215cf2e561527fe72062"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0xf1, 0x2, "450d00216ffd3af84c9220d0c13ca076497015ac19ebd03b8bd46861039e4d721bcd2b6202776c70cef16fc711c89b172c6e43fbe0b5e875d708e4488f5167ce106680853faa1e38cbbc0d8f7cbb9b1cd804729c14ad920f81b4c908b3b5864ede9b27e1bf53f9b48c6635bff9c5965018ecd7367ba9c390dedb7d6120b202d7f8e977e060507337a06bdd3dab9b2425459c2cea41707c4c359ba1fab73b768df9d0af028b12e0868f48071e1e496d347688819754eeb7fe550a3b060e8fab1040427add3934e220dc438ce02c126149f8e3e8ba7491f0d830aa8e4fe9b93cf5ab088e647594dbf0470166b8da"}, @NL80211_FTM_RESP_ATTR_LCI={0x32, 0x2, "cd421e4a796903ed1f702a93b6ed96c6195404c4e812b382ec64c606d01ca94ae50102c597e648c6d0edc9ea3465"}, @NL80211_FTM_RESP_ATTR_LCI={0x3a, 0x2, "5b9cbe426327edd4d3fe9aab2fd948179df95d7d37a1ad466a10628a23a63fa15c24f966e8ae0cf94752bab026c73a8c41b97b253c74"}, @NL80211_FTM_RESP_ATTR_LCI={0x25, 0x2, "150ec88cbc2ac4cd9bac11713d1fcd90e8405d9229accb7fdc39b9a1064ed97230"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "965d52c9cbd32163d0b256daa0f96a9c7e2fbe71c786bb511713a955f18bdcd1d2d46f1271c83fb1cd1679d2a21d2950602d7a4ba5b8ef4ed481a0ae88875750750b925e97408c3886b8c43bb89f51570fb5108304d37af561ee9b8eba40d34db425c4399f4bea586cd0d941f9"}]}, @NL80211_ATTR_FTM_RESPONDER={0x190, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x1b, 0x2, "6e17c4c3c658bb63bf895af974568ff34da81153d24198"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x99, 0x3, "1eb5e619933dc8d7d943468b3261c3fd0c0c8d9fc8767c20bb24bec12d86500d759183384a2809cd30bf564f6298f42c2d8b72fe9659026f8dcb813d8c10a1f93f5452db20240132d9d4da4be778157cca031aaf3b01df0417919326d03afa848d0b4a2f925faccd601a1b9290a5d5d1ce7592d552e6c27d4e0ceeb526afba97dc39a1e80f5c74136cb6772bfbeb598da08b2dee2b"}, @NL80211_FTM_RESP_ATTR_LCI={0xaa, 0x2, "da8689f6604f6366928d6972872e845e0f59f2119bbea4c785502a643f6662d5b195bd9536902a0318e6093872580b2e95ba5035a84970a6e0a25f18daf0dc74476c613bc7981b9a5bf8e3bac78840f138a550b147f5b0f8aec2057bc21c62f66acd18060ab59909d187dcf373af84252a4ab020cb8d029da18e252ea00884d29675eb9db8a9159bf2155d516d68bc8a779b1fc841ff6bbf507b6973823733ac76bf8c2cab1a"}, @NL80211_FTM_RESP_ATTR_LCI={0x22, 0x2, "ea82404e6ea152167116e89f38dd22ea9919219aaa39b06349e2b9d4c5cf"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @NL80211_ATTR_CSA_C_OFF_BEACON={0x8, 0xba, [0xfff7, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xc, 0xba, [0x400, 0x4, 0x7, 0xfff]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x7ff, 0x5]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x80b, 0x800, 0x0]}]}]}, 0x1264}, 0x1, 0x0, 0x0, 0x8080}, 0x20000000) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) connect$nfc_raw(r1, &(0x7f0000000200)={0x27, 0x0, 0x1, 0x1}, 0x10) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33", 0x2}}}, 0x1a) socket(0x11, 0x6, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000240)) [ 704.470341][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:44 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0x9) 00:11:44 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="b6"], 0x9) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x1000, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x6000, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="b6"], 0x9) (async) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x1000, 0x0) (async) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x6000, 0x0) (async) 00:11:44 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:44 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0xd1, 0x8}, {0x0, 0x0, 0x5}}}}, 0x15) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="d026fe4d5e43fe1112000020000000000000", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) (async) prctl$PR_SET_TIMERSLACK(0x1d, 0x8) (async) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, r1, 0x8, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY_SEQ={0x5, 0xa, "8f"}, @NL80211_ATTR_KEY_TYPE={0x8}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "7661579b8de76502ad9a9f33fc"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_SEQ={0x4}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040000) 00:11:44 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) (async) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) 00:11:44 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0x9) [ 704.549241][ T5502] Bluetooth: Unexpected start frame (len 4) [ 704.551007][ T5502] Bluetooth: Wrong link type (-22) [ 704.552217][ T5502] Bluetooth: hci4: link tx timeout [ 704.554389][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 704.560509][ T5502] Bluetooth: Unexpected start frame (len 16) [ 704.562006][ T5502] Bluetooth: Wrong link type (-22) [ 704.563362][ T5502] Bluetooth: hci5: link tx timeout [ 704.564505][ T5502] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:44 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="b6"], 0x9) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x1000, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x6000, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="b6"], 0x9) (async) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x1000, 0x0) (async) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x6000, 0x0) (async) 00:11:44 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) 00:11:44 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0x9) 00:11:44 executing program 3: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0xf7, 0xc9, 0xc9, 0x6}}}, 0x8) 00:11:44 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) bind$isdn(0xffffffffffffffff, &(0x7f0000000000)={0x22, 0x8, 0x1f, 0x6}, 0x6) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) bind$isdn(r0, &(0x7f0000000040)={0x22, 0x1, 0x8, 0x4, 0x3}, 0x6) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r1, 0x20, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 00:11:44 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000180)={0x0, 0x9}) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x60c280, 0x0) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000226bd7000fbdbdf25550000000800010b6a000000"], 0x1c}}, 0x800) socket$inet6(0xa, 0x2, 0x101) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000015c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001580)={&(0x7f0000000300)={0x1264, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CSA_IES={0xc34, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_PROBE_RESP={0x50d, 0x91, "1e899196b82f35f5281a6386a101ad7b5fe8a2577bb8917df5d1440aca1b4074881756e3dc8561dfb89365dc31f7adcdb86916f299236670a6368d8b7349e318aa711eb3d78eb9ee08bc6e2ad8c446d1dfee50438d9e744251fe372d28e44a7a3d403a56370475c9ce1999ae3f8f673b68077c2ca1d0f1a642407b1a6517fc17064fbdc210f5edce36cd64fedf24a52f9f3fcd546512e6ac1aa506fc15f1d26a90573944e9f9b68eea58f892c4f898462fc0f7f1efe515aa4ed057784491c7c40aee8591754bc6b98b3947559b586fb972444eb38f8aebfc59a6caa3ca4e8ef847904bdf836b7d6d974ff639144119de33a382cf5e1504686bd219342151a2b744d78d86b40cdc206f15a9f8258327494f036fda3951f3c866678bb66d987470389e480ffeb9652fd3cb626cf57f6d2f56b20396d6d9c34033539f31a7559f25475ca501ce2136f9d1d724dadb90a1fd23dce6ddb22628f53baf7763f52c47de7a003ec8f3ed2f4abb9673f7f19d88a902d838ca2561e70d2f1d0c1d0b83e4670ed1b9426be634768782f94743198194145a33c6110048f2573bfd50fc7c0198d8e6fc26b0f7ab293413856031fa5a6f15fb9c8be67dfb57d6630da5ad24b4e93112264145a38a593c35a8021f0d09f6e4ccbca269b30a849fd0d225296d5dd8c6bccb7de78fae4f743986b80454e526dd2ad05e06dd054b02bebeddeae90076fa8b72b202ea8804875197cce0a76420162032aad83cf7107732d8867fd4ae36a5a0099a76bbb9db225189dabb32b5d077756189a91caa7547df08685ef0219f04d4dd79c3bf9d4a12c404e1b11b519eaef8d1183eeb19df9417e90399c013bf87b5739f0de71c510f9e361964a3a8a7c71d57b980856b251b00a03d13311210c159bc14508740a0a194f93e15b8509dd025c35366d157dbad150d6d9027322b05320d0b54cbee51aec566d614424ee186292a8ac5253afd286b40ae457b7598b04f51d4905c47c9706f114c3515601cf1ad3ec812364acc9ab8500d191b251045a28ecd975782405203cfb14ace9cfc189410318fcd3cc8f47b359baad7be757d176eba58bd6befa4fb5183d6832f3037f27d62981795d6d4decadb5da76b6e0e9cb1a8f69ef58249bf8774deee8d207bf353982462b71281ecf553294a2afc60c354e4f4278942c43d181daa77ce554286a43c8ec828091c2cf9253353d295763b7f85241b0c88f53d0f0f86c00963c3f790adf100b083b89b54a3b2d914e0460f2c5673e6b53ef07d6c96bd806068c2c4f092ed13c774f340c5a094b5dd97f9762691759cca28b2d1efe8fe32255608ec10bf317dc1290026295b025c21c8e1c4f11e77f46ff6939c62314bcd247771e81a7735786976e67d8d1cd01a7c6eedabf0aaae46add24e93ff94279bb0396a7868a0cde04ad97b4f53cb2e4b6675e314bbc1293bf770db7adb66960546d4711aa2553854144253b1a1ffa78a6c60435e34c3052371d10c7ce1e9e9679d4f3bca3e1b5b002395531ce4b0e13bc754dc47703b28d3b12c4b07a5faa80f70072731225bc2fa738c01831b0306abeec9e1b439a62716ccaf5bb4f8d9cc9773e9b6a8e657c21b2b83bacec38ee334f7ae04cc910768aadbd3d4427510d567a98c56a899d5731d5cfc1ef9e6cb86de1f643da03eb4518b5dda38f82277bce5548b90ca8f657d8e7c5e3f9cd589a811f2ac0b7c8c1da74ecfd0c836408dffaa04e9e6397e72a3e31a8bf634d975625edee6d12dfc6afe76180b0be0bca3d420b74d94b1fe567b05215ae75b0190bb59c7b66c7883bd6cbc32f99f"}, @NL80211_ATTR_IE_ASSOC_RESP={0x149, 0x80, [@ext_channel_switch={0x3c, 0x4, {0x0, 0xf1, 0xa9, 0x5a}}, @random_vendor={0xdd, 0x72, "1407a75e0e812646fa50ef0b895c8afb050e78e3f1c998d673de41759822ce2e7f7d38dfe9ec780008649ba5a781a34fd16684ee1e96ec7a182ee917875206f18636dc25bc5f16d1bebceda18e258f5581370682856751dcf5b79e75434242a27d715572a25865b66920bd5dc0ca959f5a00"}, @perr={0x84, 0xc9, {0x3, 0xd, [@not_ext={{}, @device_b, 0x9, "", 0x1f}, @ext={{}, @device_a, 0x5, @broadcast, 0x19}, @not_ext={{}, @device_a, 0x7, "", 0x35}, @not_ext={{}, @device_b, 0x4, "", 0x37}, @not_ext={{}, @device_a, 0x5, "", 0x2c}, @ext={{}, @device_b, 0x8}, @not_ext={{}, @device_a, 0x1, "", 0x16}, @not_ext={{}, @device_b, 0x95, "", 0x30}, @ext={{}, @broadcast, 0x10000000, @device_a, 0x15}, @ext={{}, @broadcast, 0x6, @device_b, 0x30}, @not_ext={{}, @device_b, 0x9, "", 0x3e}, @ext={{}, @broadcast, 0x30, @device_b, 0x2a}, @not_ext={{}, @device_b, 0x8, "", 0x2e}]}}]}, @NL80211_ATTR_IE={0x28, 0x2a, [@prep={0x83, 0x1f, @not_ext={{}, 0x6, 0x85, @device_b, 0x6, "", 0x3f, 0x4, @device_a, 0x9}}, @dsss={0x3, 0x1, 0xad}]}, @NL80211_ATTR_FTM_RESPONDER={0xd0, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xa, 0x3, "4f87708961a4"}, @NL80211_FTM_RESP_ATTR_LCI={0x23, 0x2, "1515248804e34829f02efe0beaed3e783173ad6612cfad0dd1405fde8e9041"}, @NL80211_FTM_RESP_ATTR_LCI={0x95, 0x2, "28fa2ba5cae12cb0590f9fe1f292e8030fb4554003f02e517515280442e8751075dba123036e483d36ac3d497b5321c0016ea46d70015fed11b48dbb4b2f9ae0030afeae695f563dd2c9182b482f02cffa8fe0500095b4b0d2cdec543bdba9399ac32602e4bee255efa8de0b460755a7dbaf02099aa019ac0b5d6bb45bdf16d722e9b6579fe955fc79a7d2912992249406"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_BEACON_HEAD={0x48f, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x7b47}, @device_a, @broadcast, @from_mac=@device_b, {0x4, 0x5}}, @ver_80211n={0x0, 0x81, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x1, @random=0x6, 0x0, @void, @void, @val={0x3, 0x1, 0x70}, @void, @void, @val={0x5, 0x8b, {0xff, 0x3b, 0xd7, "771a8171a7aa7613e61fb5f18a0b55a85521c412cdb1760558cc07a24918e040bd1c5ca99f8569315875adb838d4926aca4352bd505e14113ed8215a281c9aeab3ca2caa74996e9715fac6270085cf72d3660f3b07a859a3c6897b47ed09832edfdfa0dc8dbb2d0f3094955104081cd620dd121a2cbeb6842155a99ae96040dbefe2bd94d0c700ed"}}, @void, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x6, 0x74, 0x6}}, @val={0x2d, 0x1a, {0x4008, 0x3, 0x3, 0x0, {0x6842, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2}, 0x400, 0x0, 0x1f}}, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0xffffffffffffffff, 0x7, 0x69}}, @void, [{0xdd, 0x92, "0f7e5c9edae21ba1bf9c9eb07f8a0b3b02a1a9d3e01ba345e745f1d4f6e7497db69177f42f3fccb1901a77783eca74985c03b78536771ae4e444eafeb42325a329cab14170a4939061bc1b3cc9462cb665df9dd67344778498d637fe62fa745a73c698be7abbf3665e3584753de84d6d3a6a9b7b3c27ffd6782a255baa7860dac4bb79312a1d3c86fabd3ee2b9ddaaf0a7fe"}, {0xdd, 0xc9, "396b0de70791d88504b3b5d0b06720b09237bf48ad2140f25e13fd8603fc7614cf7849f7c474359f2a006999eaf37ac505cc42630bdf6b7b4db24c19dd9a84232e738bd7f9a334b92eb5e56a236c1041fced2da412447cae3d1ca94572a8fea4a2f8aad29e04cfd4510bb8bb0b4febbcce7ea46ae6decc86c30bdd9fe40ed4b85b53c34c36b085d0347c96465849fef4a52e70f75e4a4aa1fd8a939597d234108ce96c36fa4bd0edeb83ad6dee6d81c988356a43f85628d7d57e4dbfc4b5640b9c4e0729d05331378f"}, {0xdd, 0x4b, "3552703c827f7f2cf17afe87dd416164f7f4789d1a9781218b44b409d23a51755641bc584e422b942eaf47b153124a3b04976813e8b20c4dfbabdbd5d57f638b99b27172ad29633aa06236"}, {0xdd, 0xbf, "7844f48a09680a93008f620bf3b63dafc7406255cf7a71a0d0dd29dcc70173799c3236cc6bec070d7b218dcdc778c708fe39c82ed48a7bf229770fd470cc021a2a35342b9434780e98d6d91f08981fa591c0a62621054c83996fe90b1a334ac634b7aac8a02059fed05db33b3f5f556b6166705ef486f01af5890cc2e8f4f4cdb54b42dbf15f00567fb6da47fd0980d4daea80b872d1bb79d36d35e7b1cdf4c13611e84aba79bd34025a82fffa4eb4058ecc1c628f46273e0ea3c781d3bb43"}, {0xdd, 0x17, "e508338be0c867c41ec670e6d15af8f3dbeb24b76acc28"}, {0xdd, 0xa4, "827f7e6b96552cdc7734723326707f2c636bd6f73c15ec45070ca67814c969377521018be442286f25b6ea31c13a729fc5301a5f3d3eddb305c45c70f23513d748dc03aaea32dcde92f6794718fb03858740624e3d58ab67f689298d08395f6f87a522b7b0fc4918460df689da3008e8597480b8ebda9c55db266c385745f7191266ac1c2c94bc1d3bf07e957a5ee41faa4434b4601faa248da6ed9b62db3c1fb78c11a1"}, {0xdd, 0x77, "f58123fa7cf1ef2c417b16a9da38d9b7531ced4c2dfa91fb56f63b2529194c937f5d15c9664c717104bb03d8ad7c4261d40788f7629ee8394f86bd5a91a572dbf01aeb9aea8a44534d510837d912c817e3fdd8b950bfc50f68676d7164f090c510fcb1a0d70322e669f26e032bd985c2aea6ff69dc761f"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x11, 0x7f, [@tim={0x5, 0x3, {0x80, 0x9, 0x1}}, @ssid={0x0, 0x6, @default_ibss_ssid}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x6, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x7f, 0x7, 0x5, 0x9, 0xc5e, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x5, 0x7308, 0x1]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x14, 0xbb, [0x8, 0x7, 0x823, 0x6, 0x1f, 0x0, 0xff, 0x2]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CSA_IES={0x70, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_PRESP={0x16, 0xbb, [0x1, 0xfffb, 0x3f, 0x7f, 0x8, 0x9, 0x934, 0x8001, 0x5]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x5, 0x5, 0x9, 0x100]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0xff, 0x7, 0x200, 0x2, 0x1, 0x6, 0x9cd4]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x18, 0xbb, [0xd3cb, 0x8001, 0xffff, 0x2, 0x7, 0x100, 0x81, 0x8000, 0x3f, 0x200]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0x979f, 0x1, 0x9, 0x7f, 0x9, 0x1, 0x2]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x1, 0x80]}]}, @NL80211_ATTR_CSA_IES={0x5a0, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0xfff8, 0x401, 0x8000, 0x7f, 0x8, 0x1]}, @beacon_params=[@NL80211_ATTR_FTM_RESPONDER={0x3d4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xb2, 0x3, "acc2df72f4ce532afcedc46a9b320c4ca6ddada4023e13c1ba5528d06cbb292c0e4b98a8e2fce9a2fb71db05c07dadfcf90c52f37187f67fa1d88352ea210ec7dca8c0f68e2c29cb03f1034898115b97e2f0a64dab1f77e6b63cc59b0f94ac7c9e96d7061ec6d3547048a57f5149e4eacbc37d4432636eafa5b6b8f88e8be3c713901fa0dedd2f633ce5df93c85deefb34af1d08ad93efa65f95746b4a8a60336dfbc5ea35868b7edd037746a031"}, @NL80211_FTM_RESP_ATTR_LCI={0xa0, 0x2, "7dcff8351bdfaa5fec73af225d03667ca8df83a94aa641fae12381af692fe489c5f7e9291da371b4de291b4318d2a35ebcb7d0eff4c15f9d3f2ff83f19a779c0dc6ffec08658a28cce40798ebbdff1a819d04a6ae73b767a508533fc125280c52c61960c7ae6be14800f909b3632755a3551b1b7fd6676468f3ca2c017255c2d5c4abad84bff095a99cf58fa6bcf8c5008957bf7433ee60183bd317b"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x76, 0x3, "30fd7d06e019284ffa1c0996744fe50ef5ad634274cb651cf8d286a08b388de6852578e9f781a70d41fabb9b3a894ac3d805b6e1f7fece7cb0376b1cd21dce18e4c9704957c7d413ac5f436c91d63322d827b0f8cb5b9b85c82202eb23291fa1bd849d9ff92f8518215cf2e561527fe72062"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0xf1, 0x2, "450d00216ffd3af84c9220d0c13ca076497015ac19ebd03b8bd46861039e4d721bcd2b6202776c70cef16fc711c89b172c6e43fbe0b5e875d708e4488f5167ce106680853faa1e38cbbc0d8f7cbb9b1cd804729c14ad920f81b4c908b3b5864ede9b27e1bf53f9b48c6635bff9c5965018ecd7367ba9c390dedb7d6120b202d7f8e977e060507337a06bdd3dab9b2425459c2cea41707c4c359ba1fab73b768df9d0af028b12e0868f48071e1e496d347688819754eeb7fe550a3b060e8fab1040427add3934e220dc438ce02c126149f8e3e8ba7491f0d830aa8e4fe9b93cf5ab088e647594dbf0470166b8da"}, @NL80211_FTM_RESP_ATTR_LCI={0x32, 0x2, "cd421e4a796903ed1f702a93b6ed96c6195404c4e812b382ec64c606d01ca94ae50102c597e648c6d0edc9ea3465"}, @NL80211_FTM_RESP_ATTR_LCI={0x3a, 0x2, "5b9cbe426327edd4d3fe9aab2fd948179df95d7d37a1ad466a10628a23a63fa15c24f966e8ae0cf94752bab026c73a8c41b97b253c74"}, @NL80211_FTM_RESP_ATTR_LCI={0x25, 0x2, "150ec88cbc2ac4cd9bac11713d1fcd90e8405d9229accb7fdc39b9a1064ed97230"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "965d52c9cbd32163d0b256daa0f96a9c7e2fbe71c786bb511713a955f18bdcd1d2d46f1271c83fb1cd1679d2a21d2950602d7a4ba5b8ef4ed481a0ae88875750750b925e97408c3886b8c43bb89f51570fb5108304d37af561ee9b8eba40d34db425c4399f4bea586cd0d941f9"}]}, @NL80211_ATTR_FTM_RESPONDER={0x190, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x1b, 0x2, "6e17c4c3c658bb63bf895af974568ff34da81153d24198"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x99, 0x3, "1eb5e619933dc8d7d943468b3261c3fd0c0c8d9fc8767c20bb24bec12d86500d759183384a2809cd30bf564f6298f42c2d8b72fe9659026f8dcb813d8c10a1f93f5452db20240132d9d4da4be778157cca031aaf3b01df0417919326d03afa848d0b4a2f925faccd601a1b9290a5d5d1ce7592d552e6c27d4e0ceeb526afba97dc39a1e80f5c74136cb6772bfbeb598da08b2dee2b"}, @NL80211_FTM_RESP_ATTR_LCI={0xaa, 0x2, "da8689f6604f6366928d6972872e845e0f59f2119bbea4c785502a643f6662d5b195bd9536902a0318e6093872580b2e95ba5035a84970a6e0a25f18daf0dc74476c613bc7981b9a5bf8e3bac78840f138a550b147f5b0f8aec2057bc21c62f66acd18060ab59909d187dcf373af84252a4ab020cb8d029da18e252ea00884d29675eb9db8a9159bf2155d516d68bc8a779b1fc841ff6bbf507b6973823733ac76bf8c2cab1a"}, @NL80211_FTM_RESP_ATTR_LCI={0x22, 0x2, "ea82404e6ea152167116e89f38dd22ea9919219aaa39b06349e2b9d4c5cf"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @NL80211_ATTR_CSA_C_OFF_BEACON={0x8, 0xba, [0xfff7, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xc, 0xba, [0x400, 0x4, 0x7, 0xfff]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x7ff, 0x5]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x80b, 0x800, 0x0]}]}]}, 0x1264}, 0x1, 0x0, 0x0, 0x8080}, 0x20000000) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) connect$nfc_raw(r1, &(0x7f0000000200)={0x27, 0x0, 0x1, 0x1}, 0x10) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33", 0x2}}}, 0x1a) socket(0x11, 0x6, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000240)) 00:11:44 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB], 0x9) [ 704.667532][ T5502] Bluetooth: Unexpected start frame (len 4) 00:11:44 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) 00:11:44 executing program 0: r0 = socket(0x5, 0x1, 0x8) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000240)=ANY=[@ANYBLOB="000000009cc3b346774ee1973de3636f40f34a7f2181abbd71d4a041874fb3c065b80c6959ddfc141aa06392cf0c9513d164c7f470ba4729e8addf490badd7e6c58b02c9d1858a022bf52d2855fa2ca1ada56b53222fa30b70fd67be9ce9075615fedb85ba4efc095ea3b373a377281e307f4751c23a295a5ba1f0df08cb5d559d448d2060a39d2579170a147a0c4722594bbbd711795cc41c9640f2c7db4d909cb4bca7ca5861657468f4f290", @ANYRES16=r1, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000dc0)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, r3, 0x800, 0x70bd2a, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x88, 0x4e}}}}, ["", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x48001}, 0x1) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x5c, r3, 0x32a, 0x70bd25, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x6, 0x2}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x56}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x30}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x14}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x9}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0xa}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40c1}, 0x4000811) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r1, 0x8, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x9, 0x4c}}}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x4044810) [ 704.712058][ T5502] Bluetooth: Wrong link type (-22) [ 704.713289][ T5502] Bluetooth: hci5: link tx timeout [ 704.714389][ T5502] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:44 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) bind$isdn(0xffffffffffffffff, &(0x7f0000000000)={0x22, 0x8, 0x1f, 0x6}, 0x6) (async) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) bind$isdn(r0, &(0x7f0000000040)={0x22, 0x1, 0x8, 0x4, 0x3}, 0x6) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r1, 0x20, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 00:11:44 executing program 3: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0xf7, 0xc9, 0xc9, 0x6}}}, 0x8) 00:11:44 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB], 0x9) [ 704.774414][ T5943] Bluetooth: Unexpected start frame (len 4) 00:11:44 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) 00:11:44 executing program 3: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0xf7, 0xc9, 0xc9, 0x6}}}, 0x8) 00:11:44 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB], 0x9) 00:11:44 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) (async, rerun: 32) bind$isdn(0xffffffffffffffff, &(0x7f0000000000)={0x22, 0x8, 0x1f, 0x6}, 0x6) (async, rerun: 32) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) bind$isdn(r0, &(0x7f0000000040)={0x22, 0x1, 0x8, 0x4, 0x3}, 0x6) (async, rerun: 32) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) (rerun: 32) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r1, 0x20, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 00:11:44 executing program 3: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$NL80211_CMD_LEAVE_IBSS(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, 0x0, 0x400, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x78, 0x12}}}}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x48004) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000200)={&(0x7f00000001c0)=[0x40], 0x1, 0x400}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c00050017080800000000"], 0x15) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x4781, 0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) [ 704.919664][ T5943] Bluetooth: Wrong link type (-22) [ 704.920969][ T5943] Bluetooth: hci4: link tx timeout [ 704.922098][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 704.986835][ T5502] Bluetooth: Unexpected start frame (len 4) 00:11:44 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000180)={0x0, 0x9}) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x60c280, 0x0) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000226bd7000fbdbdf25550000000800010b6a000000"], 0x1c}}, 0x800) socket$inet6(0xa, 0x2, 0x101) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000015c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001580)={&(0x7f0000000300)={0x1264, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CSA_IES={0xc34, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_PROBE_RESP={0x50d, 0x91, "1e899196b82f35f5281a6386a101ad7b5fe8a2577bb8917df5d1440aca1b4074881756e3dc8561dfb89365dc31f7adcdb86916f299236670a6368d8b7349e318aa711eb3d78eb9ee08bc6e2ad8c446d1dfee50438d9e744251fe372d28e44a7a3d403a56370475c9ce1999ae3f8f673b68077c2ca1d0f1a642407b1a6517fc17064fbdc210f5edce36cd64fedf24a52f9f3fcd546512e6ac1aa506fc15f1d26a90573944e9f9b68eea58f892c4f898462fc0f7f1efe515aa4ed057784491c7c40aee8591754bc6b98b3947559b586fb972444eb38f8aebfc59a6caa3ca4e8ef847904bdf836b7d6d974ff639144119de33a382cf5e1504686bd219342151a2b744d78d86b40cdc206f15a9f8258327494f036fda3951f3c866678bb66d987470389e480ffeb9652fd3cb626cf57f6d2f56b20396d6d9c34033539f31a7559f25475ca501ce2136f9d1d724dadb90a1fd23dce6ddb22628f53baf7763f52c47de7a003ec8f3ed2f4abb9673f7f19d88a902d838ca2561e70d2f1d0c1d0b83e4670ed1b9426be634768782f94743198194145a33c6110048f2573bfd50fc7c0198d8e6fc26b0f7ab293413856031fa5a6f15fb9c8be67dfb57d6630da5ad24b4e93112264145a38a593c35a8021f0d09f6e4ccbca269b30a849fd0d225296d5dd8c6bccb7de78fae4f743986b80454e526dd2ad05e06dd054b02bebeddeae90076fa8b72b202ea8804875197cce0a76420162032aad83cf7107732d8867fd4ae36a5a0099a76bbb9db225189dabb32b5d077756189a91caa7547df08685ef0219f04d4dd79c3bf9d4a12c404e1b11b519eaef8d1183eeb19df9417e90399c013bf87b5739f0de71c510f9e361964a3a8a7c71d57b980856b251b00a03d13311210c159bc14508740a0a194f93e15b8509dd025c35366d157dbad150d6d9027322b05320d0b54cbee51aec566d614424ee186292a8ac5253afd286b40ae457b7598b04f51d4905c47c9706f114c3515601cf1ad3ec812364acc9ab8500d191b251045a28ecd975782405203cfb14ace9cfc189410318fcd3cc8f47b359baad7be757d176eba58bd6befa4fb5183d6832f3037f27d62981795d6d4decadb5da76b6e0e9cb1a8f69ef58249bf8774deee8d207bf353982462b71281ecf553294a2afc60c354e4f4278942c43d181daa77ce554286a43c8ec828091c2cf9253353d295763b7f85241b0c88f53d0f0f86c00963c3f790adf100b083b89b54a3b2d914e0460f2c5673e6b53ef07d6c96bd806068c2c4f092ed13c774f340c5a094b5dd97f9762691759cca28b2d1efe8fe32255608ec10bf317dc1290026295b025c21c8e1c4f11e77f46ff6939c62314bcd247771e81a7735786976e67d8d1cd01a7c6eedabf0aaae46add24e93ff94279bb0396a7868a0cde04ad97b4f53cb2e4b6675e314bbc1293bf770db7adb66960546d4711aa2553854144253b1a1ffa78a6c60435e34c3052371d10c7ce1e9e9679d4f3bca3e1b5b002395531ce4b0e13bc754dc47703b28d3b12c4b07a5faa80f70072731225bc2fa738c01831b0306abeec9e1b439a62716ccaf5bb4f8d9cc9773e9b6a8e657c21b2b83bacec38ee334f7ae04cc910768aadbd3d4427510d567a98c56a899d5731d5cfc1ef9e6cb86de1f643da03eb4518b5dda38f82277bce5548b90ca8f657d8e7c5e3f9cd589a811f2ac0b7c8c1da74ecfd0c836408dffaa04e9e6397e72a3e31a8bf634d975625edee6d12dfc6afe76180b0be0bca3d420b74d94b1fe567b05215ae75b0190bb59c7b66c7883bd6cbc32f99f"}, @NL80211_ATTR_IE_ASSOC_RESP={0x149, 0x80, [@ext_channel_switch={0x3c, 0x4, {0x0, 0xf1, 0xa9, 0x5a}}, @random_vendor={0xdd, 0x72, "1407a75e0e812646fa50ef0b895c8afb050e78e3f1c998d673de41759822ce2e7f7d38dfe9ec780008649ba5a781a34fd16684ee1e96ec7a182ee917875206f18636dc25bc5f16d1bebceda18e258f5581370682856751dcf5b79e75434242a27d715572a25865b66920bd5dc0ca959f5a00"}, @perr={0x84, 0xc9, {0x3, 0xd, [@not_ext={{}, @device_b, 0x9, "", 0x1f}, @ext={{}, @device_a, 0x5, @broadcast, 0x19}, @not_ext={{}, @device_a, 0x7, "", 0x35}, @not_ext={{}, @device_b, 0x4, "", 0x37}, @not_ext={{}, @device_a, 0x5, "", 0x2c}, @ext={{}, @device_b, 0x8}, @not_ext={{}, @device_a, 0x1, "", 0x16}, @not_ext={{}, @device_b, 0x95, "", 0x30}, @ext={{}, @broadcast, 0x10000000, @device_a, 0x15}, @ext={{}, @broadcast, 0x6, @device_b, 0x30}, @not_ext={{}, @device_b, 0x9, "", 0x3e}, @ext={{}, @broadcast, 0x30, @device_b, 0x2a}, @not_ext={{}, @device_b, 0x8, "", 0x2e}]}}]}, @NL80211_ATTR_IE={0x28, 0x2a, [@prep={0x83, 0x1f, @not_ext={{}, 0x6, 0x85, @device_b, 0x6, "", 0x3f, 0x4, @device_a, 0x9}}, @dsss={0x3, 0x1, 0xad}]}, @NL80211_ATTR_FTM_RESPONDER={0xd0, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xa, 0x3, "4f87708961a4"}, @NL80211_FTM_RESP_ATTR_LCI={0x23, 0x2, "1515248804e34829f02efe0beaed3e783173ad6612cfad0dd1405fde8e9041"}, @NL80211_FTM_RESP_ATTR_LCI={0x95, 0x2, "28fa2ba5cae12cb0590f9fe1f292e8030fb4554003f02e517515280442e8751075dba123036e483d36ac3d497b5321c0016ea46d70015fed11b48dbb4b2f9ae0030afeae695f563dd2c9182b482f02cffa8fe0500095b4b0d2cdec543bdba9399ac32602e4bee255efa8de0b460755a7dbaf02099aa019ac0b5d6bb45bdf16d722e9b6579fe955fc79a7d2912992249406"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_BEACON_HEAD={0x48f, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x7b47}, @device_a, @broadcast, @from_mac=@device_b, {0x4, 0x5}}, @ver_80211n={0x0, 0x81, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x1, @random=0x6, 0x0, @void, @void, @val={0x3, 0x1, 0x70}, @void, @void, @val={0x5, 0x8b, {0xff, 0x3b, 0xd7, "771a8171a7aa7613e61fb5f18a0b55a85521c412cdb1760558cc07a24918e040bd1c5ca99f8569315875adb838d4926aca4352bd505e14113ed8215a281c9aeab3ca2caa74996e9715fac6270085cf72d3660f3b07a859a3c6897b47ed09832edfdfa0dc8dbb2d0f3094955104081cd620dd121a2cbeb6842155a99ae96040dbefe2bd94d0c700ed"}}, @void, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x6, 0x74, 0x6}}, @val={0x2d, 0x1a, {0x4008, 0x3, 0x3, 0x0, {0x6842, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2}, 0x400, 0x0, 0x1f}}, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0xffffffffffffffff, 0x7, 0x69}}, @void, [{0xdd, 0x92, "0f7e5c9edae21ba1bf9c9eb07f8a0b3b02a1a9d3e01ba345e745f1d4f6e7497db69177f42f3fccb1901a77783eca74985c03b78536771ae4e444eafeb42325a329cab14170a4939061bc1b3cc9462cb665df9dd67344778498d637fe62fa745a73c698be7abbf3665e3584753de84d6d3a6a9b7b3c27ffd6782a255baa7860dac4bb79312a1d3c86fabd3ee2b9ddaaf0a7fe"}, {0xdd, 0xc9, "396b0de70791d88504b3b5d0b06720b09237bf48ad2140f25e13fd8603fc7614cf7849f7c474359f2a006999eaf37ac505cc42630bdf6b7b4db24c19dd9a84232e738bd7f9a334b92eb5e56a236c1041fced2da412447cae3d1ca94572a8fea4a2f8aad29e04cfd4510bb8bb0b4febbcce7ea46ae6decc86c30bdd9fe40ed4b85b53c34c36b085d0347c96465849fef4a52e70f75e4a4aa1fd8a939597d234108ce96c36fa4bd0edeb83ad6dee6d81c988356a43f85628d7d57e4dbfc4b5640b9c4e0729d05331378f"}, {0xdd, 0x4b, "3552703c827f7f2cf17afe87dd416164f7f4789d1a9781218b44b409d23a51755641bc584e422b942eaf47b153124a3b04976813e8b20c4dfbabdbd5d57f638b99b27172ad29633aa06236"}, {0xdd, 0xbf, "7844f48a09680a93008f620bf3b63dafc7406255cf7a71a0d0dd29dcc70173799c3236cc6bec070d7b218dcdc778c708fe39c82ed48a7bf229770fd470cc021a2a35342b9434780e98d6d91f08981fa591c0a62621054c83996fe90b1a334ac634b7aac8a02059fed05db33b3f5f556b6166705ef486f01af5890cc2e8f4f4cdb54b42dbf15f00567fb6da47fd0980d4daea80b872d1bb79d36d35e7b1cdf4c13611e84aba79bd34025a82fffa4eb4058ecc1c628f46273e0ea3c781d3bb43"}, {0xdd, 0x17, "e508338be0c867c41ec670e6d15af8f3dbeb24b76acc28"}, {0xdd, 0xa4, "827f7e6b96552cdc7734723326707f2c636bd6f73c15ec45070ca67814c969377521018be442286f25b6ea31c13a729fc5301a5f3d3eddb305c45c70f23513d748dc03aaea32dcde92f6794718fb03858740624e3d58ab67f689298d08395f6f87a522b7b0fc4918460df689da3008e8597480b8ebda9c55db266c385745f7191266ac1c2c94bc1d3bf07e957a5ee41faa4434b4601faa248da6ed9b62db3c1fb78c11a1"}, {0xdd, 0x77, "f58123fa7cf1ef2c417b16a9da38d9b7531ced4c2dfa91fb56f63b2529194c937f5d15c9664c717104bb03d8ad7c4261d40788f7629ee8394f86bd5a91a572dbf01aeb9aea8a44534d510837d912c817e3fdd8b950bfc50f68676d7164f090c510fcb1a0d70322e669f26e032bd985c2aea6ff69dc761f"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x11, 0x7f, [@tim={0x5, 0x3, {0x80, 0x9, 0x1}}, @ssid={0x0, 0x6, @default_ibss_ssid}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x6, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x7f, 0x7, 0x5, 0x9, 0xc5e, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x5, 0x7308, 0x1]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x14, 0xbb, [0x8, 0x7, 0x823, 0x6, 0x1f, 0x0, 0xff, 0x2]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CSA_IES={0x70, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_PRESP={0x16, 0xbb, [0x1, 0xfffb, 0x3f, 0x7f, 0x8, 0x9, 0x934, 0x8001, 0x5]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x5, 0x5, 0x9, 0x100]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0xff, 0x7, 0x200, 0x2, 0x1, 0x6, 0x9cd4]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x18, 0xbb, [0xd3cb, 0x8001, 0xffff, 0x2, 0x7, 0x100, 0x81, 0x8000, 0x3f, 0x200]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0x979f, 0x1, 0x9, 0x7f, 0x9, 0x1, 0x2]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x1, 0x80]}]}, @NL80211_ATTR_CSA_IES={0x5a0, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0xfff8, 0x401, 0x8000, 0x7f, 0x8, 0x1]}, @beacon_params=[@NL80211_ATTR_FTM_RESPONDER={0x3d4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xb2, 0x3, "acc2df72f4ce532afcedc46a9b320c4ca6ddada4023e13c1ba5528d06cbb292c0e4b98a8e2fce9a2fb71db05c07dadfcf90c52f37187f67fa1d88352ea210ec7dca8c0f68e2c29cb03f1034898115b97e2f0a64dab1f77e6b63cc59b0f94ac7c9e96d7061ec6d3547048a57f5149e4eacbc37d4432636eafa5b6b8f88e8be3c713901fa0dedd2f633ce5df93c85deefb34af1d08ad93efa65f95746b4a8a60336dfbc5ea35868b7edd037746a031"}, @NL80211_FTM_RESP_ATTR_LCI={0xa0, 0x2, "7dcff8351bdfaa5fec73af225d03667ca8df83a94aa641fae12381af692fe489c5f7e9291da371b4de291b4318d2a35ebcb7d0eff4c15f9d3f2ff83f19a779c0dc6ffec08658a28cce40798ebbdff1a819d04a6ae73b767a508533fc125280c52c61960c7ae6be14800f909b3632755a3551b1b7fd6676468f3ca2c017255c2d5c4abad84bff095a99cf58fa6bcf8c5008957bf7433ee60183bd317b"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x76, 0x3, "30fd7d06e019284ffa1c0996744fe50ef5ad634274cb651cf8d286a08b388de6852578e9f781a70d41fabb9b3a894ac3d805b6e1f7fece7cb0376b1cd21dce18e4c9704957c7d413ac5f436c91d63322d827b0f8cb5b9b85c82202eb23291fa1bd849d9ff92f8518215cf2e561527fe72062"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0xf1, 0x2, "450d00216ffd3af84c9220d0c13ca076497015ac19ebd03b8bd46861039e4d721bcd2b6202776c70cef16fc711c89b172c6e43fbe0b5e875d708e4488f5167ce106680853faa1e38cbbc0d8f7cbb9b1cd804729c14ad920f81b4c908b3b5864ede9b27e1bf53f9b48c6635bff9c5965018ecd7367ba9c390dedb7d6120b202d7f8e977e060507337a06bdd3dab9b2425459c2cea41707c4c359ba1fab73b768df9d0af028b12e0868f48071e1e496d347688819754eeb7fe550a3b060e8fab1040427add3934e220dc438ce02c126149f8e3e8ba7491f0d830aa8e4fe9b93cf5ab088e647594dbf0470166b8da"}, @NL80211_FTM_RESP_ATTR_LCI={0x32, 0x2, "cd421e4a796903ed1f702a93b6ed96c6195404c4e812b382ec64c606d01ca94ae50102c597e648c6d0edc9ea3465"}, @NL80211_FTM_RESP_ATTR_LCI={0x3a, 0x2, "5b9cbe426327edd4d3fe9aab2fd948179df95d7d37a1ad466a10628a23a63fa15c24f966e8ae0cf94752bab026c73a8c41b97b253c74"}, @NL80211_FTM_RESP_ATTR_LCI={0x25, 0x2, "150ec88cbc2ac4cd9bac11713d1fcd90e8405d9229accb7fdc39b9a1064ed97230"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "965d52c9cbd32163d0b256daa0f96a9c7e2fbe71c786bb511713a955f18bdcd1d2d46f1271c83fb1cd1679d2a21d2950602d7a4ba5b8ef4ed481a0ae88875750750b925e97408c3886b8c43bb89f51570fb5108304d37af561ee9b8eba40d34db425c4399f4bea586cd0d941f9"}]}, @NL80211_ATTR_FTM_RESPONDER={0x190, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x1b, 0x2, "6e17c4c3c658bb63bf895af974568ff34da81153d24198"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x99, 0x3, "1eb5e619933dc8d7d943468b3261c3fd0c0c8d9fc8767c20bb24bec12d86500d759183384a2809cd30bf564f6298f42c2d8b72fe9659026f8dcb813d8c10a1f93f5452db20240132d9d4da4be778157cca031aaf3b01df0417919326d03afa848d0b4a2f925faccd601a1b9290a5d5d1ce7592d552e6c27d4e0ceeb526afba97dc39a1e80f5c74136cb6772bfbeb598da08b2dee2b"}, @NL80211_FTM_RESP_ATTR_LCI={0xaa, 0x2, "da8689f6604f6366928d6972872e845e0f59f2119bbea4c785502a643f6662d5b195bd9536902a0318e6093872580b2e95ba5035a84970a6e0a25f18daf0dc74476c613bc7981b9a5bf8e3bac78840f138a550b147f5b0f8aec2057bc21c62f66acd18060ab59909d187dcf373af84252a4ab020cb8d029da18e252ea00884d29675eb9db8a9159bf2155d516d68bc8a779b1fc841ff6bbf507b6973823733ac76bf8c2cab1a"}, @NL80211_FTM_RESP_ATTR_LCI={0x22, 0x2, "ea82404e6ea152167116e89f38dd22ea9919219aaa39b06349e2b9d4c5cf"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @NL80211_ATTR_CSA_C_OFF_BEACON={0x8, 0xba, [0xfff7, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xc, 0xba, [0x400, 0x4, 0x7, 0xfff]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x7ff, 0x5]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x80b, 0x800, 0x0]}]}]}, 0x1264}, 0x1, 0x0, 0x0, 0x8080}, 0x20000000) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) connect$nfc_raw(r1, &(0x7f0000000200)={0x27, 0x0, 0x1, 0x1}, 0x10) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33", 0x2}}}, 0x1a) socket(0x11, 0x6, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000240)) 00:11:44 executing program 3: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) sendmsg$NL80211_CMD_LEAVE_IBSS(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, 0x0, 0x400, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x78, 0x12}}}}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x48004) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000200)={&(0x7f00000001c0)=[0x40], 0x1, 0x400}) (async) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c00050017080800000000"], 0x15) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x4781, 0x0) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) 00:11:44 executing program 0: r0 = socket(0x5, 0x1, 0x8) (async) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000240)=ANY=[@ANYBLOB="000000009cc3b346774ee1973de3636f40f34a7f2181abbd71d4a041874fb3c065b80c6959ddfc141aa06392cf0c9513d164c7f470ba4729e8addf490badd7e6c58b02c9d1858a022bf52d2855fa2ca1ada56b53222fa30b70fd67be9ce9075615fedb85ba4efc095ea3b373a377281e307f4751c23a295a5ba1f0df08cb5d559d448d2060a39d2579170a147a0c4722594bbbd711795cc41c9640f2c7db4d909cb4bca7ca5861657468f4f290", @ANYRES16=r1, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000dc0)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, r3, 0x800, 0x70bd2a, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x88, 0x4e}}}}, ["", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x48001}, 0x1) (async) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x5c, r3, 0x32a, 0x70bd25, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x6, 0x2}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x56}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x30}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x14}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x9}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0xa}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40c1}, 0x4000811) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) (rerun: 32) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r1, 0x8, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x9, 0x4c}}}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x4044810) [ 705.015857][ T5943] Bluetooth: Wrong link type (-22) [ 705.017114][ T5943] Bluetooth: hci4: link tx timeout [ 705.018281][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:45 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060ba300ff9cc6bbffffffffff09000000000000be"], 0x14) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000040)={0x0, 0x0, r1}) 00:11:45 executing program 2: semctl$GETZCNT(0x0, 0x0, 0xf, &(0x7f00000010c0)=""/4096) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0x8) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c920043f1215d0f460d41500785ac4475cc4f042d8cb1dadf95214fef2b7e9888ce01a14ef3851c4cd30e237adb4392e1a3cc0112d85e31bd58dc212d7233cdfe873b089ce1894ed6e09e4824dd10fac9988a6ef3865da3fb16846917cbfc302b20ec91a284d2445148d8b6afafb6bcdf7765825170885220040258e41eae6596cfa"], 0x9) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_req={{0x34, 0x6}}}, 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) 00:11:45 executing program 3: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) sendmsg$NL80211_CMD_LEAVE_IBSS(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, 0x0, 0x400, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x78, 0x12}}}}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x48004) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000200)={&(0x7f00000001c0)=[0x40], 0x1, 0x400}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c00050017080800000000"], 0x15) (async) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x4781, 0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) 00:11:45 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c920"], 0x9) 00:11:45 executing program 0: r0 = socket(0x5, 0x1, 0x8) (async) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000240)=ANY=[@ANYBLOB="000000009cc3b346774ee1973de3636f40f34a7f2181abbd71d4a041874fb3c065b80c6959ddfc141aa06392cf0c9513d164c7f470ba4729e8addf490badd7e6c58b02c9d1858a022bf52d2855fa2ca1ada56b53222fa30b70fd67be9ce9075615fedb85ba4efc095ea3b373a377281e307f4751c23a295a5ba1f0df08cb5d559d448d2060a39d2579170a147a0c4722594bbbd711795cc41c9640f2c7db4d909cb4bca7ca5861657468f4f290", @ANYRES16=r1, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) (async, rerun: 32) r2 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000dc0)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) (async, rerun: 64) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, r3, 0x800, 0x70bd2a, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x88, 0x4e}}}}, ["", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x48001}, 0x1) (rerun: 64) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x5c, r3, 0x32a, 0x70bd25, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x6, 0x2}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x56}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x30}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x14}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x9}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0xa}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40c1}, 0x4000811) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r1, 0x8, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x9, 0x4c}}}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x4044810) [ 705.112721][ T5502] Bluetooth: Wrong link type (-22) [ 705.114732][ T5502] Bluetooth: hci5: link tx timeout [ 705.115940][ T5502] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa [ 705.129259][ T5943] Bluetooth: Unexpected start frame (len 4) [ 705.146479][ T5502] Bluetooth: hci2: Malformed LE Event: 0x0b 00:11:45 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02"], 0x9) [ 705.159064][ T5502] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:45 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02"], 0x9) [ 705.181350][ T5502] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:45 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060ba300ff9cc6bbffffffffff09000000000000be"], 0x14) (async) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000040)={0x0, 0x0, r1}) [ 705.192439][ T5502] Bluetooth: Wrong link type (-22) [ 705.194476][ T5502] Bluetooth: hci4: link tx timeout [ 705.195644][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:45 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060ba300ff9cc6bbffffffffff09000000000000be"], 0x14) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000040)={0x0, 0x0, r1}) [ 705.203472][ T5943] Bluetooth: hci2: Malformed LE Event: 0x0b [ 705.246809][ T5943] Bluetooth: hci1: Malformed LE Event: 0x0b 00:11:45 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000180)={0x0, 0x9}) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x60c280, 0x0) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000226bd7000fbdbdf25550000000800010b6a000000"], 0x1c}}, 0x800) socket$inet6(0xa, 0x2, 0x101) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000015c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001580)={&(0x7f0000000300)={0x1264, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CSA_IES={0xc34, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_PROBE_RESP={0x50d, 0x91, "1e899196b82f35f5281a6386a101ad7b5fe8a2577bb8917df5d1440aca1b4074881756e3dc8561dfb89365dc31f7adcdb86916f299236670a6368d8b7349e318aa711eb3d78eb9ee08bc6e2ad8c446d1dfee50438d9e744251fe372d28e44a7a3d403a56370475c9ce1999ae3f8f673b68077c2ca1d0f1a642407b1a6517fc17064fbdc210f5edce36cd64fedf24a52f9f3fcd546512e6ac1aa506fc15f1d26a90573944e9f9b68eea58f892c4f898462fc0f7f1efe515aa4ed057784491c7c40aee8591754bc6b98b3947559b586fb972444eb38f8aebfc59a6caa3ca4e8ef847904bdf836b7d6d974ff639144119de33a382cf5e1504686bd219342151a2b744d78d86b40cdc206f15a9f8258327494f036fda3951f3c866678bb66d987470389e480ffeb9652fd3cb626cf57f6d2f56b20396d6d9c34033539f31a7559f25475ca501ce2136f9d1d724dadb90a1fd23dce6ddb22628f53baf7763f52c47de7a003ec8f3ed2f4abb9673f7f19d88a902d838ca2561e70d2f1d0c1d0b83e4670ed1b9426be634768782f94743198194145a33c6110048f2573bfd50fc7c0198d8e6fc26b0f7ab293413856031fa5a6f15fb9c8be67dfb57d6630da5ad24b4e93112264145a38a593c35a8021f0d09f6e4ccbca269b30a849fd0d225296d5dd8c6bccb7de78fae4f743986b80454e526dd2ad05e06dd054b02bebeddeae90076fa8b72b202ea8804875197cce0a76420162032aad83cf7107732d8867fd4ae36a5a0099a76bbb9db225189dabb32b5d077756189a91caa7547df08685ef0219f04d4dd79c3bf9d4a12c404e1b11b519eaef8d1183eeb19df9417e90399c013bf87b5739f0de71c510f9e361964a3a8a7c71d57b980856b251b00a03d13311210c159bc14508740a0a194f93e15b8509dd025c35366d157dbad150d6d9027322b05320d0b54cbee51aec566d614424ee186292a8ac5253afd286b40ae457b7598b04f51d4905c47c9706f114c3515601cf1ad3ec812364acc9ab8500d191b251045a28ecd975782405203cfb14ace9cfc189410318fcd3cc8f47b359baad7be757d176eba58bd6befa4fb5183d6832f3037f27d62981795d6d4decadb5da76b6e0e9cb1a8f69ef58249bf8774deee8d207bf353982462b71281ecf553294a2afc60c354e4f4278942c43d181daa77ce554286a43c8ec828091c2cf9253353d295763b7f85241b0c88f53d0f0f86c00963c3f790adf100b083b89b54a3b2d914e0460f2c5673e6b53ef07d6c96bd806068c2c4f092ed13c774f340c5a094b5dd97f9762691759cca28b2d1efe8fe32255608ec10bf317dc1290026295b025c21c8e1c4f11e77f46ff6939c62314bcd247771e81a7735786976e67d8d1cd01a7c6eedabf0aaae46add24e93ff94279bb0396a7868a0cde04ad97b4f53cb2e4b6675e314bbc1293bf770db7adb66960546d4711aa2553854144253b1a1ffa78a6c60435e34c3052371d10c7ce1e9e9679d4f3bca3e1b5b002395531ce4b0e13bc754dc47703b28d3b12c4b07a5faa80f70072731225bc2fa738c01831b0306abeec9e1b439a62716ccaf5bb4f8d9cc9773e9b6a8e657c21b2b83bacec38ee334f7ae04cc910768aadbd3d4427510d567a98c56a899d5731d5cfc1ef9e6cb86de1f643da03eb4518b5dda38f82277bce5548b90ca8f657d8e7c5e3f9cd589a811f2ac0b7c8c1da74ecfd0c836408dffaa04e9e6397e72a3e31a8bf634d975625edee6d12dfc6afe76180b0be0bca3d420b74d94b1fe567b05215ae75b0190bb59c7b66c7883bd6cbc32f99f"}, @NL80211_ATTR_IE_ASSOC_RESP={0x149, 0x80, [@ext_channel_switch={0x3c, 0x4, {0x0, 0xf1, 0xa9, 0x5a}}, @random_vendor={0xdd, 0x72, "1407a75e0e812646fa50ef0b895c8afb050e78e3f1c998d673de41759822ce2e7f7d38dfe9ec780008649ba5a781a34fd16684ee1e96ec7a182ee917875206f18636dc25bc5f16d1bebceda18e258f5581370682856751dcf5b79e75434242a27d715572a25865b66920bd5dc0ca959f5a00"}, @perr={0x84, 0xc9, {0x3, 0xd, [@not_ext={{}, @device_b, 0x9, "", 0x1f}, @ext={{}, @device_a, 0x5, @broadcast, 0x19}, @not_ext={{}, @device_a, 0x7, "", 0x35}, @not_ext={{}, @device_b, 0x4, "", 0x37}, @not_ext={{}, @device_a, 0x5, "", 0x2c}, @ext={{}, @device_b, 0x8}, @not_ext={{}, @device_a, 0x1, "", 0x16}, @not_ext={{}, @device_b, 0x95, "", 0x30}, @ext={{}, @broadcast, 0x10000000, @device_a, 0x15}, @ext={{}, @broadcast, 0x6, @device_b, 0x30}, @not_ext={{}, @device_b, 0x9, "", 0x3e}, @ext={{}, @broadcast, 0x30, @device_b, 0x2a}, @not_ext={{}, @device_b, 0x8, "", 0x2e}]}}]}, @NL80211_ATTR_IE={0x28, 0x2a, [@prep={0x83, 0x1f, @not_ext={{}, 0x6, 0x85, @device_b, 0x6, "", 0x3f, 0x4, @device_a, 0x9}}, @dsss={0x3, 0x1, 0xad}]}, @NL80211_ATTR_FTM_RESPONDER={0xd0, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xa, 0x3, "4f87708961a4"}, @NL80211_FTM_RESP_ATTR_LCI={0x23, 0x2, "1515248804e34829f02efe0beaed3e783173ad6612cfad0dd1405fde8e9041"}, @NL80211_FTM_RESP_ATTR_LCI={0x95, 0x2, "28fa2ba5cae12cb0590f9fe1f292e8030fb4554003f02e517515280442e8751075dba123036e483d36ac3d497b5321c0016ea46d70015fed11b48dbb4b2f9ae0030afeae695f563dd2c9182b482f02cffa8fe0500095b4b0d2cdec543bdba9399ac32602e4bee255efa8de0b460755a7dbaf02099aa019ac0b5d6bb45bdf16d722e9b6579fe955fc79a7d2912992249406"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_BEACON_HEAD={0x48f, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x7b47}, @device_a, @broadcast, @from_mac=@device_b, {0x4, 0x5}}, @ver_80211n={0x0, 0x81, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x1, @random=0x6, 0x0, @void, @void, @val={0x3, 0x1, 0x70}, @void, @void, @val={0x5, 0x8b, {0xff, 0x3b, 0xd7, "771a8171a7aa7613e61fb5f18a0b55a85521c412cdb1760558cc07a24918e040bd1c5ca99f8569315875adb838d4926aca4352bd505e14113ed8215a281c9aeab3ca2caa74996e9715fac6270085cf72d3660f3b07a859a3c6897b47ed09832edfdfa0dc8dbb2d0f3094955104081cd620dd121a2cbeb6842155a99ae96040dbefe2bd94d0c700ed"}}, @void, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x6, 0x74, 0x6}}, @val={0x2d, 0x1a, {0x4008, 0x3, 0x3, 0x0, {0x6842, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2}, 0x400, 0x0, 0x1f}}, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0xffffffffffffffff, 0x7, 0x69}}, @void, [{0xdd, 0x92, "0f7e5c9edae21ba1bf9c9eb07f8a0b3b02a1a9d3e01ba345e745f1d4f6e7497db69177f42f3fccb1901a77783eca74985c03b78536771ae4e444eafeb42325a329cab14170a4939061bc1b3cc9462cb665df9dd67344778498d637fe62fa745a73c698be7abbf3665e3584753de84d6d3a6a9b7b3c27ffd6782a255baa7860dac4bb79312a1d3c86fabd3ee2b9ddaaf0a7fe"}, {0xdd, 0xc9, "396b0de70791d88504b3b5d0b06720b09237bf48ad2140f25e13fd8603fc7614cf7849f7c474359f2a006999eaf37ac505cc42630bdf6b7b4db24c19dd9a84232e738bd7f9a334b92eb5e56a236c1041fced2da412447cae3d1ca94572a8fea4a2f8aad29e04cfd4510bb8bb0b4febbcce7ea46ae6decc86c30bdd9fe40ed4b85b53c34c36b085d0347c96465849fef4a52e70f75e4a4aa1fd8a939597d234108ce96c36fa4bd0edeb83ad6dee6d81c988356a43f85628d7d57e4dbfc4b5640b9c4e0729d05331378f"}, {0xdd, 0x4b, "3552703c827f7f2cf17afe87dd416164f7f4789d1a9781218b44b409d23a51755641bc584e422b942eaf47b153124a3b04976813e8b20c4dfbabdbd5d57f638b99b27172ad29633aa06236"}, {0xdd, 0xbf, "7844f48a09680a93008f620bf3b63dafc7406255cf7a71a0d0dd29dcc70173799c3236cc6bec070d7b218dcdc778c708fe39c82ed48a7bf229770fd470cc021a2a35342b9434780e98d6d91f08981fa591c0a62621054c83996fe90b1a334ac634b7aac8a02059fed05db33b3f5f556b6166705ef486f01af5890cc2e8f4f4cdb54b42dbf15f00567fb6da47fd0980d4daea80b872d1bb79d36d35e7b1cdf4c13611e84aba79bd34025a82fffa4eb4058ecc1c628f46273e0ea3c781d3bb43"}, {0xdd, 0x17, "e508338be0c867c41ec670e6d15af8f3dbeb24b76acc28"}, {0xdd, 0xa4, "827f7e6b96552cdc7734723326707f2c636bd6f73c15ec45070ca67814c969377521018be442286f25b6ea31c13a729fc5301a5f3d3eddb305c45c70f23513d748dc03aaea32dcde92f6794718fb03858740624e3d58ab67f689298d08395f6f87a522b7b0fc4918460df689da3008e8597480b8ebda9c55db266c385745f7191266ac1c2c94bc1d3bf07e957a5ee41faa4434b4601faa248da6ed9b62db3c1fb78c11a1"}, {0xdd, 0x77, "f58123fa7cf1ef2c417b16a9da38d9b7531ced4c2dfa91fb56f63b2529194c937f5d15c9664c717104bb03d8ad7c4261d40788f7629ee8394f86bd5a91a572dbf01aeb9aea8a44534d510837d912c817e3fdd8b950bfc50f68676d7164f090c510fcb1a0d70322e669f26e032bd985c2aea6ff69dc761f"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x11, 0x7f, [@tim={0x5, 0x3, {0x80, 0x9, 0x1}}, @ssid={0x0, 0x6, @default_ibss_ssid}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x6, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x7f, 0x7, 0x5, 0x9, 0xc5e, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x5, 0x7308, 0x1]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x14, 0xbb, [0x8, 0x7, 0x823, 0x6, 0x1f, 0x0, 0xff, 0x2]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CSA_IES={0x70, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_PRESP={0x16, 0xbb, [0x1, 0xfffb, 0x3f, 0x7f, 0x8, 0x9, 0x934, 0x8001, 0x5]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x5, 0x5, 0x9, 0x100]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0xff, 0x7, 0x200, 0x2, 0x1, 0x6, 0x9cd4]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x18, 0xbb, [0xd3cb, 0x8001, 0xffff, 0x2, 0x7, 0x100, 0x81, 0x8000, 0x3f, 0x200]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0x979f, 0x1, 0x9, 0x7f, 0x9, 0x1, 0x2]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x1, 0x80]}]}, @NL80211_ATTR_CSA_IES={0x5a0, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0xfff8, 0x401, 0x8000, 0x7f, 0x8, 0x1]}, @beacon_params=[@NL80211_ATTR_FTM_RESPONDER={0x3d4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xb2, 0x3, "acc2df72f4ce532afcedc46a9b320c4ca6ddada4023e13c1ba5528d06cbb292c0e4b98a8e2fce9a2fb71db05c07dadfcf90c52f37187f67fa1d88352ea210ec7dca8c0f68e2c29cb03f1034898115b97e2f0a64dab1f77e6b63cc59b0f94ac7c9e96d7061ec6d3547048a57f5149e4eacbc37d4432636eafa5b6b8f88e8be3c713901fa0dedd2f633ce5df93c85deefb34af1d08ad93efa65f95746b4a8a60336dfbc5ea35868b7edd037746a031"}, @NL80211_FTM_RESP_ATTR_LCI={0xa0, 0x2, "7dcff8351bdfaa5fec73af225d03667ca8df83a94aa641fae12381af692fe489c5f7e9291da371b4de291b4318d2a35ebcb7d0eff4c15f9d3f2ff83f19a779c0dc6ffec08658a28cce40798ebbdff1a819d04a6ae73b767a508533fc125280c52c61960c7ae6be14800f909b3632755a3551b1b7fd6676468f3ca2c017255c2d5c4abad84bff095a99cf58fa6bcf8c5008957bf7433ee60183bd317b"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x76, 0x3, "30fd7d06e019284ffa1c0996744fe50ef5ad634274cb651cf8d286a08b388de6852578e9f781a70d41fabb9b3a894ac3d805b6e1f7fece7cb0376b1cd21dce18e4c9704957c7d413ac5f436c91d63322d827b0f8cb5b9b85c82202eb23291fa1bd849d9ff92f8518215cf2e561527fe72062"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0xf1, 0x2, "450d00216ffd3af84c9220d0c13ca076497015ac19ebd03b8bd46861039e4d721bcd2b6202776c70cef16fc711c89b172c6e43fbe0b5e875d708e4488f5167ce106680853faa1e38cbbc0d8f7cbb9b1cd804729c14ad920f81b4c908b3b5864ede9b27e1bf53f9b48c6635bff9c5965018ecd7367ba9c390dedb7d6120b202d7f8e977e060507337a06bdd3dab9b2425459c2cea41707c4c359ba1fab73b768df9d0af028b12e0868f48071e1e496d347688819754eeb7fe550a3b060e8fab1040427add3934e220dc438ce02c126149f8e3e8ba7491f0d830aa8e4fe9b93cf5ab088e647594dbf0470166b8da"}, @NL80211_FTM_RESP_ATTR_LCI={0x32, 0x2, "cd421e4a796903ed1f702a93b6ed96c6195404c4e812b382ec64c606d01ca94ae50102c597e648c6d0edc9ea3465"}, @NL80211_FTM_RESP_ATTR_LCI={0x3a, 0x2, "5b9cbe426327edd4d3fe9aab2fd948179df95d7d37a1ad466a10628a23a63fa15c24f966e8ae0cf94752bab026c73a8c41b97b253c74"}, @NL80211_FTM_RESP_ATTR_LCI={0x25, 0x2, "150ec88cbc2ac4cd9bac11713d1fcd90e8405d9229accb7fdc39b9a1064ed97230"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "965d52c9cbd32163d0b256daa0f96a9c7e2fbe71c786bb511713a955f18bdcd1d2d46f1271c83fb1cd1679d2a21d2950602d7a4ba5b8ef4ed481a0ae88875750750b925e97408c3886b8c43bb89f51570fb5108304d37af561ee9b8eba40d34db425c4399f4bea586cd0d941f9"}]}, @NL80211_ATTR_FTM_RESPONDER={0x190, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x1b, 0x2, "6e17c4c3c658bb63bf895af974568ff34da81153d24198"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x99, 0x3, "1eb5e619933dc8d7d943468b3261c3fd0c0c8d9fc8767c20bb24bec12d86500d759183384a2809cd30bf564f6298f42c2d8b72fe9659026f8dcb813d8c10a1f93f5452db20240132d9d4da4be778157cca031aaf3b01df0417919326d03afa848d0b4a2f925faccd601a1b9290a5d5d1ce7592d552e6c27d4e0ceeb526afba97dc39a1e80f5c74136cb6772bfbeb598da08b2dee2b"}, @NL80211_FTM_RESP_ATTR_LCI={0xaa, 0x2, "da8689f6604f6366928d6972872e845e0f59f2119bbea4c785502a643f6662d5b195bd9536902a0318e6093872580b2e95ba5035a84970a6e0a25f18daf0dc74476c613bc7981b9a5bf8e3bac78840f138a550b147f5b0f8aec2057bc21c62f66acd18060ab59909d187dcf373af84252a4ab020cb8d029da18e252ea00884d29675eb9db8a9159bf2155d516d68bc8a779b1fc841ff6bbf507b6973823733ac76bf8c2cab1a"}, @NL80211_FTM_RESP_ATTR_LCI={0x22, 0x2, "ea82404e6ea152167116e89f38dd22ea9919219aaa39b06349e2b9d4c5cf"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @NL80211_ATTR_CSA_C_OFF_BEACON={0x8, 0xba, [0xfff7, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xc, 0xba, [0x400, 0x4, 0x7, 0xfff]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x7ff, 0x5]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x80b, 0x800, 0x0]}]}]}, 0x1264}, 0x1, 0x0, 0x0, 0x8080}, 0x20000000) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) connect$nfc_raw(r1, &(0x7f0000000200)={0x27, 0x0, 0x1, 0x1}, 0x10) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33", 0x2}}}, 0x1a) socket(0x11, 0x6, 0x0) 00:11:45 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02"], 0x9) 00:11:45 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060ba300ff9cc6bbffffffffff09000000000000be"], 0x14) (async) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060ba300ff9cc6bbffffffffff09000000000000be"], 0x14) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000040)={0x0, 0x0, r1}) (async) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000040)={0x0, 0x0, r1}) 00:11:45 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) prctl$PR_SET_TIMERSLACK(0x1d, 0x4) 00:11:45 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060ba300ff9cc6bbffffffffff09000000000000be"], 0x14) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000040)={0x0, 0x0, r1}) [ 705.329843][ T5943] Bluetooth: hci1: Malformed LE Event: 0x0b 00:11:45 executing program 0: ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[0x3], 0x1, 0x80800, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, &(0x7f00000000c0)={0x7fff, 0x85, 0x5, 0x7}) write$damon_target_ids(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="b1595df3b488ec26443154fb731c1529ecc47d8d0df2c2689dbc726127ae0e8d9154db6137cfa8c4976e03fe41ee01b559080e92da84d2b41fb5b9a7a40ae43fb90288e549dcbe34a2fbfbae8c3e5201a1be1a9108cfe9c36870077f06fb21a566fde3b8eb5978a73010a66991712e517915e8652700bcf16ba4e14b1386dfd2c759536b9314d40380b8d3d138767b93", @ANYRESDEC=0x0], 0x15) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) [ 705.335351][ T5943] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 705.340969][ T5943] Bluetooth: Wrong link type (-22) [ 705.342249][ T5943] Bluetooth: hci4: link tx timeout [ 705.343437][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:45 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) prctl$PR_SET_TIMERSLACK(0x1d, 0x4) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) prctl$PR_SET_TIMERSLACK(0x1d, 0x4) (async) [ 705.371362][ T5502] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 705.375948][ T5502] Bluetooth: hci2: Malformed LE Event: 0x0b [ 705.377443][ T5502] Bluetooth: hci2: Malformed LE Event: 0x0b [ 705.380625][ T5502] Bluetooth: Wrong link type (-22) 00:11:45 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02c9"], 0x9) [ 705.381937][ T5502] Bluetooth: hci4: link tx timeout [ 705.383105][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:45 executing program 0: ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[0x3], 0x1, 0x80800, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, &(0x7f00000000c0)={0x7fff, 0x85, 0x5, 0x7}) write$damon_target_ids(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="b1595df3b488ec26443154fb731c1529ecc47d8d0df2c2689dbc726127ae0e8d9154db6137cfa8c4976e03fe41ee01b559080e92da84d2b41fb5b9a7a40ae43fb90288e549dcbe34a2fbfbae8c3e5201a1be1a9108cfe9c36870077f06fb21a566fde3b8eb5978a73010a66991712e517915e8652700bcf16ba4e14b1386dfd2c759536b9314d40380b8d3d138767b93", @ANYRESDEC=0x0], 0x15) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) (async) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) [ 705.398192][ T5943] Bluetooth: Wrong link type (-22) [ 705.399415][ T5943] Bluetooth: Wrong link type (-22) 00:11:45 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060ba300ff9cc6bbffffffffff09000000000000be"], 0x14) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000040)={0x0, 0x0, r1}) [ 705.400564][ T5943] Bluetooth: hci4: link tx timeout [ 705.401587][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 705.403765][ T5943] Bluetooth: hci5: link tx timeout [ 705.404852][ T5943] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa [ 705.410009][ T5502] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 705.411651][ T5502] Bluetooth: hci0: Received unexpected HCI Event 0x00 00:11:45 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="f7dea0"], 0x3) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x2, &(0x7f0000000040)={0x7, &(0x7f0000000100)=[{0x401, 0x72, 0x80, 0x7}, {0x4, 0x0, 0x1, 0x400}, {0x7fff, 0xb3, 0x2, 0x6}, {0x3, 0xae, 0x5, 0x6}, {0x0, 0x81, 0x81, 0x241}, {0x99, 0x9, 0x5, 0x2}, {0x800, 0x6, 0x3, 0x100}]}) sendmsg$NL80211_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x58, 0x0, 0x100, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x79}}}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x33}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x25}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x36}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xc}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x21}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x3c}]}, 0x58}, 0x1, 0x0, 0x0, 0x20040884}, 0x440c0) openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) 00:11:45 executing program 0: ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[0x3], 0x1, 0x80800, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, &(0x7f00000000c0)={0x7fff, 0x85, 0x5, 0x7}) write$damon_target_ids(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="b1595df3b488ec26443154fb731c1529ecc47d8d0df2c2689dbc726127ae0e8d9154db6137cfa8c4976e03fe41ee01b559080e92da84d2b41fb5b9a7a40ae43fb90288e549dcbe34a2fbfbae8c3e5201a1be1a9108cfe9c36870077f06fb21a566fde3b8eb5978a73010a66991712e517915e8652700bcf16ba4e14b1386dfd2c759536b9314d40380b8d3d138767b93", @ANYRESDEC=0x0], 0x15) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[0x3], 0x1, 0x80800}) (async) ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, &(0x7f00000000c0)={0x7fff, 0x85, 0x5, 0x7}) (async) write$damon_target_ids(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="b1595df3b488ec26443154fb731c1529ecc47d8d0df2c2689dbc726127ae0e8d9154db6137cfa8c4976e03fe41ee01b559080e92da84d2b41fb5b9a7a40ae43fb90288e549dcbe34a2fbfbae8c3e5201a1be1a9108cfe9c36870077f06fb21a566fde3b8eb5978a73010a66991712e517915e8652700bcf16ba4e14b1386dfd2c759536b9314d40380b8d3d138767b93", @ANYRESDEC=0x0], 0x15) (async) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) (async) [ 705.469241][ T5502] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 705.481069][ T5502] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 705.485047][ T5502] Bluetooth: hci1: Malformed LE Event: 0x0b 00:11:45 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02"], 0x9) 00:11:45 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) prctl$PR_SET_TIMERSLACK(0x1d, 0x4) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) prctl$PR_SET_TIMERSLACK(0x1d, 0x4) (async) 00:11:45 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) read$watch_queue(r1, &(0x7f0000000000)=""/131, 0x83) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="621f9b1979f02d43bc32e46911f87e926deebb2587609ae8fbcffdc661c62dfb9917c0bcae1637dff766e1a243a42bf48b153bc7ce87297c87672425ee5d3b10f3531517d54579df68e5397f33c35a680f940748c5de461e9b9fa1f1c224468c3ab229a5e881a143eae26dab06bf99f5b0d01ab75ea718a5203fce8c27c46b7b4f9e811800030419dd28faf91255ece606a5192d4cdb494720dd992f9d7d768ac352de0acd10a31b52d700000000", @ANYRESHEX=r0, @ANYRES32=r0, @ANYRES16=r2, @ANYRES32=r1], 0x9) 00:11:45 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060ba300ff9cc6bbffffffffff09000000000000be"], 0x14) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) 00:11:45 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="f7dea0"], 0x3) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x2, &(0x7f0000000040)={0x7, &(0x7f0000000100)=[{0x401, 0x72, 0x80, 0x7}, {0x4, 0x0, 0x1, 0x400}, {0x7fff, 0xb3, 0x2, 0x6}, {0x3, 0xae, 0x5, 0x6}, {0x0, 0x81, 0x81, 0x241}, {0x99, 0x9, 0x5, 0x2}, {0x800, 0x6, 0x3, 0x100}]}) (async) sendmsg$NL80211_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x58, 0x0, 0x100, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x79}}}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x33}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x25}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x36}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xc}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x21}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x3c}]}, 0x58}, 0x1, 0x0, 0x0, 0x20040884}, 0x440c0) (async) openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) [ 705.605545][ T5502] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:45 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000180)={0x0, 0x9}) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x60c280, 0x0) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000226bd7000fbdbdf25550000000800010b6a000000"], 0x1c}}, 0x800) socket$inet6(0xa, 0x2, 0x101) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000015c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001580)={&(0x7f0000000300)={0x1264, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CSA_IES={0xc34, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_PROBE_RESP={0x50d, 0x91, "1e899196b82f35f5281a6386a101ad7b5fe8a2577bb8917df5d1440aca1b4074881756e3dc8561dfb89365dc31f7adcdb86916f299236670a6368d8b7349e318aa711eb3d78eb9ee08bc6e2ad8c446d1dfee50438d9e744251fe372d28e44a7a3d403a56370475c9ce1999ae3f8f673b68077c2ca1d0f1a642407b1a6517fc17064fbdc210f5edce36cd64fedf24a52f9f3fcd546512e6ac1aa506fc15f1d26a90573944e9f9b68eea58f892c4f898462fc0f7f1efe515aa4ed057784491c7c40aee8591754bc6b98b3947559b586fb972444eb38f8aebfc59a6caa3ca4e8ef847904bdf836b7d6d974ff639144119de33a382cf5e1504686bd219342151a2b744d78d86b40cdc206f15a9f8258327494f036fda3951f3c866678bb66d987470389e480ffeb9652fd3cb626cf57f6d2f56b20396d6d9c34033539f31a7559f25475ca501ce2136f9d1d724dadb90a1fd23dce6ddb22628f53baf7763f52c47de7a003ec8f3ed2f4abb9673f7f19d88a902d838ca2561e70d2f1d0c1d0b83e4670ed1b9426be634768782f94743198194145a33c6110048f2573bfd50fc7c0198d8e6fc26b0f7ab293413856031fa5a6f15fb9c8be67dfb57d6630da5ad24b4e93112264145a38a593c35a8021f0d09f6e4ccbca269b30a849fd0d225296d5dd8c6bccb7de78fae4f743986b80454e526dd2ad05e06dd054b02bebeddeae90076fa8b72b202ea8804875197cce0a76420162032aad83cf7107732d8867fd4ae36a5a0099a76bbb9db225189dabb32b5d077756189a91caa7547df08685ef0219f04d4dd79c3bf9d4a12c404e1b11b519eaef8d1183eeb19df9417e90399c013bf87b5739f0de71c510f9e361964a3a8a7c71d57b980856b251b00a03d13311210c159bc14508740a0a194f93e15b8509dd025c35366d157dbad150d6d9027322b05320d0b54cbee51aec566d614424ee186292a8ac5253afd286b40ae457b7598b04f51d4905c47c9706f114c3515601cf1ad3ec812364acc9ab8500d191b251045a28ecd975782405203cfb14ace9cfc189410318fcd3cc8f47b359baad7be757d176eba58bd6befa4fb5183d6832f3037f27d62981795d6d4decadb5da76b6e0e9cb1a8f69ef58249bf8774deee8d207bf353982462b71281ecf553294a2afc60c354e4f4278942c43d181daa77ce554286a43c8ec828091c2cf9253353d295763b7f85241b0c88f53d0f0f86c00963c3f790adf100b083b89b54a3b2d914e0460f2c5673e6b53ef07d6c96bd806068c2c4f092ed13c774f340c5a094b5dd97f9762691759cca28b2d1efe8fe32255608ec10bf317dc1290026295b025c21c8e1c4f11e77f46ff6939c62314bcd247771e81a7735786976e67d8d1cd01a7c6eedabf0aaae46add24e93ff94279bb0396a7868a0cde04ad97b4f53cb2e4b6675e314bbc1293bf770db7adb66960546d4711aa2553854144253b1a1ffa78a6c60435e34c3052371d10c7ce1e9e9679d4f3bca3e1b5b002395531ce4b0e13bc754dc47703b28d3b12c4b07a5faa80f70072731225bc2fa738c01831b0306abeec9e1b439a62716ccaf5bb4f8d9cc9773e9b6a8e657c21b2b83bacec38ee334f7ae04cc910768aadbd3d4427510d567a98c56a899d5731d5cfc1ef9e6cb86de1f643da03eb4518b5dda38f82277bce5548b90ca8f657d8e7c5e3f9cd589a811f2ac0b7c8c1da74ecfd0c836408dffaa04e9e6397e72a3e31a8bf634d975625edee6d12dfc6afe76180b0be0bca3d420b74d94b1fe567b05215ae75b0190bb59c7b66c7883bd6cbc32f99f"}, @NL80211_ATTR_IE_ASSOC_RESP={0x149, 0x80, [@ext_channel_switch={0x3c, 0x4, {0x0, 0xf1, 0xa9, 0x5a}}, @random_vendor={0xdd, 0x72, "1407a75e0e812646fa50ef0b895c8afb050e78e3f1c998d673de41759822ce2e7f7d38dfe9ec780008649ba5a781a34fd16684ee1e96ec7a182ee917875206f18636dc25bc5f16d1bebceda18e258f5581370682856751dcf5b79e75434242a27d715572a25865b66920bd5dc0ca959f5a00"}, @perr={0x84, 0xc9, {0x3, 0xd, [@not_ext={{}, @device_b, 0x9, "", 0x1f}, @ext={{}, @device_a, 0x5, @broadcast, 0x19}, @not_ext={{}, @device_a, 0x7, "", 0x35}, @not_ext={{}, @device_b, 0x4, "", 0x37}, @not_ext={{}, @device_a, 0x5, "", 0x2c}, @ext={{}, @device_b, 0x8}, @not_ext={{}, @device_a, 0x1, "", 0x16}, @not_ext={{}, @device_b, 0x95, "", 0x30}, @ext={{}, @broadcast, 0x10000000, @device_a, 0x15}, @ext={{}, @broadcast, 0x6, @device_b, 0x30}, @not_ext={{}, @device_b, 0x9, "", 0x3e}, @ext={{}, @broadcast, 0x30, @device_b, 0x2a}, @not_ext={{}, @device_b, 0x8, "", 0x2e}]}}]}, @NL80211_ATTR_IE={0x28, 0x2a, [@prep={0x83, 0x1f, @not_ext={{}, 0x6, 0x85, @device_b, 0x6, "", 0x3f, 0x4, @device_a, 0x9}}, @dsss={0x3, 0x1, 0xad}]}, @NL80211_ATTR_FTM_RESPONDER={0xd0, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xa, 0x3, "4f87708961a4"}, @NL80211_FTM_RESP_ATTR_LCI={0x23, 0x2, "1515248804e34829f02efe0beaed3e783173ad6612cfad0dd1405fde8e9041"}, @NL80211_FTM_RESP_ATTR_LCI={0x95, 0x2, "28fa2ba5cae12cb0590f9fe1f292e8030fb4554003f02e517515280442e8751075dba123036e483d36ac3d497b5321c0016ea46d70015fed11b48dbb4b2f9ae0030afeae695f563dd2c9182b482f02cffa8fe0500095b4b0d2cdec543bdba9399ac32602e4bee255efa8de0b460755a7dbaf02099aa019ac0b5d6bb45bdf16d722e9b6579fe955fc79a7d2912992249406"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_BEACON_HEAD={0x48f, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x7b47}, @device_a, @broadcast, @from_mac=@device_b, {0x4, 0x5}}, @ver_80211n={0x0, 0x81, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x1, @random=0x6, 0x0, @void, @void, @val={0x3, 0x1, 0x70}, @void, @void, @val={0x5, 0x8b, {0xff, 0x3b, 0xd7, "771a8171a7aa7613e61fb5f18a0b55a85521c412cdb1760558cc07a24918e040bd1c5ca99f8569315875adb838d4926aca4352bd505e14113ed8215a281c9aeab3ca2caa74996e9715fac6270085cf72d3660f3b07a859a3c6897b47ed09832edfdfa0dc8dbb2d0f3094955104081cd620dd121a2cbeb6842155a99ae96040dbefe2bd94d0c700ed"}}, @void, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x6, 0x74, 0x6}}, @val={0x2d, 0x1a, {0x4008, 0x3, 0x3, 0x0, {0x6842, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2}, 0x400, 0x0, 0x1f}}, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0xffffffffffffffff, 0x7, 0x69}}, @void, [{0xdd, 0x92, "0f7e5c9edae21ba1bf9c9eb07f8a0b3b02a1a9d3e01ba345e745f1d4f6e7497db69177f42f3fccb1901a77783eca74985c03b78536771ae4e444eafeb42325a329cab14170a4939061bc1b3cc9462cb665df9dd67344778498d637fe62fa745a73c698be7abbf3665e3584753de84d6d3a6a9b7b3c27ffd6782a255baa7860dac4bb79312a1d3c86fabd3ee2b9ddaaf0a7fe"}, {0xdd, 0xc9, "396b0de70791d88504b3b5d0b06720b09237bf48ad2140f25e13fd8603fc7614cf7849f7c474359f2a006999eaf37ac505cc42630bdf6b7b4db24c19dd9a84232e738bd7f9a334b92eb5e56a236c1041fced2da412447cae3d1ca94572a8fea4a2f8aad29e04cfd4510bb8bb0b4febbcce7ea46ae6decc86c30bdd9fe40ed4b85b53c34c36b085d0347c96465849fef4a52e70f75e4a4aa1fd8a939597d234108ce96c36fa4bd0edeb83ad6dee6d81c988356a43f85628d7d57e4dbfc4b5640b9c4e0729d05331378f"}, {0xdd, 0x4b, "3552703c827f7f2cf17afe87dd416164f7f4789d1a9781218b44b409d23a51755641bc584e422b942eaf47b153124a3b04976813e8b20c4dfbabdbd5d57f638b99b27172ad29633aa06236"}, {0xdd, 0xbf, "7844f48a09680a93008f620bf3b63dafc7406255cf7a71a0d0dd29dcc70173799c3236cc6bec070d7b218dcdc778c708fe39c82ed48a7bf229770fd470cc021a2a35342b9434780e98d6d91f08981fa591c0a62621054c83996fe90b1a334ac634b7aac8a02059fed05db33b3f5f556b6166705ef486f01af5890cc2e8f4f4cdb54b42dbf15f00567fb6da47fd0980d4daea80b872d1bb79d36d35e7b1cdf4c13611e84aba79bd34025a82fffa4eb4058ecc1c628f46273e0ea3c781d3bb43"}, {0xdd, 0x17, "e508338be0c867c41ec670e6d15af8f3dbeb24b76acc28"}, {0xdd, 0xa4, "827f7e6b96552cdc7734723326707f2c636bd6f73c15ec45070ca67814c969377521018be442286f25b6ea31c13a729fc5301a5f3d3eddb305c45c70f23513d748dc03aaea32dcde92f6794718fb03858740624e3d58ab67f689298d08395f6f87a522b7b0fc4918460df689da3008e8597480b8ebda9c55db266c385745f7191266ac1c2c94bc1d3bf07e957a5ee41faa4434b4601faa248da6ed9b62db3c1fb78c11a1"}, {0xdd, 0x77, "f58123fa7cf1ef2c417b16a9da38d9b7531ced4c2dfa91fb56f63b2529194c937f5d15c9664c717104bb03d8ad7c4261d40788f7629ee8394f86bd5a91a572dbf01aeb9aea8a44534d510837d912c817e3fdd8b950bfc50f68676d7164f090c510fcb1a0d70322e669f26e032bd985c2aea6ff69dc761f"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x11, 0x7f, [@tim={0x5, 0x3, {0x80, 0x9, 0x1}}, @ssid={0x0, 0x6, @default_ibss_ssid}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x6, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x7f, 0x7, 0x5, 0x9, 0xc5e, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x5, 0x7308, 0x1]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x14, 0xbb, [0x8, 0x7, 0x823, 0x6, 0x1f, 0x0, 0xff, 0x2]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CSA_IES={0x70, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_PRESP={0x16, 0xbb, [0x1, 0xfffb, 0x3f, 0x7f, 0x8, 0x9, 0x934, 0x8001, 0x5]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x5, 0x5, 0x9, 0x100]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0xff, 0x7, 0x200, 0x2, 0x1, 0x6, 0x9cd4]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x18, 0xbb, [0xd3cb, 0x8001, 0xffff, 0x2, 0x7, 0x100, 0x81, 0x8000, 0x3f, 0x200]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0x979f, 0x1, 0x9, 0x7f, 0x9, 0x1, 0x2]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x1, 0x80]}]}, @NL80211_ATTR_CSA_IES={0x5a0, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0xfff8, 0x401, 0x8000, 0x7f, 0x8, 0x1]}, @beacon_params=[@NL80211_ATTR_FTM_RESPONDER={0x3d4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xb2, 0x3, "acc2df72f4ce532afcedc46a9b320c4ca6ddada4023e13c1ba5528d06cbb292c0e4b98a8e2fce9a2fb71db05c07dadfcf90c52f37187f67fa1d88352ea210ec7dca8c0f68e2c29cb03f1034898115b97e2f0a64dab1f77e6b63cc59b0f94ac7c9e96d7061ec6d3547048a57f5149e4eacbc37d4432636eafa5b6b8f88e8be3c713901fa0dedd2f633ce5df93c85deefb34af1d08ad93efa65f95746b4a8a60336dfbc5ea35868b7edd037746a031"}, @NL80211_FTM_RESP_ATTR_LCI={0xa0, 0x2, "7dcff8351bdfaa5fec73af225d03667ca8df83a94aa641fae12381af692fe489c5f7e9291da371b4de291b4318d2a35ebcb7d0eff4c15f9d3f2ff83f19a779c0dc6ffec08658a28cce40798ebbdff1a819d04a6ae73b767a508533fc125280c52c61960c7ae6be14800f909b3632755a3551b1b7fd6676468f3ca2c017255c2d5c4abad84bff095a99cf58fa6bcf8c5008957bf7433ee60183bd317b"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x76, 0x3, "30fd7d06e019284ffa1c0996744fe50ef5ad634274cb651cf8d286a08b388de6852578e9f781a70d41fabb9b3a894ac3d805b6e1f7fece7cb0376b1cd21dce18e4c9704957c7d413ac5f436c91d63322d827b0f8cb5b9b85c82202eb23291fa1bd849d9ff92f8518215cf2e561527fe72062"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0xf1, 0x2, "450d00216ffd3af84c9220d0c13ca076497015ac19ebd03b8bd46861039e4d721bcd2b6202776c70cef16fc711c89b172c6e43fbe0b5e875d708e4488f5167ce106680853faa1e38cbbc0d8f7cbb9b1cd804729c14ad920f81b4c908b3b5864ede9b27e1bf53f9b48c6635bff9c5965018ecd7367ba9c390dedb7d6120b202d7f8e977e060507337a06bdd3dab9b2425459c2cea41707c4c359ba1fab73b768df9d0af028b12e0868f48071e1e496d347688819754eeb7fe550a3b060e8fab1040427add3934e220dc438ce02c126149f8e3e8ba7491f0d830aa8e4fe9b93cf5ab088e647594dbf0470166b8da"}, @NL80211_FTM_RESP_ATTR_LCI={0x32, 0x2, "cd421e4a796903ed1f702a93b6ed96c6195404c4e812b382ec64c606d01ca94ae50102c597e648c6d0edc9ea3465"}, @NL80211_FTM_RESP_ATTR_LCI={0x3a, 0x2, "5b9cbe426327edd4d3fe9aab2fd948179df95d7d37a1ad466a10628a23a63fa15c24f966e8ae0cf94752bab026c73a8c41b97b253c74"}, @NL80211_FTM_RESP_ATTR_LCI={0x25, 0x2, "150ec88cbc2ac4cd9bac11713d1fcd90e8405d9229accb7fdc39b9a1064ed97230"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "965d52c9cbd32163d0b256daa0f96a9c7e2fbe71c786bb511713a955f18bdcd1d2d46f1271c83fb1cd1679d2a21d2950602d7a4ba5b8ef4ed481a0ae88875750750b925e97408c3886b8c43bb89f51570fb5108304d37af561ee9b8eba40d34db425c4399f4bea586cd0d941f9"}]}, @NL80211_ATTR_FTM_RESPONDER={0x190, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x1b, 0x2, "6e17c4c3c658bb63bf895af974568ff34da81153d24198"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x99, 0x3, "1eb5e619933dc8d7d943468b3261c3fd0c0c8d9fc8767c20bb24bec12d86500d759183384a2809cd30bf564f6298f42c2d8b72fe9659026f8dcb813d8c10a1f93f5452db20240132d9d4da4be778157cca031aaf3b01df0417919326d03afa848d0b4a2f925faccd601a1b9290a5d5d1ce7592d552e6c27d4e0ceeb526afba97dc39a1e80f5c74136cb6772bfbeb598da08b2dee2b"}, @NL80211_FTM_RESP_ATTR_LCI={0xaa, 0x2, "da8689f6604f6366928d6972872e845e0f59f2119bbea4c785502a643f6662d5b195bd9536902a0318e6093872580b2e95ba5035a84970a6e0a25f18daf0dc74476c613bc7981b9a5bf8e3bac78840f138a550b147f5b0f8aec2057bc21c62f66acd18060ab59909d187dcf373af84252a4ab020cb8d029da18e252ea00884d29675eb9db8a9159bf2155d516d68bc8a779b1fc841ff6bbf507b6973823733ac76bf8c2cab1a"}, @NL80211_FTM_RESP_ATTR_LCI={0x22, 0x2, "ea82404e6ea152167116e89f38dd22ea9919219aaa39b06349e2b9d4c5cf"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @NL80211_ATTR_CSA_C_OFF_BEACON={0x8, 0xba, [0xfff7, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xc, 0xba, [0x400, 0x4, 0x7, 0xfff]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x7ff, 0x5]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x80b, 0x800, 0x0]}]}]}, 0x1264}, 0x1, 0x0, 0x0, 0x8080}, 0x20000000) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) connect$nfc_raw(r1, &(0x7f0000000200)={0x27, 0x0, 0x1, 0x1}, 0x10) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33", 0x2}}}, 0x1a) [ 705.625842][ T5502] Bluetooth: hci1: Malformed LE Event: 0x0b 00:11:45 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02"], 0x9) 00:11:45 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060ba300ff9cc6bbffffffffff09000000000000be"], 0x14) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) [ 705.661415][ T5502] Bluetooth: Wrong link type (-22) [ 705.662613][ T5502] Bluetooth: Wrong link type (-22) [ 705.664204][ T5502] Bluetooth: hci4: link tx timeout [ 705.665315][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:45 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) read$watch_queue(r1, &(0x7f0000000000)=""/131, 0x83) (async) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="621f9b1979f02d43bc32e46911f87e926deebb2587609ae8fbcffdc661c62dfb9917c0bcae1637dff766e1a243a42bf48b153bc7ce87297c87672425ee5d3b10f3531517d54579df68e5397f33c35a680f940748c5de461e9b9fa1f1c224468c3ab229a5e881a143eae26dab06bf99f5b0d01ab75ea718a5203fce8c27c46b7b4f9e811800030419dd28faf91255ece606a5192d4cdb494720dd992f9d7d768ac352de0acd10a31b52d700000000", @ANYRESHEX=r0, @ANYRES32=r0, @ANYRES16=r2, @ANYRES32=r1], 0x9) [ 705.676585][ T5943] Bluetooth: Wrong link type (-22) [ 705.677761][ T5943] Bluetooth: hci5: link tx timeout [ 705.678775][ T5943] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:45 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0xc0) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x8, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x400c004}, 0x0) [ 705.712233][ T5502] Bluetooth: hci1: Malformed LE Event: 0x0b [ 705.713962][ T5502] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 705.733145][ T5502] Bluetooth: Wrong link type (-22) [ 705.734388][ T5502] Bluetooth: hci4: link tx timeout [ 705.735624][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:45 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060ba300ff9cc6bbffffffffff09000000000000be"], 0x14) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) 00:11:45 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="f7dea0"], 0x3) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x2, &(0x7f0000000040)={0x7, &(0x7f0000000100)=[{0x401, 0x72, 0x80, 0x7}, {0x4, 0x0, 0x1, 0x400}, {0x7fff, 0xb3, 0x2, 0x6}, {0x3, 0xae, 0x5, 0x6}, {0x0, 0x81, 0x81, 0x241}, {0x99, 0x9, 0x5, 0x2}, {0x800, 0x6, 0x3, 0x100}]}) sendmsg$NL80211_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x58, 0x0, 0x100, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x79}}}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x33}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x25}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x36}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xc}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x21}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x3c}]}, 0x58}, 0x1, 0x0, 0x0, 0x20040884}, 0x440c0) (async) openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) 00:11:45 executing program 5: syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="02"], 0x9) 00:11:45 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) (async) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0xc0) (async) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x8, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x400c004}, 0x0) [ 705.775511][ T5502] Bluetooth: hci1: Malformed LE Event: 0x0b 00:11:45 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060ba300ff9cc6bbffffffffff09000000000000be"], 0x14) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) [ 705.804872][ T5502] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:45 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) read$watch_queue(r1, &(0x7f0000000000)=""/131, 0x83) (async) read$watch_queue(r1, &(0x7f0000000000)=""/131, 0x83) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="621f9b1979f02d43bc32e46911f87e926deebb2587609ae8fbcffdc661c62dfb9917c0bcae1637dff766e1a243a42bf48b153bc7ce87297c87672425ee5d3b10f3531517d54579df68e5397f33c35a680f940748c5de461e9b9fa1f1c224468c3ab229a5e881a143eae26dab06bf99f5b0d01ab75ea718a5203fce8c27c46b7b4f9e811800030419dd28faf91255ece606a5192d4cdb494720dd992f9d7d768ac352de0acd10a31b52d700000000", @ANYRESHEX=r0, @ANYRES32=r0, @ANYRES16=r2, @ANYRES32=r1], 0x9) [ 705.830999][ T5502] Bluetooth: Wrong link type (-22) [ 705.832215][ T5502] Bluetooth: hci4: link tx timeout [ 705.833451][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:45 executing program 5: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) read$watch_queue(r1, &(0x7f0000000000)=""/131, 0x83) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="621f9b1979f02d43bc32e46911f87e926deebb2587609ae8fbcffdc661c62dfb9917c0bcae1637dff766e1a243a42bf48b153bc7ce87297c87672425ee5d3b10f3531517d54579df68e5397f33c35a680f940748c5de461e9b9fa1f1c224468c3ab229a5e881a143eae26dab06bf99f5b0d01ab75ea718a5203fce8c27c46b7b4f9e811800030419dd28faf91255ece606a5192d4cdb494720dd992f9d7d768ac352de0acd10a31b52d700000000", @ANYRESHEX=r0, @ANYRES32=r0, @ANYRES16=r2, @ANYRES32=r1], 0x9) 00:11:45 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000180)={0x0, 0x9}) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x60c280, 0x0) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000226bd7000fbdbdf25550000000800010b6a000000"], 0x1c}}, 0x800) socket$inet6(0xa, 0x2, 0x101) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000015c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001580)={&(0x7f0000000300)={0x1264, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CSA_IES={0xc34, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_PROBE_RESP={0x50d, 0x91, "1e899196b82f35f5281a6386a101ad7b5fe8a2577bb8917df5d1440aca1b4074881756e3dc8561dfb89365dc31f7adcdb86916f299236670a6368d8b7349e318aa711eb3d78eb9ee08bc6e2ad8c446d1dfee50438d9e744251fe372d28e44a7a3d403a56370475c9ce1999ae3f8f673b68077c2ca1d0f1a642407b1a6517fc17064fbdc210f5edce36cd64fedf24a52f9f3fcd546512e6ac1aa506fc15f1d26a90573944e9f9b68eea58f892c4f898462fc0f7f1efe515aa4ed057784491c7c40aee8591754bc6b98b3947559b586fb972444eb38f8aebfc59a6caa3ca4e8ef847904bdf836b7d6d974ff639144119de33a382cf5e1504686bd219342151a2b744d78d86b40cdc206f15a9f8258327494f036fda3951f3c866678bb66d987470389e480ffeb9652fd3cb626cf57f6d2f56b20396d6d9c34033539f31a7559f25475ca501ce2136f9d1d724dadb90a1fd23dce6ddb22628f53baf7763f52c47de7a003ec8f3ed2f4abb9673f7f19d88a902d838ca2561e70d2f1d0c1d0b83e4670ed1b9426be634768782f94743198194145a33c6110048f2573bfd50fc7c0198d8e6fc26b0f7ab293413856031fa5a6f15fb9c8be67dfb57d6630da5ad24b4e93112264145a38a593c35a8021f0d09f6e4ccbca269b30a849fd0d225296d5dd8c6bccb7de78fae4f743986b80454e526dd2ad05e06dd054b02bebeddeae90076fa8b72b202ea8804875197cce0a76420162032aad83cf7107732d8867fd4ae36a5a0099a76bbb9db225189dabb32b5d077756189a91caa7547df08685ef0219f04d4dd79c3bf9d4a12c404e1b11b519eaef8d1183eeb19df9417e90399c013bf87b5739f0de71c510f9e361964a3a8a7c71d57b980856b251b00a03d13311210c159bc14508740a0a194f93e15b8509dd025c35366d157dbad150d6d9027322b05320d0b54cbee51aec566d614424ee186292a8ac5253afd286b40ae457b7598b04f51d4905c47c9706f114c3515601cf1ad3ec812364acc9ab8500d191b251045a28ecd975782405203cfb14ace9cfc189410318fcd3cc8f47b359baad7be757d176eba58bd6befa4fb5183d6832f3037f27d62981795d6d4decadb5da76b6e0e9cb1a8f69ef58249bf8774deee8d207bf353982462b71281ecf553294a2afc60c354e4f4278942c43d181daa77ce554286a43c8ec828091c2cf9253353d295763b7f85241b0c88f53d0f0f86c00963c3f790adf100b083b89b54a3b2d914e0460f2c5673e6b53ef07d6c96bd806068c2c4f092ed13c774f340c5a094b5dd97f9762691759cca28b2d1efe8fe32255608ec10bf317dc1290026295b025c21c8e1c4f11e77f46ff6939c62314bcd247771e81a7735786976e67d8d1cd01a7c6eedabf0aaae46add24e93ff94279bb0396a7868a0cde04ad97b4f53cb2e4b6675e314bbc1293bf770db7adb66960546d4711aa2553854144253b1a1ffa78a6c60435e34c3052371d10c7ce1e9e9679d4f3bca3e1b5b002395531ce4b0e13bc754dc47703b28d3b12c4b07a5faa80f70072731225bc2fa738c01831b0306abeec9e1b439a62716ccaf5bb4f8d9cc9773e9b6a8e657c21b2b83bacec38ee334f7ae04cc910768aadbd3d4427510d567a98c56a899d5731d5cfc1ef9e6cb86de1f643da03eb4518b5dda38f82277bce5548b90ca8f657d8e7c5e3f9cd589a811f2ac0b7c8c1da74ecfd0c836408dffaa04e9e6397e72a3e31a8bf634d975625edee6d12dfc6afe76180b0be0bca3d420b74d94b1fe567b05215ae75b0190bb59c7b66c7883bd6cbc32f99f"}, @NL80211_ATTR_IE_ASSOC_RESP={0x149, 0x80, [@ext_channel_switch={0x3c, 0x4, {0x0, 0xf1, 0xa9, 0x5a}}, @random_vendor={0xdd, 0x72, "1407a75e0e812646fa50ef0b895c8afb050e78e3f1c998d673de41759822ce2e7f7d38dfe9ec780008649ba5a781a34fd16684ee1e96ec7a182ee917875206f18636dc25bc5f16d1bebceda18e258f5581370682856751dcf5b79e75434242a27d715572a25865b66920bd5dc0ca959f5a00"}, @perr={0x84, 0xc9, {0x3, 0xd, [@not_ext={{}, @device_b, 0x9, "", 0x1f}, @ext={{}, @device_a, 0x5, @broadcast, 0x19}, @not_ext={{}, @device_a, 0x7, "", 0x35}, @not_ext={{}, @device_b, 0x4, "", 0x37}, @not_ext={{}, @device_a, 0x5, "", 0x2c}, @ext={{}, @device_b, 0x8}, @not_ext={{}, @device_a, 0x1, "", 0x16}, @not_ext={{}, @device_b, 0x95, "", 0x30}, @ext={{}, @broadcast, 0x10000000, @device_a, 0x15}, @ext={{}, @broadcast, 0x6, @device_b, 0x30}, @not_ext={{}, @device_b, 0x9, "", 0x3e}, @ext={{}, @broadcast, 0x30, @device_b, 0x2a}, @not_ext={{}, @device_b, 0x8, "", 0x2e}]}}]}, @NL80211_ATTR_IE={0x28, 0x2a, [@prep={0x83, 0x1f, @not_ext={{}, 0x6, 0x85, @device_b, 0x6, "", 0x3f, 0x4, @device_a, 0x9}}, @dsss={0x3, 0x1, 0xad}]}, @NL80211_ATTR_FTM_RESPONDER={0xd0, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xa, 0x3, "4f87708961a4"}, @NL80211_FTM_RESP_ATTR_LCI={0x23, 0x2, "1515248804e34829f02efe0beaed3e783173ad6612cfad0dd1405fde8e9041"}, @NL80211_FTM_RESP_ATTR_LCI={0x95, 0x2, "28fa2ba5cae12cb0590f9fe1f292e8030fb4554003f02e517515280442e8751075dba123036e483d36ac3d497b5321c0016ea46d70015fed11b48dbb4b2f9ae0030afeae695f563dd2c9182b482f02cffa8fe0500095b4b0d2cdec543bdba9399ac32602e4bee255efa8de0b460755a7dbaf02099aa019ac0b5d6bb45bdf16d722e9b6579fe955fc79a7d2912992249406"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_BEACON_HEAD={0x48f, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x7b47}, @device_a, @broadcast, @from_mac=@device_b, {0x4, 0x5}}, @ver_80211n={0x0, 0x81, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x1, @random=0x6, 0x0, @void, @void, @val={0x3, 0x1, 0x70}, @void, @void, @val={0x5, 0x8b, {0xff, 0x3b, 0xd7, "771a8171a7aa7613e61fb5f18a0b55a85521c412cdb1760558cc07a24918e040bd1c5ca99f8569315875adb838d4926aca4352bd505e14113ed8215a281c9aeab3ca2caa74996e9715fac6270085cf72d3660f3b07a859a3c6897b47ed09832edfdfa0dc8dbb2d0f3094955104081cd620dd121a2cbeb6842155a99ae96040dbefe2bd94d0c700ed"}}, @void, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x6, 0x74, 0x6}}, @val={0x2d, 0x1a, {0x4008, 0x3, 0x3, 0x0, {0x6842, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2}, 0x400, 0x0, 0x1f}}, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0xffffffffffffffff, 0x7, 0x69}}, @void, [{0xdd, 0x92, "0f7e5c9edae21ba1bf9c9eb07f8a0b3b02a1a9d3e01ba345e745f1d4f6e7497db69177f42f3fccb1901a77783eca74985c03b78536771ae4e444eafeb42325a329cab14170a4939061bc1b3cc9462cb665df9dd67344778498d637fe62fa745a73c698be7abbf3665e3584753de84d6d3a6a9b7b3c27ffd6782a255baa7860dac4bb79312a1d3c86fabd3ee2b9ddaaf0a7fe"}, {0xdd, 0xc9, "396b0de70791d88504b3b5d0b06720b09237bf48ad2140f25e13fd8603fc7614cf7849f7c474359f2a006999eaf37ac505cc42630bdf6b7b4db24c19dd9a84232e738bd7f9a334b92eb5e56a236c1041fced2da412447cae3d1ca94572a8fea4a2f8aad29e04cfd4510bb8bb0b4febbcce7ea46ae6decc86c30bdd9fe40ed4b85b53c34c36b085d0347c96465849fef4a52e70f75e4a4aa1fd8a939597d234108ce96c36fa4bd0edeb83ad6dee6d81c988356a43f85628d7d57e4dbfc4b5640b9c4e0729d05331378f"}, {0xdd, 0x4b, "3552703c827f7f2cf17afe87dd416164f7f4789d1a9781218b44b409d23a51755641bc584e422b942eaf47b153124a3b04976813e8b20c4dfbabdbd5d57f638b99b27172ad29633aa06236"}, {0xdd, 0xbf, "7844f48a09680a93008f620bf3b63dafc7406255cf7a71a0d0dd29dcc70173799c3236cc6bec070d7b218dcdc778c708fe39c82ed48a7bf229770fd470cc021a2a35342b9434780e98d6d91f08981fa591c0a62621054c83996fe90b1a334ac634b7aac8a02059fed05db33b3f5f556b6166705ef486f01af5890cc2e8f4f4cdb54b42dbf15f00567fb6da47fd0980d4daea80b872d1bb79d36d35e7b1cdf4c13611e84aba79bd34025a82fffa4eb4058ecc1c628f46273e0ea3c781d3bb43"}, {0xdd, 0x17, "e508338be0c867c41ec670e6d15af8f3dbeb24b76acc28"}, {0xdd, 0xa4, "827f7e6b96552cdc7734723326707f2c636bd6f73c15ec45070ca67814c969377521018be442286f25b6ea31c13a729fc5301a5f3d3eddb305c45c70f23513d748dc03aaea32dcde92f6794718fb03858740624e3d58ab67f689298d08395f6f87a522b7b0fc4918460df689da3008e8597480b8ebda9c55db266c385745f7191266ac1c2c94bc1d3bf07e957a5ee41faa4434b4601faa248da6ed9b62db3c1fb78c11a1"}, {0xdd, 0x77, "f58123fa7cf1ef2c417b16a9da38d9b7531ced4c2dfa91fb56f63b2529194c937f5d15c9664c717104bb03d8ad7c4261d40788f7629ee8394f86bd5a91a572dbf01aeb9aea8a44534d510837d912c817e3fdd8b950bfc50f68676d7164f090c510fcb1a0d70322e669f26e032bd985c2aea6ff69dc761f"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x11, 0x7f, [@tim={0x5, 0x3, {0x80, 0x9, 0x1}}, @ssid={0x0, 0x6, @default_ibss_ssid}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x6, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x7f, 0x7, 0x5, 0x9, 0xc5e, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x5, 0x7308, 0x1]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x14, 0xbb, [0x8, 0x7, 0x823, 0x6, 0x1f, 0x0, 0xff, 0x2]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CSA_IES={0x70, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_PRESP={0x16, 0xbb, [0x1, 0xfffb, 0x3f, 0x7f, 0x8, 0x9, 0x934, 0x8001, 0x5]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x5, 0x5, 0x9, 0x100]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0xff, 0x7, 0x200, 0x2, 0x1, 0x6, 0x9cd4]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x18, 0xbb, [0xd3cb, 0x8001, 0xffff, 0x2, 0x7, 0x100, 0x81, 0x8000, 0x3f, 0x200]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0x979f, 0x1, 0x9, 0x7f, 0x9, 0x1, 0x2]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x1, 0x80]}]}, @NL80211_ATTR_CSA_IES={0x5a0, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0xfff8, 0x401, 0x8000, 0x7f, 0x8, 0x1]}, @beacon_params=[@NL80211_ATTR_FTM_RESPONDER={0x3d4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xb2, 0x3, "acc2df72f4ce532afcedc46a9b320c4ca6ddada4023e13c1ba5528d06cbb292c0e4b98a8e2fce9a2fb71db05c07dadfcf90c52f37187f67fa1d88352ea210ec7dca8c0f68e2c29cb03f1034898115b97e2f0a64dab1f77e6b63cc59b0f94ac7c9e96d7061ec6d3547048a57f5149e4eacbc37d4432636eafa5b6b8f88e8be3c713901fa0dedd2f633ce5df93c85deefb34af1d08ad93efa65f95746b4a8a60336dfbc5ea35868b7edd037746a031"}, @NL80211_FTM_RESP_ATTR_LCI={0xa0, 0x2, "7dcff8351bdfaa5fec73af225d03667ca8df83a94aa641fae12381af692fe489c5f7e9291da371b4de291b4318d2a35ebcb7d0eff4c15f9d3f2ff83f19a779c0dc6ffec08658a28cce40798ebbdff1a819d04a6ae73b767a508533fc125280c52c61960c7ae6be14800f909b3632755a3551b1b7fd6676468f3ca2c017255c2d5c4abad84bff095a99cf58fa6bcf8c5008957bf7433ee60183bd317b"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x76, 0x3, "30fd7d06e019284ffa1c0996744fe50ef5ad634274cb651cf8d286a08b388de6852578e9f781a70d41fabb9b3a894ac3d805b6e1f7fece7cb0376b1cd21dce18e4c9704957c7d413ac5f436c91d63322d827b0f8cb5b9b85c82202eb23291fa1bd849d9ff92f8518215cf2e561527fe72062"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0xf1, 0x2, "450d00216ffd3af84c9220d0c13ca076497015ac19ebd03b8bd46861039e4d721bcd2b6202776c70cef16fc711c89b172c6e43fbe0b5e875d708e4488f5167ce106680853faa1e38cbbc0d8f7cbb9b1cd804729c14ad920f81b4c908b3b5864ede9b27e1bf53f9b48c6635bff9c5965018ecd7367ba9c390dedb7d6120b202d7f8e977e060507337a06bdd3dab9b2425459c2cea41707c4c359ba1fab73b768df9d0af028b12e0868f48071e1e496d347688819754eeb7fe550a3b060e8fab1040427add3934e220dc438ce02c126149f8e3e8ba7491f0d830aa8e4fe9b93cf5ab088e647594dbf0470166b8da"}, @NL80211_FTM_RESP_ATTR_LCI={0x32, 0x2, "cd421e4a796903ed1f702a93b6ed96c6195404c4e812b382ec64c606d01ca94ae50102c597e648c6d0edc9ea3465"}, @NL80211_FTM_RESP_ATTR_LCI={0x3a, 0x2, "5b9cbe426327edd4d3fe9aab2fd948179df95d7d37a1ad466a10628a23a63fa15c24f966e8ae0cf94752bab026c73a8c41b97b253c74"}, @NL80211_FTM_RESP_ATTR_LCI={0x25, 0x2, "150ec88cbc2ac4cd9bac11713d1fcd90e8405d9229accb7fdc39b9a1064ed97230"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "965d52c9cbd32163d0b256daa0f96a9c7e2fbe71c786bb511713a955f18bdcd1d2d46f1271c83fb1cd1679d2a21d2950602d7a4ba5b8ef4ed481a0ae88875750750b925e97408c3886b8c43bb89f51570fb5108304d37af561ee9b8eba40d34db425c4399f4bea586cd0d941f9"}]}, @NL80211_ATTR_FTM_RESPONDER={0x190, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x1b, 0x2, "6e17c4c3c658bb63bf895af974568ff34da81153d24198"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x99, 0x3, "1eb5e619933dc8d7d943468b3261c3fd0c0c8d9fc8767c20bb24bec12d86500d759183384a2809cd30bf564f6298f42c2d8b72fe9659026f8dcb813d8c10a1f93f5452db20240132d9d4da4be778157cca031aaf3b01df0417919326d03afa848d0b4a2f925faccd601a1b9290a5d5d1ce7592d552e6c27d4e0ceeb526afba97dc39a1e80f5c74136cb6772bfbeb598da08b2dee2b"}, @NL80211_FTM_RESP_ATTR_LCI={0xaa, 0x2, "da8689f6604f6366928d6972872e845e0f59f2119bbea4c785502a643f6662d5b195bd9536902a0318e6093872580b2e95ba5035a84970a6e0a25f18daf0dc74476c613bc7981b9a5bf8e3bac78840f138a550b147f5b0f8aec2057bc21c62f66acd18060ab59909d187dcf373af84252a4ab020cb8d029da18e252ea00884d29675eb9db8a9159bf2155d516d68bc8a779b1fc841ff6bbf507b6973823733ac76bf8c2cab1a"}, @NL80211_FTM_RESP_ATTR_LCI={0x22, 0x2, "ea82404e6ea152167116e89f38dd22ea9919219aaa39b06349e2b9d4c5cf"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @NL80211_ATTR_CSA_C_OFF_BEACON={0x8, 0xba, [0xfff7, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xc, 0xba, [0x400, 0x4, 0x7, 0xfff]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x7ff, 0x5]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x80b, 0x800, 0x0]}]}]}, 0x1264}, 0x1, 0x0, 0x0, 0x8080}, 0x20000000) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) connect$nfc_raw(r1, &(0x7f0000000200)={0x27, 0x0, 0x1, 0x1}, 0x10) 00:11:45 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async, rerun: 32) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) (async, rerun: 32) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0xc0) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x8, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x400c004}, 0x0) 00:11:45 executing program 0: syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="04d033bb31183fd881454e1899d690a14f58b3f385f01046f2431aaf0e6ffed45d4b5c2ebd47fb97905ff198030e793c741e36affe2831dc6daa860a9c3354e75d43b09792d120b5d6b53116d402f5edeeaed77641f320134bdc3c357cfc5568d09f49655fa83528af1e240845545e18ad5cc0f3dfe631747b528d680812a11fed5fd81a9caea56177a04915c625e82a10bce03b92f63e2f6ca73c6ebcb962e06855404c577b71c6a529025f637c9df436a1d9aa0553d9c99e41d5d95bd1b4f1f067cdbe2997c8ee56d3b69d189c60e8437e386fc13cae313855661570531e8b85755a91f0af490be7e16db0deb60b1b7ddd4f1e6395fb60e5743d189458b67423bb54b94c979f178d07e9a00dd63656554bde198b3831ffa7ddb310bc1fafceacea3af4ee67435d47bd23aa3469847a0086a190a5334964613baa942e8b844077495de9c3"], 0x9) [ 705.916919][ T5943] Bluetooth: Wrong link type (-22) [ 705.918162][ T5943] Bluetooth: hci4: link tx timeout [ 705.919346][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 705.921158][ T5502] Bluetooth: Wrong link type (-22) [ 705.922361][ T5502] Bluetooth: hci4: link tx timeout [ 705.923924][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 705.925640][ T5502] Bluetooth: hci1: Malformed LE Event: 0x0b [ 705.927056][ T5943] Bluetooth: Wrong link type (-22) [ 705.928274][ T5943] Bluetooth: hci4: link tx timeout [ 705.929362][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 705.931054][ T5943] Bluetooth: Wrong link type (-22) [ 705.932170][ T5943] Bluetooth: hci5: link tx timeout [ 705.933492][ T5943] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa [ 705.936388][ T5502] Bluetooth: Wrong link type (-22) [ 705.937534][ T5502] Bluetooth: hci4: link tx timeout [ 705.938682][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 705.941126][ T5943] Bluetooth: Wrong link type (-22) [ 705.942363][ T5943] Bluetooth: hci4: link tx timeout [ 705.943582][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 705.945449][ T5502] Bluetooth: Wrong link type (-22) [ 705.946585][ T5502] Bluetooth: hci4: link tx timeout [ 705.947723][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 705.949455][ T5943] Bluetooth: Wrong link type (-22) [ 705.950626][ T5943] Bluetooth: hci4: link tx timeout [ 705.951721][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 705.953853][ T5943] Bluetooth: Wrong link type (-22) [ 705.955086][ T5943] Bluetooth: hci4: link tx timeout [ 705.956198][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 705.957892][ T5502] Bluetooth: Wrong link type (-22) [ 705.959491][ T5502] Bluetooth: hci4: link tx timeout [ 705.960617][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 705.970464][ T5943] Bluetooth: Wrong link type (-22) [ 705.971747][ T5943] Bluetooth: hci4: link tx timeout 00:11:45 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060ba300ff9cc6bbffffffffff09000000000000be"], 0x14) [ 705.972957][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:45 executing program 4: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000100)={0x7, 0x3, {0xffffffffffffffff}, {0x0}, 0xfffffffffffffffe, 0x1}) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, 0xffffffffffffffff}}, {@aname={'aname', 0x3d, '}*&#&\''}}], [{@permit_directio}, {@smackfstransmute={'smackfstransmute', 0x3d, '-\xad'}}, {@fowner_eq={'fowner', 0x3d, r2}}]}}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) socket$vsock_stream(0x28, 0x1, 0x0) 00:11:45 executing program 5: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="f7dea0"], 0x3) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x2, &(0x7f0000000040)={0x7, &(0x7f0000000100)=[{0x401, 0x72, 0x80, 0x7}, {0x4, 0x0, 0x1, 0x400}, {0x7fff, 0xb3, 0x2, 0x6}, {0x3, 0xae, 0x5, 0x6}, {0x0, 0x81, 0x81, 0x241}, {0x99, 0x9, 0x5, 0x2}, {0x800, 0x6, 0x3, 0x100}]}) sendmsg$NL80211_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x58, 0x0, 0x100, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x79}}}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x33}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x25}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x36}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xc}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x21}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x3c}]}, 0x58}, 0x1, 0x0, 0x0, 0x20040884}, 0x440c0) openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) 00:11:45 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9001008000000"], 0x15) [ 706.048833][ T5502] Bluetooth: hci1: Malformed LE Event: 0x0b 00:11:46 executing program 4: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000100)={0x7, 0x3, {0xffffffffffffffff}, {0x0}, 0xfffffffffffffffe, 0x1}) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, 0xffffffffffffffff}}, {@aname={'aname', 0x3d, '}*&#&\''}}], [{@permit_directio}, {@smackfstransmute={'smackfstransmute', 0x3d, '-\xad'}}, {@fowner_eq={'fowner', 0x3d, r2}}]}}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) socket$vsock_stream(0x28, 0x1, 0x0) 00:11:46 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060ba300ff9cc6bbffffffffff09000000000000be"], 0x14) [ 706.069874][ T5502] Bluetooth: Frame is too long (len 16, expected len 4) [ 706.084522][ T5502] Bluetooth: hci1: Malformed LE Event: 0x0b 00:11:46 executing program 2: 00:11:46 executing program 0: syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="04d033bb31183fd881454e1899d690a14f58b3f385f01046f2431aaf0e6ffed45d4b5c2ebd47fb97905ff198030e793c741e36affe2831dc6daa860a9c3354e75d43b09792d120b5d6b53116d402f5edeeaed77641f320134bdc3c357cfc5568d09f49655fa83528af1e240845545e18ad5cc0f3dfe631747b528d680812a11fed5fd81a9caea56177a04915c625e82a10bce03b92f63e2f6ca73c6ebcb962e06855404c577b71c6a529025f637c9df436a1d9aa0553d9c99e41d5d95bd1b4f1f067cdbe2997c8ee56d3b69d189c60e8437e386fc13cae313855661570531e8b85755a91f0af490be7e16db0deb60b1b7ddd4f1e6395fb60e5743d189458b67423bb54b94c979f178d07e9a00dd63656554bde198b3831ffa7ddb310bc1fafceacea3af4ee67435d47bd23aa3469847a0086a190a5334964613baa942e8b844077495de9c3"], 0x9) 00:11:46 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000180)={0x0, 0x9}) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x60c280, 0x0) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000226bd7000fbdbdf25550000000800010b6a000000"], 0x1c}}, 0x800) socket$inet6(0xa, 0x2, 0x101) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000015c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001580)={&(0x7f0000000300)={0x1264, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CSA_IES={0xc34, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_PROBE_RESP={0x50d, 0x91, "1e899196b82f35f5281a6386a101ad7b5fe8a2577bb8917df5d1440aca1b4074881756e3dc8561dfb89365dc31f7adcdb86916f299236670a6368d8b7349e318aa711eb3d78eb9ee08bc6e2ad8c446d1dfee50438d9e744251fe372d28e44a7a3d403a56370475c9ce1999ae3f8f673b68077c2ca1d0f1a642407b1a6517fc17064fbdc210f5edce36cd64fedf24a52f9f3fcd546512e6ac1aa506fc15f1d26a90573944e9f9b68eea58f892c4f898462fc0f7f1efe515aa4ed057784491c7c40aee8591754bc6b98b3947559b586fb972444eb38f8aebfc59a6caa3ca4e8ef847904bdf836b7d6d974ff639144119de33a382cf5e1504686bd219342151a2b744d78d86b40cdc206f15a9f8258327494f036fda3951f3c866678bb66d987470389e480ffeb9652fd3cb626cf57f6d2f56b20396d6d9c34033539f31a7559f25475ca501ce2136f9d1d724dadb90a1fd23dce6ddb22628f53baf7763f52c47de7a003ec8f3ed2f4abb9673f7f19d88a902d838ca2561e70d2f1d0c1d0b83e4670ed1b9426be634768782f94743198194145a33c6110048f2573bfd50fc7c0198d8e6fc26b0f7ab293413856031fa5a6f15fb9c8be67dfb57d6630da5ad24b4e93112264145a38a593c35a8021f0d09f6e4ccbca269b30a849fd0d225296d5dd8c6bccb7de78fae4f743986b80454e526dd2ad05e06dd054b02bebeddeae90076fa8b72b202ea8804875197cce0a76420162032aad83cf7107732d8867fd4ae36a5a0099a76bbb9db225189dabb32b5d077756189a91caa7547df08685ef0219f04d4dd79c3bf9d4a12c404e1b11b519eaef8d1183eeb19df9417e90399c013bf87b5739f0de71c510f9e361964a3a8a7c71d57b980856b251b00a03d13311210c159bc14508740a0a194f93e15b8509dd025c35366d157dbad150d6d9027322b05320d0b54cbee51aec566d614424ee186292a8ac5253afd286b40ae457b7598b04f51d4905c47c9706f114c3515601cf1ad3ec812364acc9ab8500d191b251045a28ecd975782405203cfb14ace9cfc189410318fcd3cc8f47b359baad7be757d176eba58bd6befa4fb5183d6832f3037f27d62981795d6d4decadb5da76b6e0e9cb1a8f69ef58249bf8774deee8d207bf353982462b71281ecf553294a2afc60c354e4f4278942c43d181daa77ce554286a43c8ec828091c2cf9253353d295763b7f85241b0c88f53d0f0f86c00963c3f790adf100b083b89b54a3b2d914e0460f2c5673e6b53ef07d6c96bd806068c2c4f092ed13c774f340c5a094b5dd97f9762691759cca28b2d1efe8fe32255608ec10bf317dc1290026295b025c21c8e1c4f11e77f46ff6939c62314bcd247771e81a7735786976e67d8d1cd01a7c6eedabf0aaae46add24e93ff94279bb0396a7868a0cde04ad97b4f53cb2e4b6675e314bbc1293bf770db7adb66960546d4711aa2553854144253b1a1ffa78a6c60435e34c3052371d10c7ce1e9e9679d4f3bca3e1b5b002395531ce4b0e13bc754dc47703b28d3b12c4b07a5faa80f70072731225bc2fa738c01831b0306abeec9e1b439a62716ccaf5bb4f8d9cc9773e9b6a8e657c21b2b83bacec38ee334f7ae04cc910768aadbd3d4427510d567a98c56a899d5731d5cfc1ef9e6cb86de1f643da03eb4518b5dda38f82277bce5548b90ca8f657d8e7c5e3f9cd589a811f2ac0b7c8c1da74ecfd0c836408dffaa04e9e6397e72a3e31a8bf634d975625edee6d12dfc6afe76180b0be0bca3d420b74d94b1fe567b05215ae75b0190bb59c7b66c7883bd6cbc32f99f"}, @NL80211_ATTR_IE_ASSOC_RESP={0x149, 0x80, [@ext_channel_switch={0x3c, 0x4, {0x0, 0xf1, 0xa9, 0x5a}}, @random_vendor={0xdd, 0x72, "1407a75e0e812646fa50ef0b895c8afb050e78e3f1c998d673de41759822ce2e7f7d38dfe9ec780008649ba5a781a34fd16684ee1e96ec7a182ee917875206f18636dc25bc5f16d1bebceda18e258f5581370682856751dcf5b79e75434242a27d715572a25865b66920bd5dc0ca959f5a00"}, @perr={0x84, 0xc9, {0x3, 0xd, [@not_ext={{}, @device_b, 0x9, "", 0x1f}, @ext={{}, @device_a, 0x5, @broadcast, 0x19}, @not_ext={{}, @device_a, 0x7, "", 0x35}, @not_ext={{}, @device_b, 0x4, "", 0x37}, @not_ext={{}, @device_a, 0x5, "", 0x2c}, @ext={{}, @device_b, 0x8}, @not_ext={{}, @device_a, 0x1, "", 0x16}, @not_ext={{}, @device_b, 0x95, "", 0x30}, @ext={{}, @broadcast, 0x10000000, @device_a, 0x15}, @ext={{}, @broadcast, 0x6, @device_b, 0x30}, @not_ext={{}, @device_b, 0x9, "", 0x3e}, @ext={{}, @broadcast, 0x30, @device_b, 0x2a}, @not_ext={{}, @device_b, 0x8, "", 0x2e}]}}]}, @NL80211_ATTR_IE={0x28, 0x2a, [@prep={0x83, 0x1f, @not_ext={{}, 0x6, 0x85, @device_b, 0x6, "", 0x3f, 0x4, @device_a, 0x9}}, @dsss={0x3, 0x1, 0xad}]}, @NL80211_ATTR_FTM_RESPONDER={0xd0, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xa, 0x3, "4f87708961a4"}, @NL80211_FTM_RESP_ATTR_LCI={0x23, 0x2, "1515248804e34829f02efe0beaed3e783173ad6612cfad0dd1405fde8e9041"}, @NL80211_FTM_RESP_ATTR_LCI={0x95, 0x2, "28fa2ba5cae12cb0590f9fe1f292e8030fb4554003f02e517515280442e8751075dba123036e483d36ac3d497b5321c0016ea46d70015fed11b48dbb4b2f9ae0030afeae695f563dd2c9182b482f02cffa8fe0500095b4b0d2cdec543bdba9399ac32602e4bee255efa8de0b460755a7dbaf02099aa019ac0b5d6bb45bdf16d722e9b6579fe955fc79a7d2912992249406"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_BEACON_HEAD={0x48f, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x7b47}, @device_a, @broadcast, @from_mac=@device_b, {0x4, 0x5}}, @ver_80211n={0x0, 0x81, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x1, @random=0x6, 0x0, @void, @void, @val={0x3, 0x1, 0x70}, @void, @void, @val={0x5, 0x8b, {0xff, 0x3b, 0xd7, "771a8171a7aa7613e61fb5f18a0b55a85521c412cdb1760558cc07a24918e040bd1c5ca99f8569315875adb838d4926aca4352bd505e14113ed8215a281c9aeab3ca2caa74996e9715fac6270085cf72d3660f3b07a859a3c6897b47ed09832edfdfa0dc8dbb2d0f3094955104081cd620dd121a2cbeb6842155a99ae96040dbefe2bd94d0c700ed"}}, @void, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x6, 0x74, 0x6}}, @val={0x2d, 0x1a, {0x4008, 0x3, 0x3, 0x0, {0x6842, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2}, 0x400, 0x0, 0x1f}}, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0xffffffffffffffff, 0x7, 0x69}}, @void, [{0xdd, 0x92, "0f7e5c9edae21ba1bf9c9eb07f8a0b3b02a1a9d3e01ba345e745f1d4f6e7497db69177f42f3fccb1901a77783eca74985c03b78536771ae4e444eafeb42325a329cab14170a4939061bc1b3cc9462cb665df9dd67344778498d637fe62fa745a73c698be7abbf3665e3584753de84d6d3a6a9b7b3c27ffd6782a255baa7860dac4bb79312a1d3c86fabd3ee2b9ddaaf0a7fe"}, {0xdd, 0xc9, "396b0de70791d88504b3b5d0b06720b09237bf48ad2140f25e13fd8603fc7614cf7849f7c474359f2a006999eaf37ac505cc42630bdf6b7b4db24c19dd9a84232e738bd7f9a334b92eb5e56a236c1041fced2da412447cae3d1ca94572a8fea4a2f8aad29e04cfd4510bb8bb0b4febbcce7ea46ae6decc86c30bdd9fe40ed4b85b53c34c36b085d0347c96465849fef4a52e70f75e4a4aa1fd8a939597d234108ce96c36fa4bd0edeb83ad6dee6d81c988356a43f85628d7d57e4dbfc4b5640b9c4e0729d05331378f"}, {0xdd, 0x4b, "3552703c827f7f2cf17afe87dd416164f7f4789d1a9781218b44b409d23a51755641bc584e422b942eaf47b153124a3b04976813e8b20c4dfbabdbd5d57f638b99b27172ad29633aa06236"}, {0xdd, 0xbf, "7844f48a09680a93008f620bf3b63dafc7406255cf7a71a0d0dd29dcc70173799c3236cc6bec070d7b218dcdc778c708fe39c82ed48a7bf229770fd470cc021a2a35342b9434780e98d6d91f08981fa591c0a62621054c83996fe90b1a334ac634b7aac8a02059fed05db33b3f5f556b6166705ef486f01af5890cc2e8f4f4cdb54b42dbf15f00567fb6da47fd0980d4daea80b872d1bb79d36d35e7b1cdf4c13611e84aba79bd34025a82fffa4eb4058ecc1c628f46273e0ea3c781d3bb43"}, {0xdd, 0x17, "e508338be0c867c41ec670e6d15af8f3dbeb24b76acc28"}, {0xdd, 0xa4, "827f7e6b96552cdc7734723326707f2c636bd6f73c15ec45070ca67814c969377521018be442286f25b6ea31c13a729fc5301a5f3d3eddb305c45c70f23513d748dc03aaea32dcde92f6794718fb03858740624e3d58ab67f689298d08395f6f87a522b7b0fc4918460df689da3008e8597480b8ebda9c55db266c385745f7191266ac1c2c94bc1d3bf07e957a5ee41faa4434b4601faa248da6ed9b62db3c1fb78c11a1"}, {0xdd, 0x77, "f58123fa7cf1ef2c417b16a9da38d9b7531ced4c2dfa91fb56f63b2529194c937f5d15c9664c717104bb03d8ad7c4261d40788f7629ee8394f86bd5a91a572dbf01aeb9aea8a44534d510837d912c817e3fdd8b950bfc50f68676d7164f090c510fcb1a0d70322e669f26e032bd985c2aea6ff69dc761f"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x11, 0x7f, [@tim={0x5, 0x3, {0x80, 0x9, 0x1}}, @ssid={0x0, 0x6, @default_ibss_ssid}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x6, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x7f, 0x7, 0x5, 0x9, 0xc5e, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x5, 0x7308, 0x1]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x14, 0xbb, [0x8, 0x7, 0x823, 0x6, 0x1f, 0x0, 0xff, 0x2]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CSA_IES={0x70, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_PRESP={0x16, 0xbb, [0x1, 0xfffb, 0x3f, 0x7f, 0x8, 0x9, 0x934, 0x8001, 0x5]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x5, 0x5, 0x9, 0x100]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0xff, 0x7, 0x200, 0x2, 0x1, 0x6, 0x9cd4]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x18, 0xbb, [0xd3cb, 0x8001, 0xffff, 0x2, 0x7, 0x100, 0x81, 0x8000, 0x3f, 0x200]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0x979f, 0x1, 0x9, 0x7f, 0x9, 0x1, 0x2]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x1, 0x80]}]}, @NL80211_ATTR_CSA_IES={0x5a0, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0xfff8, 0x401, 0x8000, 0x7f, 0x8, 0x1]}, @beacon_params=[@NL80211_ATTR_FTM_RESPONDER={0x3d4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xb2, 0x3, "acc2df72f4ce532afcedc46a9b320c4ca6ddada4023e13c1ba5528d06cbb292c0e4b98a8e2fce9a2fb71db05c07dadfcf90c52f37187f67fa1d88352ea210ec7dca8c0f68e2c29cb03f1034898115b97e2f0a64dab1f77e6b63cc59b0f94ac7c9e96d7061ec6d3547048a57f5149e4eacbc37d4432636eafa5b6b8f88e8be3c713901fa0dedd2f633ce5df93c85deefb34af1d08ad93efa65f95746b4a8a60336dfbc5ea35868b7edd037746a031"}, @NL80211_FTM_RESP_ATTR_LCI={0xa0, 0x2, "7dcff8351bdfaa5fec73af225d03667ca8df83a94aa641fae12381af692fe489c5f7e9291da371b4de291b4318d2a35ebcb7d0eff4c15f9d3f2ff83f19a779c0dc6ffec08658a28cce40798ebbdff1a819d04a6ae73b767a508533fc125280c52c61960c7ae6be14800f909b3632755a3551b1b7fd6676468f3ca2c017255c2d5c4abad84bff095a99cf58fa6bcf8c5008957bf7433ee60183bd317b"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x76, 0x3, "30fd7d06e019284ffa1c0996744fe50ef5ad634274cb651cf8d286a08b388de6852578e9f781a70d41fabb9b3a894ac3d805b6e1f7fece7cb0376b1cd21dce18e4c9704957c7d413ac5f436c91d63322d827b0f8cb5b9b85c82202eb23291fa1bd849d9ff92f8518215cf2e561527fe72062"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0xf1, 0x2, "450d00216ffd3af84c9220d0c13ca076497015ac19ebd03b8bd46861039e4d721bcd2b6202776c70cef16fc711c89b172c6e43fbe0b5e875d708e4488f5167ce106680853faa1e38cbbc0d8f7cbb9b1cd804729c14ad920f81b4c908b3b5864ede9b27e1bf53f9b48c6635bff9c5965018ecd7367ba9c390dedb7d6120b202d7f8e977e060507337a06bdd3dab9b2425459c2cea41707c4c359ba1fab73b768df9d0af028b12e0868f48071e1e496d347688819754eeb7fe550a3b060e8fab1040427add3934e220dc438ce02c126149f8e3e8ba7491f0d830aa8e4fe9b93cf5ab088e647594dbf0470166b8da"}, @NL80211_FTM_RESP_ATTR_LCI={0x32, 0x2, "cd421e4a796903ed1f702a93b6ed96c6195404c4e812b382ec64c606d01ca94ae50102c597e648c6d0edc9ea3465"}, @NL80211_FTM_RESP_ATTR_LCI={0x3a, 0x2, "5b9cbe426327edd4d3fe9aab2fd948179df95d7d37a1ad466a10628a23a63fa15c24f966e8ae0cf94752bab026c73a8c41b97b253c74"}, @NL80211_FTM_RESP_ATTR_LCI={0x25, 0x2, "150ec88cbc2ac4cd9bac11713d1fcd90e8405d9229accb7fdc39b9a1064ed97230"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "965d52c9cbd32163d0b256daa0f96a9c7e2fbe71c786bb511713a955f18bdcd1d2d46f1271c83fb1cd1679d2a21d2950602d7a4ba5b8ef4ed481a0ae88875750750b925e97408c3886b8c43bb89f51570fb5108304d37af561ee9b8eba40d34db425c4399f4bea586cd0d941f9"}]}, @NL80211_ATTR_FTM_RESPONDER={0x190, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x1b, 0x2, "6e17c4c3c658bb63bf895af974568ff34da81153d24198"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x99, 0x3, "1eb5e619933dc8d7d943468b3261c3fd0c0c8d9fc8767c20bb24bec12d86500d759183384a2809cd30bf564f6298f42c2d8b72fe9659026f8dcb813d8c10a1f93f5452db20240132d9d4da4be778157cca031aaf3b01df0417919326d03afa848d0b4a2f925faccd601a1b9290a5d5d1ce7592d552e6c27d4e0ceeb526afba97dc39a1e80f5c74136cb6772bfbeb598da08b2dee2b"}, @NL80211_FTM_RESP_ATTR_LCI={0xaa, 0x2, "da8689f6604f6366928d6972872e845e0f59f2119bbea4c785502a643f6662d5b195bd9536902a0318e6093872580b2e95ba5035a84970a6e0a25f18daf0dc74476c613bc7981b9a5bf8e3bac78840f138a550b147f5b0f8aec2057bc21c62f66acd18060ab59909d187dcf373af84252a4ab020cb8d029da18e252ea00884d29675eb9db8a9159bf2155d516d68bc8a779b1fc841ff6bbf507b6973823733ac76bf8c2cab1a"}, @NL80211_FTM_RESP_ATTR_LCI={0x22, 0x2, "ea82404e6ea152167116e89f38dd22ea9919219aaa39b06349e2b9d4c5cf"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @NL80211_ATTR_CSA_C_OFF_BEACON={0x8, 0xba, [0xfff7, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xc, 0xba, [0x400, 0x4, 0x7, 0xfff]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x7ff, 0x5]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x80b, 0x800, 0x0]}]}]}, 0x1264}, 0x1, 0x0, 0x0, 0x8080}, 0x20000000) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) connect$nfc_raw(r1, &(0x7f0000000200)={0x27, 0x0, 0x1, 0x1}, 0x10) 00:11:46 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9001008000000"], 0x15) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9001008000000"], 0x15) (async) 00:11:46 executing program 2: 00:11:46 executing program 5: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060ba300ff9cc6bbffffffffff09000000000000be"], 0x14) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000040)={0x0, 0x0, r1}) [ 706.170992][ T5502] Bluetooth: Frame is too long (len 16, expected len 4) [ 706.173544][ T5502] Bluetooth: Frame is too long (len 16, expected len 4) [ 706.180002][ T5502] Bluetooth: Wrong link type (-22) [ 706.181315][ T5502] Bluetooth: hci5: link tx timeout [ 706.182432][ T5502] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa [ 706.185902][ T5502] Bluetooth: hci3: Malformed LE Event: 0x0b 00:11:46 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9001008000000"], 0x15) 00:11:46 executing program 4: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000100)={0x7, 0x3, {0xffffffffffffffff}, {0x0}, 0xfffffffffffffffe, 0x1}) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, 0xffffffffffffffff}}, {@aname={'aname', 0x3d, '}*&#&\''}}], [{@permit_directio}, {@smackfstransmute={'smackfstransmute', 0x3d, '-\xad'}}, {@fowner_eq={'fowner', 0x3d, r2}}]}}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) socket$vsock_stream(0x28, 0x1, 0x0) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000100)={0x7, 0x3, {0xffffffffffffffff}, {}, 0xfffffffffffffffe, 0x1}) (async) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, 0xffffffffffffffff}}, {@aname={'aname', 0x3d, '}*&#&\''}}], [{@permit_directio}, {@smackfstransmute={'smackfstransmute', 0x3d, '-\xad'}}, {@fowner_eq={'fowner', 0x3d, r2}}]}}) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) (async) socket$vsock_stream(0x28, 0x1, 0x0) (async) 00:11:46 executing program 2: 00:11:46 executing program 5: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0xf7, 0xc9, 0xc9, 0x6}}}, 0x8) 00:11:46 executing program 0: syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="04d033bb31183fd881454e1899d690a14f58b3f385f01046f2431aaf0e6ffed45d4b5c2ebd47fb97905ff198030e793c741e36affe2831dc6daa860a9c3354e75d43b09792d120b5d6b53116d402f5edeeaed77641f320134bdc3c357cfc5568d09f49655fa83528af1e240845545e18ad5cc0f3dfe631747b528d680812a11fed5fd81a9caea56177a04915c625e82a10bce03b92f63e2f6ca73c6ebcb962e06855404c577b71c6a529025f637c9df436a1d9aa0553d9c99e41d5d95bd1b4f1f067cdbe2997c8ee56d3b69d189c60e8437e386fc13cae313855661570531e8b85755a91f0af490be7e16db0deb60b1b7ddd4f1e6395fb60e5743d189458b67423bb54b94c979f178d07e9a00dd63656554bde198b3831ffa7ddb310bc1fafceacea3af4ee67435d47bd23aa3469847a0086a190a5334964613baa942e8b844077495de9c3"], 0x9) [ 706.268240][ T5502] Bluetooth: Frame is too long (len 16, expected len 4) 00:11:46 executing program 2: syz_emit_vhci(0x0, 0x14) 00:11:46 executing program 3: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c90010000c000500170808224010a6fd4e7fa169eeca1120ff0bc8000000000000000000"], 0x15) 00:11:46 executing program 2: syz_emit_vhci(0x0, 0x14) 00:11:46 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000180)={0x0, 0x9}) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x60c280, 0x0) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000226bd7000fbdbdf25550000000800010b6a000000"], 0x1c}}, 0x800) socket$inet6(0xa, 0x2, 0x101) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000015c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001580)={&(0x7f0000000300)={0x1264, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CSA_IES={0xc34, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_PROBE_RESP={0x50d, 0x91, "1e899196b82f35f5281a6386a101ad7b5fe8a2577bb8917df5d1440aca1b4074881756e3dc8561dfb89365dc31f7adcdb86916f299236670a6368d8b7349e318aa711eb3d78eb9ee08bc6e2ad8c446d1dfee50438d9e744251fe372d28e44a7a3d403a56370475c9ce1999ae3f8f673b68077c2ca1d0f1a642407b1a6517fc17064fbdc210f5edce36cd64fedf24a52f9f3fcd546512e6ac1aa506fc15f1d26a90573944e9f9b68eea58f892c4f898462fc0f7f1efe515aa4ed057784491c7c40aee8591754bc6b98b3947559b586fb972444eb38f8aebfc59a6caa3ca4e8ef847904bdf836b7d6d974ff639144119de33a382cf5e1504686bd219342151a2b744d78d86b40cdc206f15a9f8258327494f036fda3951f3c866678bb66d987470389e480ffeb9652fd3cb626cf57f6d2f56b20396d6d9c34033539f31a7559f25475ca501ce2136f9d1d724dadb90a1fd23dce6ddb22628f53baf7763f52c47de7a003ec8f3ed2f4abb9673f7f19d88a902d838ca2561e70d2f1d0c1d0b83e4670ed1b9426be634768782f94743198194145a33c6110048f2573bfd50fc7c0198d8e6fc26b0f7ab293413856031fa5a6f15fb9c8be67dfb57d6630da5ad24b4e93112264145a38a593c35a8021f0d09f6e4ccbca269b30a849fd0d225296d5dd8c6bccb7de78fae4f743986b80454e526dd2ad05e06dd054b02bebeddeae90076fa8b72b202ea8804875197cce0a76420162032aad83cf7107732d8867fd4ae36a5a0099a76bbb9db225189dabb32b5d077756189a91caa7547df08685ef0219f04d4dd79c3bf9d4a12c404e1b11b519eaef8d1183eeb19df9417e90399c013bf87b5739f0de71c510f9e361964a3a8a7c71d57b980856b251b00a03d13311210c159bc14508740a0a194f93e15b8509dd025c35366d157dbad150d6d9027322b05320d0b54cbee51aec566d614424ee186292a8ac5253afd286b40ae457b7598b04f51d4905c47c9706f114c3515601cf1ad3ec812364acc9ab8500d191b251045a28ecd975782405203cfb14ace9cfc189410318fcd3cc8f47b359baad7be757d176eba58bd6befa4fb5183d6832f3037f27d62981795d6d4decadb5da76b6e0e9cb1a8f69ef58249bf8774deee8d207bf353982462b71281ecf553294a2afc60c354e4f4278942c43d181daa77ce554286a43c8ec828091c2cf9253353d295763b7f85241b0c88f53d0f0f86c00963c3f790adf100b083b89b54a3b2d914e0460f2c5673e6b53ef07d6c96bd806068c2c4f092ed13c774f340c5a094b5dd97f9762691759cca28b2d1efe8fe32255608ec10bf317dc1290026295b025c21c8e1c4f11e77f46ff6939c62314bcd247771e81a7735786976e67d8d1cd01a7c6eedabf0aaae46add24e93ff94279bb0396a7868a0cde04ad97b4f53cb2e4b6675e314bbc1293bf770db7adb66960546d4711aa2553854144253b1a1ffa78a6c60435e34c3052371d10c7ce1e9e9679d4f3bca3e1b5b002395531ce4b0e13bc754dc47703b28d3b12c4b07a5faa80f70072731225bc2fa738c01831b0306abeec9e1b439a62716ccaf5bb4f8d9cc9773e9b6a8e657c21b2b83bacec38ee334f7ae04cc910768aadbd3d4427510d567a98c56a899d5731d5cfc1ef9e6cb86de1f643da03eb4518b5dda38f82277bce5548b90ca8f657d8e7c5e3f9cd589a811f2ac0b7c8c1da74ecfd0c836408dffaa04e9e6397e72a3e31a8bf634d975625edee6d12dfc6afe76180b0be0bca3d420b74d94b1fe567b05215ae75b0190bb59c7b66c7883bd6cbc32f99f"}, @NL80211_ATTR_IE_ASSOC_RESP={0x149, 0x80, [@ext_channel_switch={0x3c, 0x4, {0x0, 0xf1, 0xa9, 0x5a}}, @random_vendor={0xdd, 0x72, "1407a75e0e812646fa50ef0b895c8afb050e78e3f1c998d673de41759822ce2e7f7d38dfe9ec780008649ba5a781a34fd16684ee1e96ec7a182ee917875206f18636dc25bc5f16d1bebceda18e258f5581370682856751dcf5b79e75434242a27d715572a25865b66920bd5dc0ca959f5a00"}, @perr={0x84, 0xc9, {0x3, 0xd, [@not_ext={{}, @device_b, 0x9, "", 0x1f}, @ext={{}, @device_a, 0x5, @broadcast, 0x19}, @not_ext={{}, @device_a, 0x7, "", 0x35}, @not_ext={{}, @device_b, 0x4, "", 0x37}, @not_ext={{}, @device_a, 0x5, "", 0x2c}, @ext={{}, @device_b, 0x8}, @not_ext={{}, @device_a, 0x1, "", 0x16}, @not_ext={{}, @device_b, 0x95, "", 0x30}, @ext={{}, @broadcast, 0x10000000, @device_a, 0x15}, @ext={{}, @broadcast, 0x6, @device_b, 0x30}, @not_ext={{}, @device_b, 0x9, "", 0x3e}, @ext={{}, @broadcast, 0x30, @device_b, 0x2a}, @not_ext={{}, @device_b, 0x8, "", 0x2e}]}}]}, @NL80211_ATTR_IE={0x28, 0x2a, [@prep={0x83, 0x1f, @not_ext={{}, 0x6, 0x85, @device_b, 0x6, "", 0x3f, 0x4, @device_a, 0x9}}, @dsss={0x3, 0x1, 0xad}]}, @NL80211_ATTR_FTM_RESPONDER={0xd0, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xa, 0x3, "4f87708961a4"}, @NL80211_FTM_RESP_ATTR_LCI={0x23, 0x2, "1515248804e34829f02efe0beaed3e783173ad6612cfad0dd1405fde8e9041"}, @NL80211_FTM_RESP_ATTR_LCI={0x95, 0x2, "28fa2ba5cae12cb0590f9fe1f292e8030fb4554003f02e517515280442e8751075dba123036e483d36ac3d497b5321c0016ea46d70015fed11b48dbb4b2f9ae0030afeae695f563dd2c9182b482f02cffa8fe0500095b4b0d2cdec543bdba9399ac32602e4bee255efa8de0b460755a7dbaf02099aa019ac0b5d6bb45bdf16d722e9b6579fe955fc79a7d2912992249406"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_BEACON_HEAD={0x48f, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x7b47}, @device_a, @broadcast, @from_mac=@device_b, {0x4, 0x5}}, @ver_80211n={0x0, 0x81, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x1, @random=0x6, 0x0, @void, @void, @val={0x3, 0x1, 0x70}, @void, @void, @val={0x5, 0x8b, {0xff, 0x3b, 0xd7, "771a8171a7aa7613e61fb5f18a0b55a85521c412cdb1760558cc07a24918e040bd1c5ca99f8569315875adb838d4926aca4352bd505e14113ed8215a281c9aeab3ca2caa74996e9715fac6270085cf72d3660f3b07a859a3c6897b47ed09832edfdfa0dc8dbb2d0f3094955104081cd620dd121a2cbeb6842155a99ae96040dbefe2bd94d0c700ed"}}, @void, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x6, 0x74, 0x6}}, @val={0x2d, 0x1a, {0x4008, 0x3, 0x3, 0x0, {0x6842, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2}, 0x400, 0x0, 0x1f}}, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0xffffffffffffffff, 0x7, 0x69}}, @void, [{0xdd, 0x92, "0f7e5c9edae21ba1bf9c9eb07f8a0b3b02a1a9d3e01ba345e745f1d4f6e7497db69177f42f3fccb1901a77783eca74985c03b78536771ae4e444eafeb42325a329cab14170a4939061bc1b3cc9462cb665df9dd67344778498d637fe62fa745a73c698be7abbf3665e3584753de84d6d3a6a9b7b3c27ffd6782a255baa7860dac4bb79312a1d3c86fabd3ee2b9ddaaf0a7fe"}, {0xdd, 0xc9, "396b0de70791d88504b3b5d0b06720b09237bf48ad2140f25e13fd8603fc7614cf7849f7c474359f2a006999eaf37ac505cc42630bdf6b7b4db24c19dd9a84232e738bd7f9a334b92eb5e56a236c1041fced2da412447cae3d1ca94572a8fea4a2f8aad29e04cfd4510bb8bb0b4febbcce7ea46ae6decc86c30bdd9fe40ed4b85b53c34c36b085d0347c96465849fef4a52e70f75e4a4aa1fd8a939597d234108ce96c36fa4bd0edeb83ad6dee6d81c988356a43f85628d7d57e4dbfc4b5640b9c4e0729d05331378f"}, {0xdd, 0x4b, "3552703c827f7f2cf17afe87dd416164f7f4789d1a9781218b44b409d23a51755641bc584e422b942eaf47b153124a3b04976813e8b20c4dfbabdbd5d57f638b99b27172ad29633aa06236"}, {0xdd, 0xbf, "7844f48a09680a93008f620bf3b63dafc7406255cf7a71a0d0dd29dcc70173799c3236cc6bec070d7b218dcdc778c708fe39c82ed48a7bf229770fd470cc021a2a35342b9434780e98d6d91f08981fa591c0a62621054c83996fe90b1a334ac634b7aac8a02059fed05db33b3f5f556b6166705ef486f01af5890cc2e8f4f4cdb54b42dbf15f00567fb6da47fd0980d4daea80b872d1bb79d36d35e7b1cdf4c13611e84aba79bd34025a82fffa4eb4058ecc1c628f46273e0ea3c781d3bb43"}, {0xdd, 0x17, "e508338be0c867c41ec670e6d15af8f3dbeb24b76acc28"}, {0xdd, 0xa4, "827f7e6b96552cdc7734723326707f2c636bd6f73c15ec45070ca67814c969377521018be442286f25b6ea31c13a729fc5301a5f3d3eddb305c45c70f23513d748dc03aaea32dcde92f6794718fb03858740624e3d58ab67f689298d08395f6f87a522b7b0fc4918460df689da3008e8597480b8ebda9c55db266c385745f7191266ac1c2c94bc1d3bf07e957a5ee41faa4434b4601faa248da6ed9b62db3c1fb78c11a1"}, {0xdd, 0x77, "f58123fa7cf1ef2c417b16a9da38d9b7531ced4c2dfa91fb56f63b2529194c937f5d15c9664c717104bb03d8ad7c4261d40788f7629ee8394f86bd5a91a572dbf01aeb9aea8a44534d510837d912c817e3fdd8b950bfc50f68676d7164f090c510fcb1a0d70322e669f26e032bd985c2aea6ff69dc761f"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x11, 0x7f, [@tim={0x5, 0x3, {0x80, 0x9, 0x1}}, @ssid={0x0, 0x6, @default_ibss_ssid}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x6, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x7f, 0x7, 0x5, 0x9, 0xc5e, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x5, 0x7308, 0x1]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x14, 0xbb, [0x8, 0x7, 0x823, 0x6, 0x1f, 0x0, 0xff, 0x2]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CSA_IES={0x70, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_PRESP={0x16, 0xbb, [0x1, 0xfffb, 0x3f, 0x7f, 0x8, 0x9, 0x934, 0x8001, 0x5]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x5, 0x5, 0x9, 0x100]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0xff, 0x7, 0x200, 0x2, 0x1, 0x6, 0x9cd4]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x18, 0xbb, [0xd3cb, 0x8001, 0xffff, 0x2, 0x7, 0x100, 0x81, 0x8000, 0x3f, 0x200]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0x979f, 0x1, 0x9, 0x7f, 0x9, 0x1, 0x2]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x1, 0x80]}]}, @NL80211_ATTR_CSA_IES={0x5a0, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0xfff8, 0x401, 0x8000, 0x7f, 0x8, 0x1]}, @beacon_params=[@NL80211_ATTR_FTM_RESPONDER={0x3d4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xb2, 0x3, "acc2df72f4ce532afcedc46a9b320c4ca6ddada4023e13c1ba5528d06cbb292c0e4b98a8e2fce9a2fb71db05c07dadfcf90c52f37187f67fa1d88352ea210ec7dca8c0f68e2c29cb03f1034898115b97e2f0a64dab1f77e6b63cc59b0f94ac7c9e96d7061ec6d3547048a57f5149e4eacbc37d4432636eafa5b6b8f88e8be3c713901fa0dedd2f633ce5df93c85deefb34af1d08ad93efa65f95746b4a8a60336dfbc5ea35868b7edd037746a031"}, @NL80211_FTM_RESP_ATTR_LCI={0xa0, 0x2, "7dcff8351bdfaa5fec73af225d03667ca8df83a94aa641fae12381af692fe489c5f7e9291da371b4de291b4318d2a35ebcb7d0eff4c15f9d3f2ff83f19a779c0dc6ffec08658a28cce40798ebbdff1a819d04a6ae73b767a508533fc125280c52c61960c7ae6be14800f909b3632755a3551b1b7fd6676468f3ca2c017255c2d5c4abad84bff095a99cf58fa6bcf8c5008957bf7433ee60183bd317b"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x76, 0x3, "30fd7d06e019284ffa1c0996744fe50ef5ad634274cb651cf8d286a08b388de6852578e9f781a70d41fabb9b3a894ac3d805b6e1f7fece7cb0376b1cd21dce18e4c9704957c7d413ac5f436c91d63322d827b0f8cb5b9b85c82202eb23291fa1bd849d9ff92f8518215cf2e561527fe72062"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0xf1, 0x2, "450d00216ffd3af84c9220d0c13ca076497015ac19ebd03b8bd46861039e4d721bcd2b6202776c70cef16fc711c89b172c6e43fbe0b5e875d708e4488f5167ce106680853faa1e38cbbc0d8f7cbb9b1cd804729c14ad920f81b4c908b3b5864ede9b27e1bf53f9b48c6635bff9c5965018ecd7367ba9c390dedb7d6120b202d7f8e977e060507337a06bdd3dab9b2425459c2cea41707c4c359ba1fab73b768df9d0af028b12e0868f48071e1e496d347688819754eeb7fe550a3b060e8fab1040427add3934e220dc438ce02c126149f8e3e8ba7491f0d830aa8e4fe9b93cf5ab088e647594dbf0470166b8da"}, @NL80211_FTM_RESP_ATTR_LCI={0x32, 0x2, "cd421e4a796903ed1f702a93b6ed96c6195404c4e812b382ec64c606d01ca94ae50102c597e648c6d0edc9ea3465"}, @NL80211_FTM_RESP_ATTR_LCI={0x3a, 0x2, "5b9cbe426327edd4d3fe9aab2fd948179df95d7d37a1ad466a10628a23a63fa15c24f966e8ae0cf94752bab026c73a8c41b97b253c74"}, @NL80211_FTM_RESP_ATTR_LCI={0x25, 0x2, "150ec88cbc2ac4cd9bac11713d1fcd90e8405d9229accb7fdc39b9a1064ed97230"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "965d52c9cbd32163d0b256daa0f96a9c7e2fbe71c786bb511713a955f18bdcd1d2d46f1271c83fb1cd1679d2a21d2950602d7a4ba5b8ef4ed481a0ae88875750750b925e97408c3886b8c43bb89f51570fb5108304d37af561ee9b8eba40d34db425c4399f4bea586cd0d941f9"}]}, @NL80211_ATTR_FTM_RESPONDER={0x190, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x1b, 0x2, "6e17c4c3c658bb63bf895af974568ff34da81153d24198"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x99, 0x3, "1eb5e619933dc8d7d943468b3261c3fd0c0c8d9fc8767c20bb24bec12d86500d759183384a2809cd30bf564f6298f42c2d8b72fe9659026f8dcb813d8c10a1f93f5452db20240132d9d4da4be778157cca031aaf3b01df0417919326d03afa848d0b4a2f925faccd601a1b9290a5d5d1ce7592d552e6c27d4e0ceeb526afba97dc39a1e80f5c74136cb6772bfbeb598da08b2dee2b"}, @NL80211_FTM_RESP_ATTR_LCI={0xaa, 0x2, "da8689f6604f6366928d6972872e845e0f59f2119bbea4c785502a643f6662d5b195bd9536902a0318e6093872580b2e95ba5035a84970a6e0a25f18daf0dc74476c613bc7981b9a5bf8e3bac78840f138a550b147f5b0f8aec2057bc21c62f66acd18060ab59909d187dcf373af84252a4ab020cb8d029da18e252ea00884d29675eb9db8a9159bf2155d516d68bc8a779b1fc841ff6bbf507b6973823733ac76bf8c2cab1a"}, @NL80211_FTM_RESP_ATTR_LCI={0x22, 0x2, "ea82404e6ea152167116e89f38dd22ea9919219aaa39b06349e2b9d4c5cf"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @NL80211_ATTR_CSA_C_OFF_BEACON={0x8, 0xba, [0xfff7, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xc, 0xba, [0x400, 0x4, 0x7, 0xfff]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x7ff, 0x5]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x80b, 0x800, 0x0]}]}]}, 0x1264}, 0x1, 0x0, 0x0, 0x8080}, 0x20000000) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) connect$nfc_raw(r1, &(0x7f0000000200)={0x27, 0x0, 0x1, 0x1}, 0x10) 00:11:46 executing program 5: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0xf7, 0xc9, 0xc9, 0x6}}}, 0x8) 00:11:46 executing program 0: syz_emit_vhci(&(0x7f0000000280)=ANY=[], 0x9) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000000)={0x3, "869d44423cbeddf9032a9946f5536413b37c3da0a389fca3ab52e8b686af917f", 0xffffffffffffffff}) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) ioctl$SYNC_IOC_MERGE(r0, 0xc0303e03, &(0x7f0000000080)={"8846bc76345d3363daded3b216e205fdb135ee28866b1185a960da4c61767ca5"}) gettid() socket$inet_icmp_raw(0x2, 0x3, 0x1) 00:11:46 executing program 4: syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="07fa3d4e5342747727743dd34509aba1f3d8631415ddbaba3a7b799502864f425063c3d5a030c7b9143ec19609c084f3b9b4f578f38aee241f2038802fde2cc2324279d9137d3cea8d0c6915720a53db26ca1d1d3b4df9998f70f7649be44b33bf0a622f9ee7e27992d1696d03fda26fe9632217853a3dc8d30196c28176995d2ac2b812a060d68d62ecc17db7ff07e3c568ce683e852d4379a100cd410738236cb4ed764c4eb000bab8f4321b574e6c28c29243e826e84cca85c6ffbad945173ed0ec34"], 0x3) 00:11:46 executing program 2: syz_emit_vhci(0x0, 0x14) 00:11:46 executing program 3: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c90010000c000500170808224010a6fd4e7fa169eeca1120ff0bc8000000000000000000"], 0x15) 00:11:46 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x14) 00:11:46 executing program 5: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0xf7, 0xc9, 0xc9, 0x6}}}, 0x8) 00:11:46 executing program 0: syz_emit_vhci(&(0x7f0000000280)=ANY=[], 0x9) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000000)={0x3, "869d44423cbeddf9032a9946f5536413b37c3da0a389fca3ab52e8b686af917f"}) (async) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000000)={0x3, "869d44423cbeddf9032a9946f5536413b37c3da0a389fca3ab52e8b686af917f", 0xffffffffffffffff}) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) ioctl$SYNC_IOC_MERGE(r0, 0xc0303e03, &(0x7f0000000080)={"8846bc76345d3363daded3b216e205fdb135ee28866b1185a960da4c61767ca5"}) gettid() socket$inet_icmp_raw(0x2, 0x3, 0x1) [ 706.450532][ T5502] Bluetooth: Wrong link type (-22) 00:11:46 executing program 4: syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="07fa3d4e5342747727743dd34509aba1f3d8631415ddbaba3a7b799502864f425063c3d5a030c7b9143ec19609c084f3b9b4f578f38aee241f2038802fde2cc2324279d9137d3cea8d0c6915720a53db26ca1d1d3b4df9998f70f7649be44b33bf0a622f9ee7e27992d1696d03fda26fe9632217853a3dc8d30196c28176995d2ac2b812a060d68d62ecc17db7ff07e3c568ce683e852d4379a100cd410738236cb4ed764c4eb000bab8f4321b574e6c28c29243e826e84cca85c6ffbad945173ed0ec34"], 0x3) [ 706.451855][ T5502] Bluetooth: hci5: link tx timeout [ 706.453078][ T5502] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:46 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x14) 00:11:46 executing program 3: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c90010000c000500170808224010a6fd4e7fa169eeca1120ff0bc8000000000000000000"], 0x15) 00:11:46 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000180)={0x0, 0x9}) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x60c280, 0x0) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000226bd7000fbdbdf25550000000800010b6a000000"], 0x1c}}, 0x800) socket$inet6(0xa, 0x2, 0x101) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000015c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001580)={&(0x7f0000000300)={0x1264, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CSA_IES={0xc34, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_PROBE_RESP={0x50d, 0x91, "1e899196b82f35f5281a6386a101ad7b5fe8a2577bb8917df5d1440aca1b4074881756e3dc8561dfb89365dc31f7adcdb86916f299236670a6368d8b7349e318aa711eb3d78eb9ee08bc6e2ad8c446d1dfee50438d9e744251fe372d28e44a7a3d403a56370475c9ce1999ae3f8f673b68077c2ca1d0f1a642407b1a6517fc17064fbdc210f5edce36cd64fedf24a52f9f3fcd546512e6ac1aa506fc15f1d26a90573944e9f9b68eea58f892c4f898462fc0f7f1efe515aa4ed057784491c7c40aee8591754bc6b98b3947559b586fb972444eb38f8aebfc59a6caa3ca4e8ef847904bdf836b7d6d974ff639144119de33a382cf5e1504686bd219342151a2b744d78d86b40cdc206f15a9f8258327494f036fda3951f3c866678bb66d987470389e480ffeb9652fd3cb626cf57f6d2f56b20396d6d9c34033539f31a7559f25475ca501ce2136f9d1d724dadb90a1fd23dce6ddb22628f53baf7763f52c47de7a003ec8f3ed2f4abb9673f7f19d88a902d838ca2561e70d2f1d0c1d0b83e4670ed1b9426be634768782f94743198194145a33c6110048f2573bfd50fc7c0198d8e6fc26b0f7ab293413856031fa5a6f15fb9c8be67dfb57d6630da5ad24b4e93112264145a38a593c35a8021f0d09f6e4ccbca269b30a849fd0d225296d5dd8c6bccb7de78fae4f743986b80454e526dd2ad05e06dd054b02bebeddeae90076fa8b72b202ea8804875197cce0a76420162032aad83cf7107732d8867fd4ae36a5a0099a76bbb9db225189dabb32b5d077756189a91caa7547df08685ef0219f04d4dd79c3bf9d4a12c404e1b11b519eaef8d1183eeb19df9417e90399c013bf87b5739f0de71c510f9e361964a3a8a7c71d57b980856b251b00a03d13311210c159bc14508740a0a194f93e15b8509dd025c35366d157dbad150d6d9027322b05320d0b54cbee51aec566d614424ee186292a8ac5253afd286b40ae457b7598b04f51d4905c47c9706f114c3515601cf1ad3ec812364acc9ab8500d191b251045a28ecd975782405203cfb14ace9cfc189410318fcd3cc8f47b359baad7be757d176eba58bd6befa4fb5183d6832f3037f27d62981795d6d4decadb5da76b6e0e9cb1a8f69ef58249bf8774deee8d207bf353982462b71281ecf553294a2afc60c354e4f4278942c43d181daa77ce554286a43c8ec828091c2cf9253353d295763b7f85241b0c88f53d0f0f86c00963c3f790adf100b083b89b54a3b2d914e0460f2c5673e6b53ef07d6c96bd806068c2c4f092ed13c774f340c5a094b5dd97f9762691759cca28b2d1efe8fe32255608ec10bf317dc1290026295b025c21c8e1c4f11e77f46ff6939c62314bcd247771e81a7735786976e67d8d1cd01a7c6eedabf0aaae46add24e93ff94279bb0396a7868a0cde04ad97b4f53cb2e4b6675e314bbc1293bf770db7adb66960546d4711aa2553854144253b1a1ffa78a6c60435e34c3052371d10c7ce1e9e9679d4f3bca3e1b5b002395531ce4b0e13bc754dc47703b28d3b12c4b07a5faa80f70072731225bc2fa738c01831b0306abeec9e1b439a62716ccaf5bb4f8d9cc9773e9b6a8e657c21b2b83bacec38ee334f7ae04cc910768aadbd3d4427510d567a98c56a899d5731d5cfc1ef9e6cb86de1f643da03eb4518b5dda38f82277bce5548b90ca8f657d8e7c5e3f9cd589a811f2ac0b7c8c1da74ecfd0c836408dffaa04e9e6397e72a3e31a8bf634d975625edee6d12dfc6afe76180b0be0bca3d420b74d94b1fe567b05215ae75b0190bb59c7b66c7883bd6cbc32f99f"}, @NL80211_ATTR_IE_ASSOC_RESP={0x149, 0x80, [@ext_channel_switch={0x3c, 0x4, {0x0, 0xf1, 0xa9, 0x5a}}, @random_vendor={0xdd, 0x72, "1407a75e0e812646fa50ef0b895c8afb050e78e3f1c998d673de41759822ce2e7f7d38dfe9ec780008649ba5a781a34fd16684ee1e96ec7a182ee917875206f18636dc25bc5f16d1bebceda18e258f5581370682856751dcf5b79e75434242a27d715572a25865b66920bd5dc0ca959f5a00"}, @perr={0x84, 0xc9, {0x3, 0xd, [@not_ext={{}, @device_b, 0x9, "", 0x1f}, @ext={{}, @device_a, 0x5, @broadcast, 0x19}, @not_ext={{}, @device_a, 0x7, "", 0x35}, @not_ext={{}, @device_b, 0x4, "", 0x37}, @not_ext={{}, @device_a, 0x5, "", 0x2c}, @ext={{}, @device_b, 0x8}, @not_ext={{}, @device_a, 0x1, "", 0x16}, @not_ext={{}, @device_b, 0x95, "", 0x30}, @ext={{}, @broadcast, 0x10000000, @device_a, 0x15}, @ext={{}, @broadcast, 0x6, @device_b, 0x30}, @not_ext={{}, @device_b, 0x9, "", 0x3e}, @ext={{}, @broadcast, 0x30, @device_b, 0x2a}, @not_ext={{}, @device_b, 0x8, "", 0x2e}]}}]}, @NL80211_ATTR_IE={0x28, 0x2a, [@prep={0x83, 0x1f, @not_ext={{}, 0x6, 0x85, @device_b, 0x6, "", 0x3f, 0x4, @device_a, 0x9}}, @dsss={0x3, 0x1, 0xad}]}, @NL80211_ATTR_FTM_RESPONDER={0xd0, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xa, 0x3, "4f87708961a4"}, @NL80211_FTM_RESP_ATTR_LCI={0x23, 0x2, "1515248804e34829f02efe0beaed3e783173ad6612cfad0dd1405fde8e9041"}, @NL80211_FTM_RESP_ATTR_LCI={0x95, 0x2, "28fa2ba5cae12cb0590f9fe1f292e8030fb4554003f02e517515280442e8751075dba123036e483d36ac3d497b5321c0016ea46d70015fed11b48dbb4b2f9ae0030afeae695f563dd2c9182b482f02cffa8fe0500095b4b0d2cdec543bdba9399ac32602e4bee255efa8de0b460755a7dbaf02099aa019ac0b5d6bb45bdf16d722e9b6579fe955fc79a7d2912992249406"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_BEACON_HEAD={0x48f, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x7b47}, @device_a, @broadcast, @from_mac=@device_b, {0x4, 0x5}}, @ver_80211n={0x0, 0x81, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x1, @random=0x6, 0x0, @void, @void, @val={0x3, 0x1, 0x70}, @void, @void, @val={0x5, 0x8b, {0xff, 0x3b, 0xd7, "771a8171a7aa7613e61fb5f18a0b55a85521c412cdb1760558cc07a24918e040bd1c5ca99f8569315875adb838d4926aca4352bd505e14113ed8215a281c9aeab3ca2caa74996e9715fac6270085cf72d3660f3b07a859a3c6897b47ed09832edfdfa0dc8dbb2d0f3094955104081cd620dd121a2cbeb6842155a99ae96040dbefe2bd94d0c700ed"}}, @void, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x6, 0x74, 0x6}}, @val={0x2d, 0x1a, {0x4008, 0x3, 0x3, 0x0, {0x6842, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2}, 0x400, 0x0, 0x1f}}, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0xffffffffffffffff, 0x7, 0x69}}, @void, [{0xdd, 0x92, "0f7e5c9edae21ba1bf9c9eb07f8a0b3b02a1a9d3e01ba345e745f1d4f6e7497db69177f42f3fccb1901a77783eca74985c03b78536771ae4e444eafeb42325a329cab14170a4939061bc1b3cc9462cb665df9dd67344778498d637fe62fa745a73c698be7abbf3665e3584753de84d6d3a6a9b7b3c27ffd6782a255baa7860dac4bb79312a1d3c86fabd3ee2b9ddaaf0a7fe"}, {0xdd, 0xc9, "396b0de70791d88504b3b5d0b06720b09237bf48ad2140f25e13fd8603fc7614cf7849f7c474359f2a006999eaf37ac505cc42630bdf6b7b4db24c19dd9a84232e738bd7f9a334b92eb5e56a236c1041fced2da412447cae3d1ca94572a8fea4a2f8aad29e04cfd4510bb8bb0b4febbcce7ea46ae6decc86c30bdd9fe40ed4b85b53c34c36b085d0347c96465849fef4a52e70f75e4a4aa1fd8a939597d234108ce96c36fa4bd0edeb83ad6dee6d81c988356a43f85628d7d57e4dbfc4b5640b9c4e0729d05331378f"}, {0xdd, 0x4b, "3552703c827f7f2cf17afe87dd416164f7f4789d1a9781218b44b409d23a51755641bc584e422b942eaf47b153124a3b04976813e8b20c4dfbabdbd5d57f638b99b27172ad29633aa06236"}, {0xdd, 0xbf, "7844f48a09680a93008f620bf3b63dafc7406255cf7a71a0d0dd29dcc70173799c3236cc6bec070d7b218dcdc778c708fe39c82ed48a7bf229770fd470cc021a2a35342b9434780e98d6d91f08981fa591c0a62621054c83996fe90b1a334ac634b7aac8a02059fed05db33b3f5f556b6166705ef486f01af5890cc2e8f4f4cdb54b42dbf15f00567fb6da47fd0980d4daea80b872d1bb79d36d35e7b1cdf4c13611e84aba79bd34025a82fffa4eb4058ecc1c628f46273e0ea3c781d3bb43"}, {0xdd, 0x17, "e508338be0c867c41ec670e6d15af8f3dbeb24b76acc28"}, {0xdd, 0xa4, "827f7e6b96552cdc7734723326707f2c636bd6f73c15ec45070ca67814c969377521018be442286f25b6ea31c13a729fc5301a5f3d3eddb305c45c70f23513d748dc03aaea32dcde92f6794718fb03858740624e3d58ab67f689298d08395f6f87a522b7b0fc4918460df689da3008e8597480b8ebda9c55db266c385745f7191266ac1c2c94bc1d3bf07e957a5ee41faa4434b4601faa248da6ed9b62db3c1fb78c11a1"}, {0xdd, 0x77, "f58123fa7cf1ef2c417b16a9da38d9b7531ced4c2dfa91fb56f63b2529194c937f5d15c9664c717104bb03d8ad7c4261d40788f7629ee8394f86bd5a91a572dbf01aeb9aea8a44534d510837d912c817e3fdd8b950bfc50f68676d7164f090c510fcb1a0d70322e669f26e032bd985c2aea6ff69dc761f"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x11, 0x7f, [@tim={0x5, 0x3, {0x80, 0x9, 0x1}}, @ssid={0x0, 0x6, @default_ibss_ssid}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x6, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x7f, 0x7, 0x5, 0x9, 0xc5e, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x5, 0x7308, 0x1]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x14, 0xbb, [0x8, 0x7, 0x823, 0x6, 0x1f, 0x0, 0xff, 0x2]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CSA_IES={0x70, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_PRESP={0x16, 0xbb, [0x1, 0xfffb, 0x3f, 0x7f, 0x8, 0x9, 0x934, 0x8001, 0x5]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x5, 0x5, 0x9, 0x100]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0xff, 0x7, 0x200, 0x2, 0x1, 0x6, 0x9cd4]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x18, 0xbb, [0xd3cb, 0x8001, 0xffff, 0x2, 0x7, 0x100, 0x81, 0x8000, 0x3f, 0x200]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0x979f, 0x1, 0x9, 0x7f, 0x9, 0x1, 0x2]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x1, 0x80]}]}, @NL80211_ATTR_CSA_IES={0x5a0, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0xfff8, 0x401, 0x8000, 0x7f, 0x8, 0x1]}, @beacon_params=[@NL80211_ATTR_FTM_RESPONDER={0x3d4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xb2, 0x3, "acc2df72f4ce532afcedc46a9b320c4ca6ddada4023e13c1ba5528d06cbb292c0e4b98a8e2fce9a2fb71db05c07dadfcf90c52f37187f67fa1d88352ea210ec7dca8c0f68e2c29cb03f1034898115b97e2f0a64dab1f77e6b63cc59b0f94ac7c9e96d7061ec6d3547048a57f5149e4eacbc37d4432636eafa5b6b8f88e8be3c713901fa0dedd2f633ce5df93c85deefb34af1d08ad93efa65f95746b4a8a60336dfbc5ea35868b7edd037746a031"}, @NL80211_FTM_RESP_ATTR_LCI={0xa0, 0x2, "7dcff8351bdfaa5fec73af225d03667ca8df83a94aa641fae12381af692fe489c5f7e9291da371b4de291b4318d2a35ebcb7d0eff4c15f9d3f2ff83f19a779c0dc6ffec08658a28cce40798ebbdff1a819d04a6ae73b767a508533fc125280c52c61960c7ae6be14800f909b3632755a3551b1b7fd6676468f3ca2c017255c2d5c4abad84bff095a99cf58fa6bcf8c5008957bf7433ee60183bd317b"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x76, 0x3, "30fd7d06e019284ffa1c0996744fe50ef5ad634274cb651cf8d286a08b388de6852578e9f781a70d41fabb9b3a894ac3d805b6e1f7fece7cb0376b1cd21dce18e4c9704957c7d413ac5f436c91d63322d827b0f8cb5b9b85c82202eb23291fa1bd849d9ff92f8518215cf2e561527fe72062"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0xf1, 0x2, "450d00216ffd3af84c9220d0c13ca076497015ac19ebd03b8bd46861039e4d721bcd2b6202776c70cef16fc711c89b172c6e43fbe0b5e875d708e4488f5167ce106680853faa1e38cbbc0d8f7cbb9b1cd804729c14ad920f81b4c908b3b5864ede9b27e1bf53f9b48c6635bff9c5965018ecd7367ba9c390dedb7d6120b202d7f8e977e060507337a06bdd3dab9b2425459c2cea41707c4c359ba1fab73b768df9d0af028b12e0868f48071e1e496d347688819754eeb7fe550a3b060e8fab1040427add3934e220dc438ce02c126149f8e3e8ba7491f0d830aa8e4fe9b93cf5ab088e647594dbf0470166b8da"}, @NL80211_FTM_RESP_ATTR_LCI={0x32, 0x2, "cd421e4a796903ed1f702a93b6ed96c6195404c4e812b382ec64c606d01ca94ae50102c597e648c6d0edc9ea3465"}, @NL80211_FTM_RESP_ATTR_LCI={0x3a, 0x2, "5b9cbe426327edd4d3fe9aab2fd948179df95d7d37a1ad466a10628a23a63fa15c24f966e8ae0cf94752bab026c73a8c41b97b253c74"}, @NL80211_FTM_RESP_ATTR_LCI={0x25, 0x2, "150ec88cbc2ac4cd9bac11713d1fcd90e8405d9229accb7fdc39b9a1064ed97230"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "965d52c9cbd32163d0b256daa0f96a9c7e2fbe71c786bb511713a955f18bdcd1d2d46f1271c83fb1cd1679d2a21d2950602d7a4ba5b8ef4ed481a0ae88875750750b925e97408c3886b8c43bb89f51570fb5108304d37af561ee9b8eba40d34db425c4399f4bea586cd0d941f9"}]}, @NL80211_ATTR_FTM_RESPONDER={0x190, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x1b, 0x2, "6e17c4c3c658bb63bf895af974568ff34da81153d24198"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x99, 0x3, "1eb5e619933dc8d7d943468b3261c3fd0c0c8d9fc8767c20bb24bec12d86500d759183384a2809cd30bf564f6298f42c2d8b72fe9659026f8dcb813d8c10a1f93f5452db20240132d9d4da4be778157cca031aaf3b01df0417919326d03afa848d0b4a2f925faccd601a1b9290a5d5d1ce7592d552e6c27d4e0ceeb526afba97dc39a1e80f5c74136cb6772bfbeb598da08b2dee2b"}, @NL80211_FTM_RESP_ATTR_LCI={0xaa, 0x2, "da8689f6604f6366928d6972872e845e0f59f2119bbea4c785502a643f6662d5b195bd9536902a0318e6093872580b2e95ba5035a84970a6e0a25f18daf0dc74476c613bc7981b9a5bf8e3bac78840f138a550b147f5b0f8aec2057bc21c62f66acd18060ab59909d187dcf373af84252a4ab020cb8d029da18e252ea00884d29675eb9db8a9159bf2155d516d68bc8a779b1fc841ff6bbf507b6973823733ac76bf8c2cab1a"}, @NL80211_FTM_RESP_ATTR_LCI={0x22, 0x2, "ea82404e6ea152167116e89f38dd22ea9919219aaa39b06349e2b9d4c5cf"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @NL80211_ATTR_CSA_C_OFF_BEACON={0x8, 0xba, [0xfff7, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xc, 0xba, [0x400, 0x4, 0x7, 0xfff]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x7ff, 0x5]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x80b, 0x800, 0x0]}]}]}, 0x1264}, 0x1, 0x0, 0x0, 0x8080}, 0x20000000) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33", 0x2}}}, 0x1a) 00:11:46 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x14) 00:11:46 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0x8, 0x4}, {0x4, 0x4}}}}, 0x11) 00:11:46 executing program 5: 00:11:46 executing program 0: syz_emit_vhci(&(0x7f0000000280)=ANY=[], 0x9) (async) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000000)={0x3, "869d44423cbeddf9032a9946f5536413b37c3da0a389fca3ab52e8b686af917f", 0xffffffffffffffff}) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) (async) ioctl$SYNC_IOC_MERGE(r0, 0xc0303e03, &(0x7f0000000080)={"8846bc76345d3363daded3b216e205fdb135ee28866b1185a960da4c61767ca5"}) gettid() (async) socket$inet_icmp_raw(0x2, 0x3, 0x1) 00:11:46 executing program 4: syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="07fa3d4e5342747727743dd34509aba1f3d8631415ddbaba3a7b799502864f425063c3d5a030c7b9143ec19609c084f3b9b4f578f38aee241f2038802fde2cc2324279d9137d3cea8d0c6915720a53db26ca1d1d3b4df9998f70f7649be44b33bf0a622f9ee7e27992d1696d03fda26fe9632217853a3dc8d30196c28176995d2ac2b812a060d68d62ecc17db7ff07e3c568ce683e852d4379a100cd410738236cb4ed764c4eb000bab8f4321b574e6c28c29243e826e84cca85c6ffbad945173ed0ec34"], 0x3) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="07fa3d4e5342747727743dd34509aba1f3d8631415ddbaba3a7b799502864f425063c3d5a030c7b9143ec19609c084f3b9b4f578f38aee241f2038802fde2cc2324279d9137d3cea8d0c6915720a53db26ca1d1d3b4df9998f70f7649be44b33bf0a622f9ee7e27992d1696d03fda26fe9632217853a3dc8d30196c28176995d2ac2b812a060d68d62ecc17db7ff07e3c568ce683e852d4379a100cd410738236cb4ed764c4eb000bab8f4321b574e6c28c29243e826e84cca85c6ffbad945173ed0ec34"], 0x3) (async) [ 706.612330][ T5943] Bluetooth: Wrong link type (-57) [ 706.613856][ T5943] Bluetooth: hci4: link tx timeout [ 706.614920][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 706.627480][ T5502] Bluetooth: Wrong link type (-22) [ 706.628705][ T5502] Bluetooth: hci5: link tx timeout [ 706.629775][ T5502] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:46 executing program 5: 00:11:46 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB], 0x14) 00:11:46 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0x8, 0x4}, {0x4, 0x4}}}}, 0x11) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0x8, 0x4}, {0x4, 0x4}}}}, 0x11) (async) 00:11:46 executing program 4: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) sendto$rxrpc(r0, &(0x7f0000000040)="38434060edbbd4c43a0f15ac257c0bbf1f2454c34d93fd43677c050b712644", 0x1f, 0xc0, &(0x7f0000000080)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e22, @multicast1}}, 0x24) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="04131906c9000500c8000300c900aee8c8000000c9000900c900d833f2f92fc04c3f6ef7"], 0x1c) 00:11:46 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB], 0x14) 00:11:46 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES32=r1, @ANYRESOCT=r0, @ANYRES32=r0, @ANYBLOB="a879a1ad2e6a47aa7d50e68f6a545a68499ab4842fcdbc7042e3bfea5f9d0edb4a57364467c6f840bde4c2d3140c8c2519193c771c11f0b696d6035d1cd0047ded35a48305ada038b02ef6084895efcb2c9b7c69e23a7f5119f6b860e97b7fa2efe04cab10b078f40206a8c833811263e538a26f783cb948a8", @ANYRES64], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x3d}, "167c42f552b9649203ea86fa01d19e01f7deb805690d9807322fbd23ba7737d505d07264e0291b800b75bbde4e76137844b44972026f42476d17804127"}, 0x41) [ 706.721263][ T5943] Bluetooth: Wrong link type (-57) [ 706.722535][ T5943] Bluetooth: Wrong link type (-57) [ 706.724496][ T5943] Bluetooth: hci4: link tx timeout [ 706.725545][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:46 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB], 0x14) 00:11:46 executing program 5: 00:11:46 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000180)={0x0, 0x9}) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x60c280, 0x0) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000226bd7000fbdbdf25550000000800010b6a000000"], 0x1c}}, 0x800) socket$inet6(0xa, 0x2, 0x101) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000015c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001580)={&(0x7f0000000300)={0x1264, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CSA_IES={0xc34, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_PROBE_RESP={0x50d, 0x91, "1e899196b82f35f5281a6386a101ad7b5fe8a2577bb8917df5d1440aca1b4074881756e3dc8561dfb89365dc31f7adcdb86916f299236670a6368d8b7349e318aa711eb3d78eb9ee08bc6e2ad8c446d1dfee50438d9e744251fe372d28e44a7a3d403a56370475c9ce1999ae3f8f673b68077c2ca1d0f1a642407b1a6517fc17064fbdc210f5edce36cd64fedf24a52f9f3fcd546512e6ac1aa506fc15f1d26a90573944e9f9b68eea58f892c4f898462fc0f7f1efe515aa4ed057784491c7c40aee8591754bc6b98b3947559b586fb972444eb38f8aebfc59a6caa3ca4e8ef847904bdf836b7d6d974ff639144119de33a382cf5e1504686bd219342151a2b744d78d86b40cdc206f15a9f8258327494f036fda3951f3c866678bb66d987470389e480ffeb9652fd3cb626cf57f6d2f56b20396d6d9c34033539f31a7559f25475ca501ce2136f9d1d724dadb90a1fd23dce6ddb22628f53baf7763f52c47de7a003ec8f3ed2f4abb9673f7f19d88a902d838ca2561e70d2f1d0c1d0b83e4670ed1b9426be634768782f94743198194145a33c6110048f2573bfd50fc7c0198d8e6fc26b0f7ab293413856031fa5a6f15fb9c8be67dfb57d6630da5ad24b4e93112264145a38a593c35a8021f0d09f6e4ccbca269b30a849fd0d225296d5dd8c6bccb7de78fae4f743986b80454e526dd2ad05e06dd054b02bebeddeae90076fa8b72b202ea8804875197cce0a76420162032aad83cf7107732d8867fd4ae36a5a0099a76bbb9db225189dabb32b5d077756189a91caa7547df08685ef0219f04d4dd79c3bf9d4a12c404e1b11b519eaef8d1183eeb19df9417e90399c013bf87b5739f0de71c510f9e361964a3a8a7c71d57b980856b251b00a03d13311210c159bc14508740a0a194f93e15b8509dd025c35366d157dbad150d6d9027322b05320d0b54cbee51aec566d614424ee186292a8ac5253afd286b40ae457b7598b04f51d4905c47c9706f114c3515601cf1ad3ec812364acc9ab8500d191b251045a28ecd975782405203cfb14ace9cfc189410318fcd3cc8f47b359baad7be757d176eba58bd6befa4fb5183d6832f3037f27d62981795d6d4decadb5da76b6e0e9cb1a8f69ef58249bf8774deee8d207bf353982462b71281ecf553294a2afc60c354e4f4278942c43d181daa77ce554286a43c8ec828091c2cf9253353d295763b7f85241b0c88f53d0f0f86c00963c3f790adf100b083b89b54a3b2d914e0460f2c5673e6b53ef07d6c96bd806068c2c4f092ed13c774f340c5a094b5dd97f9762691759cca28b2d1efe8fe32255608ec10bf317dc1290026295b025c21c8e1c4f11e77f46ff6939c62314bcd247771e81a7735786976e67d8d1cd01a7c6eedabf0aaae46add24e93ff94279bb0396a7868a0cde04ad97b4f53cb2e4b6675e314bbc1293bf770db7adb66960546d4711aa2553854144253b1a1ffa78a6c60435e34c3052371d10c7ce1e9e9679d4f3bca3e1b5b002395531ce4b0e13bc754dc47703b28d3b12c4b07a5faa80f70072731225bc2fa738c01831b0306abeec9e1b439a62716ccaf5bb4f8d9cc9773e9b6a8e657c21b2b83bacec38ee334f7ae04cc910768aadbd3d4427510d567a98c56a899d5731d5cfc1ef9e6cb86de1f643da03eb4518b5dda38f82277bce5548b90ca8f657d8e7c5e3f9cd589a811f2ac0b7c8c1da74ecfd0c836408dffaa04e9e6397e72a3e31a8bf634d975625edee6d12dfc6afe76180b0be0bca3d420b74d94b1fe567b05215ae75b0190bb59c7b66c7883bd6cbc32f99f"}, @NL80211_ATTR_IE_ASSOC_RESP={0x149, 0x80, [@ext_channel_switch={0x3c, 0x4, {0x0, 0xf1, 0xa9, 0x5a}}, @random_vendor={0xdd, 0x72, "1407a75e0e812646fa50ef0b895c8afb050e78e3f1c998d673de41759822ce2e7f7d38dfe9ec780008649ba5a781a34fd16684ee1e96ec7a182ee917875206f18636dc25bc5f16d1bebceda18e258f5581370682856751dcf5b79e75434242a27d715572a25865b66920bd5dc0ca959f5a00"}, @perr={0x84, 0xc9, {0x3, 0xd, [@not_ext={{}, @device_b, 0x9, "", 0x1f}, @ext={{}, @device_a, 0x5, @broadcast, 0x19}, @not_ext={{}, @device_a, 0x7, "", 0x35}, @not_ext={{}, @device_b, 0x4, "", 0x37}, @not_ext={{}, @device_a, 0x5, "", 0x2c}, @ext={{}, @device_b, 0x8}, @not_ext={{}, @device_a, 0x1, "", 0x16}, @not_ext={{}, @device_b, 0x95, "", 0x30}, @ext={{}, @broadcast, 0x10000000, @device_a, 0x15}, @ext={{}, @broadcast, 0x6, @device_b, 0x30}, @not_ext={{}, @device_b, 0x9, "", 0x3e}, @ext={{}, @broadcast, 0x30, @device_b, 0x2a}, @not_ext={{}, @device_b, 0x8, "", 0x2e}]}}]}, @NL80211_ATTR_IE={0x28, 0x2a, [@prep={0x83, 0x1f, @not_ext={{}, 0x6, 0x85, @device_b, 0x6, "", 0x3f, 0x4, @device_a, 0x9}}, @dsss={0x3, 0x1, 0xad}]}, @NL80211_ATTR_FTM_RESPONDER={0xd0, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xa, 0x3, "4f87708961a4"}, @NL80211_FTM_RESP_ATTR_LCI={0x23, 0x2, "1515248804e34829f02efe0beaed3e783173ad6612cfad0dd1405fde8e9041"}, @NL80211_FTM_RESP_ATTR_LCI={0x95, 0x2, "28fa2ba5cae12cb0590f9fe1f292e8030fb4554003f02e517515280442e8751075dba123036e483d36ac3d497b5321c0016ea46d70015fed11b48dbb4b2f9ae0030afeae695f563dd2c9182b482f02cffa8fe0500095b4b0d2cdec543bdba9399ac32602e4bee255efa8de0b460755a7dbaf02099aa019ac0b5d6bb45bdf16d722e9b6579fe955fc79a7d2912992249406"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_BEACON_HEAD={0x48f, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x7b47}, @device_a, @broadcast, @from_mac=@device_b, {0x4, 0x5}}, @ver_80211n={0x0, 0x81, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x1, @random=0x6, 0x0, @void, @void, @val={0x3, 0x1, 0x70}, @void, @void, @val={0x5, 0x8b, {0xff, 0x3b, 0xd7, "771a8171a7aa7613e61fb5f18a0b55a85521c412cdb1760558cc07a24918e040bd1c5ca99f8569315875adb838d4926aca4352bd505e14113ed8215a281c9aeab3ca2caa74996e9715fac6270085cf72d3660f3b07a859a3c6897b47ed09832edfdfa0dc8dbb2d0f3094955104081cd620dd121a2cbeb6842155a99ae96040dbefe2bd94d0c700ed"}}, @void, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x6, 0x74, 0x6}}, @val={0x2d, 0x1a, {0x4008, 0x3, 0x3, 0x0, {0x6842, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2}, 0x400, 0x0, 0x1f}}, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0xffffffffffffffff, 0x7, 0x69}}, @void, [{0xdd, 0x92, "0f7e5c9edae21ba1bf9c9eb07f8a0b3b02a1a9d3e01ba345e745f1d4f6e7497db69177f42f3fccb1901a77783eca74985c03b78536771ae4e444eafeb42325a329cab14170a4939061bc1b3cc9462cb665df9dd67344778498d637fe62fa745a73c698be7abbf3665e3584753de84d6d3a6a9b7b3c27ffd6782a255baa7860dac4bb79312a1d3c86fabd3ee2b9ddaaf0a7fe"}, {0xdd, 0xc9, "396b0de70791d88504b3b5d0b06720b09237bf48ad2140f25e13fd8603fc7614cf7849f7c474359f2a006999eaf37ac505cc42630bdf6b7b4db24c19dd9a84232e738bd7f9a334b92eb5e56a236c1041fced2da412447cae3d1ca94572a8fea4a2f8aad29e04cfd4510bb8bb0b4febbcce7ea46ae6decc86c30bdd9fe40ed4b85b53c34c36b085d0347c96465849fef4a52e70f75e4a4aa1fd8a939597d234108ce96c36fa4bd0edeb83ad6dee6d81c988356a43f85628d7d57e4dbfc4b5640b9c4e0729d05331378f"}, {0xdd, 0x4b, "3552703c827f7f2cf17afe87dd416164f7f4789d1a9781218b44b409d23a51755641bc584e422b942eaf47b153124a3b04976813e8b20c4dfbabdbd5d57f638b99b27172ad29633aa06236"}, {0xdd, 0xbf, "7844f48a09680a93008f620bf3b63dafc7406255cf7a71a0d0dd29dcc70173799c3236cc6bec070d7b218dcdc778c708fe39c82ed48a7bf229770fd470cc021a2a35342b9434780e98d6d91f08981fa591c0a62621054c83996fe90b1a334ac634b7aac8a02059fed05db33b3f5f556b6166705ef486f01af5890cc2e8f4f4cdb54b42dbf15f00567fb6da47fd0980d4daea80b872d1bb79d36d35e7b1cdf4c13611e84aba79bd34025a82fffa4eb4058ecc1c628f46273e0ea3c781d3bb43"}, {0xdd, 0x17, "e508338be0c867c41ec670e6d15af8f3dbeb24b76acc28"}, {0xdd, 0xa4, "827f7e6b96552cdc7734723326707f2c636bd6f73c15ec45070ca67814c969377521018be442286f25b6ea31c13a729fc5301a5f3d3eddb305c45c70f23513d748dc03aaea32dcde92f6794718fb03858740624e3d58ab67f689298d08395f6f87a522b7b0fc4918460df689da3008e8597480b8ebda9c55db266c385745f7191266ac1c2c94bc1d3bf07e957a5ee41faa4434b4601faa248da6ed9b62db3c1fb78c11a1"}, {0xdd, 0x77, "f58123fa7cf1ef2c417b16a9da38d9b7531ced4c2dfa91fb56f63b2529194c937f5d15c9664c717104bb03d8ad7c4261d40788f7629ee8394f86bd5a91a572dbf01aeb9aea8a44534d510837d912c817e3fdd8b950bfc50f68676d7164f090c510fcb1a0d70322e669f26e032bd985c2aea6ff69dc761f"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x11, 0x7f, [@tim={0x5, 0x3, {0x80, 0x9, 0x1}}, @ssid={0x0, 0x6, @default_ibss_ssid}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x6, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x7f, 0x7, 0x5, 0x9, 0xc5e, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x5, 0x7308, 0x1]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x14, 0xbb, [0x8, 0x7, 0x823, 0x6, 0x1f, 0x0, 0xff, 0x2]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CSA_IES={0x70, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_PRESP={0x16, 0xbb, [0x1, 0xfffb, 0x3f, 0x7f, 0x8, 0x9, 0x934, 0x8001, 0x5]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x5, 0x5, 0x9, 0x100]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0xff, 0x7, 0x200, 0x2, 0x1, 0x6, 0x9cd4]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x18, 0xbb, [0xd3cb, 0x8001, 0xffff, 0x2, 0x7, 0x100, 0x81, 0x8000, 0x3f, 0x200]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0x979f, 0x1, 0x9, 0x7f, 0x9, 0x1, 0x2]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x1, 0x80]}]}, @NL80211_ATTR_CSA_IES={0x5a0, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0xfff8, 0x401, 0x8000, 0x7f, 0x8, 0x1]}, @beacon_params=[@NL80211_ATTR_FTM_RESPONDER={0x3d4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xb2, 0x3, "acc2df72f4ce532afcedc46a9b320c4ca6ddada4023e13c1ba5528d06cbb292c0e4b98a8e2fce9a2fb71db05c07dadfcf90c52f37187f67fa1d88352ea210ec7dca8c0f68e2c29cb03f1034898115b97e2f0a64dab1f77e6b63cc59b0f94ac7c9e96d7061ec6d3547048a57f5149e4eacbc37d4432636eafa5b6b8f88e8be3c713901fa0dedd2f633ce5df93c85deefb34af1d08ad93efa65f95746b4a8a60336dfbc5ea35868b7edd037746a031"}, @NL80211_FTM_RESP_ATTR_LCI={0xa0, 0x2, "7dcff8351bdfaa5fec73af225d03667ca8df83a94aa641fae12381af692fe489c5f7e9291da371b4de291b4318d2a35ebcb7d0eff4c15f9d3f2ff83f19a779c0dc6ffec08658a28cce40798ebbdff1a819d04a6ae73b767a508533fc125280c52c61960c7ae6be14800f909b3632755a3551b1b7fd6676468f3ca2c017255c2d5c4abad84bff095a99cf58fa6bcf8c5008957bf7433ee60183bd317b"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x76, 0x3, "30fd7d06e019284ffa1c0996744fe50ef5ad634274cb651cf8d286a08b388de6852578e9f781a70d41fabb9b3a894ac3d805b6e1f7fece7cb0376b1cd21dce18e4c9704957c7d413ac5f436c91d63322d827b0f8cb5b9b85c82202eb23291fa1bd849d9ff92f8518215cf2e561527fe72062"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0xf1, 0x2, "450d00216ffd3af84c9220d0c13ca076497015ac19ebd03b8bd46861039e4d721bcd2b6202776c70cef16fc711c89b172c6e43fbe0b5e875d708e4488f5167ce106680853faa1e38cbbc0d8f7cbb9b1cd804729c14ad920f81b4c908b3b5864ede9b27e1bf53f9b48c6635bff9c5965018ecd7367ba9c390dedb7d6120b202d7f8e977e060507337a06bdd3dab9b2425459c2cea41707c4c359ba1fab73b768df9d0af028b12e0868f48071e1e496d347688819754eeb7fe550a3b060e8fab1040427add3934e220dc438ce02c126149f8e3e8ba7491f0d830aa8e4fe9b93cf5ab088e647594dbf0470166b8da"}, @NL80211_FTM_RESP_ATTR_LCI={0x32, 0x2, "cd421e4a796903ed1f702a93b6ed96c6195404c4e812b382ec64c606d01ca94ae50102c597e648c6d0edc9ea3465"}, @NL80211_FTM_RESP_ATTR_LCI={0x3a, 0x2, "5b9cbe426327edd4d3fe9aab2fd948179df95d7d37a1ad466a10628a23a63fa15c24f966e8ae0cf94752bab026c73a8c41b97b253c74"}, @NL80211_FTM_RESP_ATTR_LCI={0x25, 0x2, "150ec88cbc2ac4cd9bac11713d1fcd90e8405d9229accb7fdc39b9a1064ed97230"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "965d52c9cbd32163d0b256daa0f96a9c7e2fbe71c786bb511713a955f18bdcd1d2d46f1271c83fb1cd1679d2a21d2950602d7a4ba5b8ef4ed481a0ae88875750750b925e97408c3886b8c43bb89f51570fb5108304d37af561ee9b8eba40d34db425c4399f4bea586cd0d941f9"}]}, @NL80211_ATTR_FTM_RESPONDER={0x190, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x1b, 0x2, "6e17c4c3c658bb63bf895af974568ff34da81153d24198"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x99, 0x3, "1eb5e619933dc8d7d943468b3261c3fd0c0c8d9fc8767c20bb24bec12d86500d759183384a2809cd30bf564f6298f42c2d8b72fe9659026f8dcb813d8c10a1f93f5452db20240132d9d4da4be778157cca031aaf3b01df0417919326d03afa848d0b4a2f925faccd601a1b9290a5d5d1ce7592d552e6c27d4e0ceeb526afba97dc39a1e80f5c74136cb6772bfbeb598da08b2dee2b"}, @NL80211_FTM_RESP_ATTR_LCI={0xaa, 0x2, "da8689f6604f6366928d6972872e845e0f59f2119bbea4c785502a643f6662d5b195bd9536902a0318e6093872580b2e95ba5035a84970a6e0a25f18daf0dc74476c613bc7981b9a5bf8e3bac78840f138a550b147f5b0f8aec2057bc21c62f66acd18060ab59909d187dcf373af84252a4ab020cb8d029da18e252ea00884d29675eb9db8a9159bf2155d516d68bc8a779b1fc841ff6bbf507b6973823733ac76bf8c2cab1a"}, @NL80211_FTM_RESP_ATTR_LCI={0x22, 0x2, "ea82404e6ea152167116e89f38dd22ea9919219aaa39b06349e2b9d4c5cf"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @NL80211_ATTR_CSA_C_OFF_BEACON={0x8, 0xba, [0xfff7, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xc, 0xba, [0x400, 0x4, 0x7, 0xfff]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x7ff, 0x5]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x80b, 0x800, 0x0]}]}]}, 0x1264}, 0x1, 0x0, 0x0, 0x8080}, 0x20000000) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33", 0x2}}}, 0x1a) 00:11:46 executing program 5: syz_emit_vhci(0x0, 0x0) 00:11:46 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0x8, 0x4}, {0x4, 0x4}}}}, 0x11) 00:11:46 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060ba300ff9cc6bbffff"], 0x14) [ 706.800798][ T5943] Bluetooth: Wrong link type (-57) [ 706.801985][ T5943] Bluetooth: hci4: link tx timeout [ 706.803196][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 706.812113][ T5502] Bluetooth: Wrong link type (-22) [ 706.813494][ T5502] Bluetooth: hci5: link tx timeout [ 706.814637][ T5502] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa [ 706.818788][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 00:11:46 executing program 4: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) (async) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) sendto$rxrpc(r0, &(0x7f0000000040)="38434060edbbd4c43a0f15ac257c0bbf1f2454c34d93fd43677c050b712644", 0x1f, 0xc0, &(0x7f0000000080)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e22, @multicast1}}, 0x24) (async) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="04131906c9000500c8000300c900aee8c8000000c9000900c900d833f2f92fc04c3f6ef7"], 0x1c) 00:11:46 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) getresgid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)) 00:11:46 executing program 5: syz_emit_vhci(0x0, 0x0) [ 706.849197][ T5502] Bluetooth: hci1: Malformed LE Event: 0x0b 00:11:46 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES32=r1, @ANYRESOCT=r0, @ANYRES32=r0, @ANYBLOB="a879a1ad2e6a47aa7d50e68f6a545a68499ab4842fcdbc7042e3bfea5f9d0edb4a57364467c6f840bde4c2d3140c8c2519193c771c11f0b696d6035d1cd0047ded35a48305ada038b02ef6084895efcb2c9b7c69e23a7f5119f6b860e97b7fa2efe04cab10b078f40206a8c833811263e538a26f783cb948a8", @ANYRES64], 0x9) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x3d}, "167c42f552b9649203ea86fa01d19e01f7deb805690d9807322fbd23ba7737d505d07264e0291b800b75bbde4e76137844b44972026f42476d17804127"}, 0x41) 00:11:46 executing program 4: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async, rerun: 32) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) (rerun: 32) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async, rerun: 64) sendto$rxrpc(r0, &(0x7f0000000040)="38434060edbbd4c43a0f15ac257c0bbf1f2454c34d93fd43677c050b712644", 0x1f, 0xc0, &(0x7f0000000080)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e22, @multicast1}}, 0x24) (rerun: 64) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="04131906c9000500c8000300c900aee8c8000000c9000900c900d833f2f92fc04c3f6ef7"], 0x1c) [ 706.916653][ T5943] Bluetooth: Wrong link type (-22) [ 706.917939][ T5943] Bluetooth: hci4: link tx timeout [ 706.919016][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 706.921545][ T5502] Bluetooth: hci0: Received unexpected HCI Event 0x00 00:11:46 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) getresgid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)) 00:11:46 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04"], 0x14) 00:11:46 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES32=r1, @ANYRESOCT=r0, @ANYRES32=r0, @ANYBLOB="a879a1ad2e6a47aa7d50e68f6a545a68499ab4842fcdbc7042e3bfea5f9d0edb4a57364467c6f840bde4c2d3140c8c2519193c771c11f0b696d6035d1cd0047ded35a48305ada038b02ef6084895efcb2c9b7c69e23a7f5119f6b860e97b7fa2efe04cab10b078f40206a8c833811263e538a26f783cb948a8", @ANYRES64], 0x9) (async, rerun: 32) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x3d}, "167c42f552b9649203ea86fa01d19e01f7deb805690d9807322fbd23ba7737d505d07264e0291b800b75bbde4e76137844b44972026f42476d17804127"}, 0x41) (rerun: 32) [ 707.002109][ T5502] Bluetooth: Wrong link type (-22) [ 707.003527][ T5502] Bluetooth: Wrong link type (-22) [ 707.004624][ T5502] Bluetooth: hci4: link tx timeout [ 707.005726][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 707.007035][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.009334][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.011006][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.012755][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.016670][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.018323][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 00:11:47 executing program 5: syz_emit_vhci(0x0, 0x0) 00:11:47 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000180)={0x0, 0x9}) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x60c280, 0x0) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000226bd7000fbdbdf25550000000800010b6a000000"], 0x1c}}, 0x800) socket$inet6(0xa, 0x2, 0x101) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33", 0x2}}}, 0x1a) [ 707.019926][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.021564][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.026853][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.028288][ T5502] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 707.028325][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.031208][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.033155][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.034637][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.036055][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.037599][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.039024][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.040482][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.041901][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.044236][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.045587][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.047029][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.048485][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.050008][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.051475][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.053405][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.054875][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.056289][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 00:11:47 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) getresgid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)) [ 707.057706][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.059171][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.060587][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.061968][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.065331][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 707.066819][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 00:11:47 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0xffffffec}}}, 0x3) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_ext_features={{0x23, 0xd}, {0x20, 0xc8, 0xaf, 0x8, "a21b57f821e7406b"}}}, 0x10) 00:11:47 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04"], 0x14) 00:11:47 executing program 5: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0x0, 0xc9, 0xc9, 0x6}}}, 0x8) [ 707.096406][ T5943] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 707.099931][ T5943] Bluetooth: Wrong link type (-22) 00:11:47 executing program 0: ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000100)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000140)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r0, 0xc01864cd, &(0x7f0000000200)={&(0x7f0000000180)=[r1, 0x0, r2, 0x0, 0x0, r3], &(0x7f00000001c0)=[0x1, 0x7, 0x7, 0x8, 0x3], 0x6, 0x1}) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x440000, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000040)='syz1\x00', 0x1ff) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES32=r5, @ANYRES64=r4], 0x9) r6 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000240), 0x8101, 0x0) ioctl$DRM_IOCTL_RM_MAP(r6, 0x4028641b, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil}) [ 707.101142][ T5943] Bluetooth: hci5: link tx timeout [ 707.102238][ T5943] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa [ 707.110761][ T5943] Bluetooth: Wrong link type (-22) [ 707.111940][ T5943] Bluetooth: hci4: link tx timeout [ 707.113127][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:47 executing program 3: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0xc4100, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x128, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "d7516bc02d13116e263a928e8771fb3b2a3ca8001c909059"}], @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "f996f9c01955ae5268c9a0a2c0d25620e84165cd8aea70f0"}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "ce7a8cd8e21327b4e156272bba9a2dbe19b3fbc1defe48a1"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "e5573e28c121bcd8fafcf0ba6f442e1003cce9c23eeeab2b"}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}]]}, 0x128}, 0x1, 0x0, 0x0, 0x4}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200080}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r3, 0x10, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x24}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x800) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) 00:11:47 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04"], 0x14) 00:11:47 executing program 5: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0x0, 0x0, 0xc9, 0x6}}}, 0x8) 00:11:47 executing program 0: ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff}) (async) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={0x0}) (async) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000100)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000140)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r0, 0xc01864cd, &(0x7f0000000200)={&(0x7f0000000180)=[r1, 0x0, r2, 0x0, 0x0, r3], &(0x7f00000001c0)=[0x1, 0x7, 0x7, 0x8, 0x3], 0x6, 0x1}) (async) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x440000, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000040)='syz1\x00', 0x1ff) (async) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES32=r5, @ANYRES64=r4], 0x9) (async) r6 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000240), 0x8101, 0x0) ioctl$DRM_IOCTL_RM_MAP(r6, 0x4028641b, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil}) 00:11:47 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0xffffffec}}}, 0x3) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_ext_features={{0x23, 0xd}, {0x20, 0xc8, 0xaf, 0x8, "a21b57f821e7406b"}}}, 0x10) 00:11:47 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000180)={0x0, 0x9}) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x60c280, 0x0) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000226bd7000fbdbdf25550000000800010b6a000000"], 0x1c}}, 0x800) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33", 0x2}}}, 0x1a) [ 707.154369][ T5943] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 707.235760][ T5943] Bluetooth: Wrong link type (-22) [ 707.238695][ T5943] Bluetooth: hci4: link tx timeout [ 707.239772][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:47 executing program 3: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0xc4100, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x128, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "d7516bc02d13116e263a928e8771fb3b2a3ca8001c909059"}], @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "f996f9c01955ae5268c9a0a2c0d25620e84165cd8aea70f0"}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "ce7a8cd8e21327b4e156272bba9a2dbe19b3fbc1defe48a1"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "e5573e28c121bcd8fafcf0ba6f442e1003cce9c23eeeab2b"}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}]]}, 0x128}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x128, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "d7516bc02d13116e263a928e8771fb3b2a3ca8001c909059"}], @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "f996f9c01955ae5268c9a0a2c0d25620e84165cd8aea70f0"}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "ce7a8cd8e21327b4e156272bba9a2dbe19b3fbc1defe48a1"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "e5573e28c121bcd8fafcf0ba6f442e1003cce9c23eeeab2b"}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}]]}, 0x128}, 0x1, 0x0, 0x0, 0x4}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200080}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r3, 0x10, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x24}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x800) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) 00:11:47 executing program 5: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0x0, 0x0, 0x0, 0x6}}}, 0x8) [ 707.259334][ T5943] Bluetooth: hci1: Received unexpected HCI Event 0x00 00:11:47 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060ba300ff"], 0x14) [ 707.284282][ T5943] Bluetooth: Wrong link type (-22) [ 707.285532][ T5943] Bluetooth: hci5: link tx timeout [ 707.286627][ T5943] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:47 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000180)={0x0, 0x9}) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x60c280, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33", 0x2}}}, 0x1a) [ 707.310303][ T5943] Bluetooth: hci1: Malformed LE Event: 0x0b [ 707.320747][ T5943] Bluetooth: Wrong link type (-22) [ 707.321901][ T5943] Bluetooth: Wrong link type (-22) [ 707.323129][ T5943] Bluetooth: hci4: link tx timeout [ 707.324152][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:47 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0xffffffec}}}, 0x3) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_ext_features={{0x23, 0xd}, {0x20, 0xc8, 0xaf, 0x8, "a21b57f821e7406b"}}}, 0x10) 00:11:47 executing program 5: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0x0, 0x0, 0x0, 0x6}}}, 0x8) 00:11:47 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e"], 0x14) [ 707.336195][ T5943] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 707.360179][ T5943] Bluetooth: Wrong link type (-22) [ 707.363114][ T5943] Bluetooth: hci5: link tx timeout [ 707.364210][ T5943] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:47 executing program 3: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0xc4100, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x128, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "d7516bc02d13116e263a928e8771fb3b2a3ca8001c909059"}], @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "f996f9c01955ae5268c9a0a2c0d25620e84165cd8aea70f0"}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "ce7a8cd8e21327b4e156272bba9a2dbe19b3fbc1defe48a1"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "e5573e28c121bcd8fafcf0ba6f442e1003cce9c23eeeab2b"}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}]]}, 0x128}, 0x1, 0x0, 0x0, 0x4}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200080}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r3, 0x10, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x24}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x800) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0xc4100, 0x0) (async) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x128, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "d7516bc02d13116e263a928e8771fb3b2a3ca8001c909059"}], @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "f996f9c01955ae5268c9a0a2c0d25620e84165cd8aea70f0"}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "ce7a8cd8e21327b4e156272bba9a2dbe19b3fbc1defe48a1"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "e5573e28c121bcd8fafcf0ba6f442e1003cce9c23eeeab2b"}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}]]}, 0x128}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) (async) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)={0x50, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"}]}]}, 0x50}}, 0x0) (async) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200080}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r3, 0x10, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x24}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x800) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) 00:11:47 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e"], 0x14) 00:11:47 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000180)={0x0, 0x9}) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33", 0x2}}}, 0x1a) 00:11:47 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e"], 0x14) 00:11:47 executing program 0: ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)) (async) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000100)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000140)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r0, 0xc01864cd, &(0x7f0000000200)={&(0x7f0000000180)=[r1, 0x0, r2, 0x0, 0x0, r3], &(0x7f00000001c0)=[0x1, 0x7, 0x7, 0x8, 0x3], 0x6, 0x1}) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x440000, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000040)='syz1\x00', 0x1ff) (async) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000040)='syz1\x00', 0x1ff) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES32=r5, @ANYRES64=r4], 0x9) (async) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES32=r5, @ANYRES64=r4], 0x9) r6 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000240), 0x8101, 0x0) ioctl$DRM_IOCTL_RM_MAP(r6, 0x4028641b, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil}) (async) ioctl$DRM_IOCTL_RM_MAP(r6, 0x4028641b, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil}) 00:11:47 executing program 4: syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0000002f0c79c4b3cbaefdd765ccc81515199946b6b2af016faf241f57a836f2cf6d004d6f237d88675046b818ca7473ffc65e8c56ccc4209f581cb4d127477467de337e92165c9e2d0c519b58112557b69c016f6dc38f26d7ffc9a959bb665870bb655c6df1c982341cbf85b9d253ee58c33b6e346c843e94934eeedda71ecd6772"], 0x3) [ 707.439682][ T5943] Bluetooth: Wrong link type (-22) [ 707.440919][ T5943] Bluetooth: hci4: link tx timeout [ 707.442022][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 707.447694][ T5943] Bluetooth: Wrong link type (-22) [ 707.448990][ T5943] Bluetooth: hci5: link tx timeout [ 707.450115][ T5943] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa [ 707.455731][ T5943] Bluetooth: Wrong link type (-22) [ 707.456930][ T5943] Bluetooth: hci4: link tx timeout [ 707.457993][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:47 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060ba3"], 0x14) 00:11:47 executing program 5: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0x0, 0x0, 0x0, 0x6}}}, 0x8) [ 707.490393][ T5943] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 707.490434][ T5943] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 707.494346][ T5943] Bluetooth: hci1: Malformed LE Event: 0x0b 00:11:47 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33", 0x2}}}, 0x1a) 00:11:47 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005001708080000dfff0001000000"], 0x15) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000040)={@remote}, &(0x7f0000000080)=0x14) 00:11:47 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e06"], 0x14) [ 707.552913][ T5943] Bluetooth: Wrong link type (-22) [ 707.554175][ T5943] Bluetooth: hci5: link tx timeout [ 707.555350][ T5943] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa [ 707.558096][ T5502] Bluetooth: Wrong link type (-22) [ 707.559342][ T5502] Bluetooth: hci4: link tx timeout [ 707.560532][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:47 executing program 5: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0x0, 0x0, 0xc9}}}, 0x8) 00:11:47 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005001708080000dfff0001000000"], 0x15) (async, rerun: 32) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000040)={@remote}, &(0x7f0000000080)=0x14) (rerun: 32) 00:11:47 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000000), 0x7f, 0x129880) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000600)=[0x57, 0x1, 0x9, 0x9, 0x9d8, 0x8000, 0x6, 0x10001, 0x79, 0x80000001], 0xa, 0x80000, 0x0, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x40, 0x0, 0x300, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xfffffffffffffecf, 0x99, {0x60a, 0x40000048}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x37}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x47}]}, 0x40}, 0x1, 0x0, 0x0, 0x40008890}, 0x10) syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="2c35704904aec8fecb4365d1d90804f8003d5a416dca1a1fcbcf0bf49133da50f0aa9a34c8dfe5cd2cf9d19d71d106098f3bbe75164a4b7b462d4f9c00367a559490911d7f19983767004ca2d0c68b1b6d231b18d60dcb89fa7a0d7f98c6d50a943808fe9c02a7c22f929c892b3665a92a204a716585da3dbb7d45def9da800b53e65ab5e8ee7648ba6e7443d39cf0c73077db7fbffddc820416d6d77d34c44aa6208113aaba3434270a97f433368d322a076758615efeb8fd60239d81980e70839f8f5f2461665a50ac78dbd33413af8081c496a03076f5c4284b6bdb32b2c8103fa302e53eda2f7485c1e024ce9e334d35332d0db104a1f342684e2390023521a9d47ea69f383fb7a5a82c451702197c6574d8d07273975bbdcc2b4f07143ecdd9fea242951581d63cc295115d18a641af832ac67ad5e36e020a64c3b8a4daf5d72e9507c54155d1410ab21c016ad82a626b23d24ae5d2049427b6bcbfb07e7b7cf407adfa5ff956f6c5e1ef06b8589d1613ec9fd13ff247fee0d869edf9d6606d4434040000d038f0e5c4e173a37499453ec5f6620acc4b93312bb28411a45725af017bf7d26e84180500c2f96f56c14db1254f3d8531ab81b16d3951e890cd3ffa330b1d5558a21f7c1f10a66df7df80bbebeeb83f5155405fb0cdcc09d0a4c10cc5aede307bdafedc7569279409a4fd9f5a73432bad441c50db7eb65dc333181e877b2679ad8c351d6f6c40115d363407f4bc4d8d413361d110c717780fd1ed06783134"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x10e}, "7fcfde2c236d06ae6f7d67e49994e9a2ec7fb560b06ad9adab28e40b3adbe251e27e8df03d67bf674a73bf7db23dd76b4d0200000000000000b7491d18c0a6a9b69f5d68cb2c2c6d265a1a36327dbfdafed59d46b23daef4d0b31e7ac4fbee4220143060603f37209076cb6c4e4990602bdf924a11bd710e50fb67a3b00c186e37a17fa8957c2134581e15d6331704a306dd8bf14aafce405d2e59a60871c52a8d4a6acd33b10127d5129fdb6e5ab1c219ee9a0b9a42be927093373300f5ad306493ccbb5d0f60e3e942237f5f4098cbac60278318670fbf2954ae073c674ab9a7c73bb590ca4a5cf3c21ab2b8b5cfe5d273d3c9c5c5aaf50fccacda5be780bcf1cc299ed81ad94b03921a1321c6"}, 0xfffffffffffffdd1) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$IMHOLD_L1(r3, 0x80044948, &(0x7f0000000340)=0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) 00:11:47 executing program 4: syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0000002f0c79c4b3cbaefdd765ccc81515199946b6b2af016faf241f57a836f2cf6d004d6f237d88675046b818ca7473ffc65e8c56ccc4209f581cb4d127477467de337e92165c9e2d0c519b58112557b69c016f6dc38f26d7ffc9a959bb665870bb655c6df1c982341cbf85b9d253ee58c33b6e346c843e94934eeedda71ecd6772"], 0x3) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0000002f0c79c4b3cbaefdd765ccc81515199946b6b2af016faf241f57a836f2cf6d004d6f237d88675046b818ca7473ffc65e8c56ccc4209f581cb4d127477467de337e92165c9e2d0c519b58112557b69c016f6dc38f26d7ffc9a959bb665870bb655c6df1c982341cbf85b9d253ee58c33b6e346c843e94934eeedda71ecd6772"], 0x3) (async) [ 707.637766][ T5943] Bluetooth: Wrong link type (-22) [ 707.639006][ T5943] Bluetooth: Wrong link type (-22) [ 707.640186][ T5943] Bluetooth: Wrong link type (-22) [ 707.641263][ T5943] Bluetooth: Wrong link type (-22) [ 707.642407][ T5943] Bluetooth: Wrong link type (-22) [ 707.643809][ T5943] Bluetooth: Wrong link type (-22) [ 707.644993][ T5943] Bluetooth: Wrong link type (-22) [ 707.646084][ T5943] Bluetooth: Wrong link type (-22) [ 707.647184][ T5943] Bluetooth: Wrong link type (-22) [ 707.648299][ T5943] Bluetooth: Wrong link type (-22) [ 707.649465][ T5943] Bluetooth: Wrong link type (-22) [ 707.651341][ T5943] Bluetooth: Wrong link type (-22) [ 707.652544][ T5943] Bluetooth: Wrong link type (-22) [ 707.653805][ T5943] Bluetooth: Wrong link type (-22) [ 707.654914][ T5943] Bluetooth: Wrong link type (-22) [ 707.655994][ T5943] Bluetooth: Wrong link type (-22) [ 707.657146][ T5943] Bluetooth: Wrong link type (-22) [ 707.658273][ T5943] Bluetooth: Wrong link type (-22) [ 707.659380][ T5943] Bluetooth: Wrong link type (-22) [ 707.660489][ T5943] Bluetooth: Wrong link type (-22) [ 707.661690][ T5943] Bluetooth: Wrong link type (-22) [ 707.663335][ T5943] Bluetooth: Wrong link type (-22) [ 707.664469][ T5943] Bluetooth: Wrong link type (-22) [ 707.665567][ T5943] Bluetooth: Wrong link type (-22) [ 707.666670][ T5943] Bluetooth: Wrong link type (-22) [ 707.667749][ T5943] Bluetooth: Wrong link type (-22) [ 707.668850][ T5943] Bluetooth: Wrong link type (-22) [ 707.669991][ T5943] Bluetooth: Wrong link type (-22) [ 707.671218][ T5943] Bluetooth: Wrong link type (-22) 00:11:47 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e06"], 0x14) [ 707.672287][ T5943] Bluetooth: Wrong link type (-22) [ 707.673569][ T5943] Bluetooth: Wrong link type (-22) [ 707.674755][ T5943] Bluetooth: Wrong link type (-22) [ 707.675858][ T5943] Bluetooth: Wrong link type (-22) [ 707.677060][ T5943] Bluetooth: hci4: link tx timeout [ 707.678185][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:47 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005001708080000dfff0001000000"], 0x15) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000040)={@remote}, &(0x7f0000000080)=0x14) 00:11:47 executing program 1: syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33", 0x2}}}, 0x1a) 00:11:47 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000000), 0x7f, 0x129880) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000600)=[0x57, 0x1, 0x9, 0x9, 0x9d8, 0x8000, 0x6, 0x10001, 0x79, 0x80000001], 0xa, 0x80000, 0x0, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x40, 0x0, 0x300, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xfffffffffffffecf, 0x99, {0x60a, 0x40000048}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x37}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x47}]}, 0x40}, 0x1, 0x0, 0x0, 0x40008890}, 0x10) syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="2c35704904aec8fecb4365d1d90804f8003d5a416dca1a1fcbcf0bf49133da50f0aa9a34c8dfe5cd2cf9d19d71d106098f3bbe75164a4b7b462d4f9c00367a559490911d7f19983767004ca2d0c68b1b6d231b18d60dcb89fa7a0d7f98c6d50a943808fe9c02a7c22f929c892b3665a92a204a716585da3dbb7d45def9da800b53e65ab5e8ee7648ba6e7443d39cf0c73077db7fbffddc820416d6d77d34c44aa6208113aaba3434270a97f433368d322a076758615efeb8fd60239d81980e70839f8f5f2461665a50ac78dbd33413af8081c496a03076f5c4284b6bdb32b2c8103fa302e53eda2f7485c1e024ce9e334d35332d0db104a1f342684e2390023521a9d47ea69f383fb7a5a82c451702197c6574d8d07273975bbdcc2b4f07143ecdd9fea242951581d63cc295115d18a641af832ac67ad5e36e020a64c3b8a4daf5d72e9507c54155d1410ab21c016ad82a626b23d24ae5d2049427b6bcbfb07e7b7cf407adfa5ff956f6c5e1ef06b8589d1613ec9fd13ff247fee0d869edf9d6606d4434040000d038f0e5c4e173a37499453ec5f6620acc4b93312bb28411a45725af017bf7d26e84180500c2f96f56c14db1254f3d8531ab81b16d3951e890cd3ffa330b1d5558a21f7c1f10a66df7df80bbebeeb83f5155405fb0cdcc09d0a4c10cc5aede307bdafedc7569279409a4fd9f5a73432bad441c50db7eb65dc333181e877b2679ad8c351d6f6c40115d363407f4bc4d8d413361d110c717780fd1ed06783134"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x10e}, "7fcfde2c236d06ae6f7d67e49994e9a2ec7fb560b06ad9adab28e40b3adbe251e27e8df03d67bf674a73bf7db23dd76b4d0200000000000000b7491d18c0a6a9b69f5d68cb2c2c6d265a1a36327dbfdafed59d46b23daef4d0b31e7ac4fbee4220143060603f37209076cb6c4e4990602bdf924a11bd710e50fb67a3b00c186e37a17fa8957c2134581e15d6331704a306dd8bf14aafce405d2e59a60871c52a8d4a6acd33b10127d5129fdb6e5ab1c219ee9a0b9a42be927093373300f5ad306493ccbb5d0f60e3e942237f5f4098cbac60278318670fbf2954ae073c674ab9a7c73bb590ca4a5cf3c21ab2b8b5cfe5d273d3c9c5c5aaf50fccacda5be780bcf1cc299ed81ad94b03921a1321c6"}, 0xfffffffffffffdd1) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$IMHOLD_L1(r3, 0x80044948, &(0x7f0000000340)=0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_open_dev$dri(&(0x7f0000000000), 0x7f, 0x129880) (async) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000600)=[0x57, 0x1, 0x9, 0x9, 0x9d8, 0x8000, 0x6, 0x10001, 0x79, 0x80000001], 0xa, 0x80000}) (async) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan0\x00'}) (async) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x40, 0x0, 0x300, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xfffffffffffffecf, 0x99, {0x60a, 0x40000048}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x37}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x47}]}, 0x40}, 0x1, 0x0, 0x0, 0x40008890}, 0x10) (async) syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="2c35704904aec8fecb4365d1d90804f8003d5a416dca1a1fcbcf0bf49133da50f0aa9a34c8dfe5cd2cf9d19d71d106098f3bbe75164a4b7b462d4f9c00367a559490911d7f19983767004ca2d0c68b1b6d231b18d60dcb89fa7a0d7f98c6d50a943808fe9c02a7c22f929c892b3665a92a204a716585da3dbb7d45def9da800b53e65ab5e8ee7648ba6e7443d39cf0c73077db7fbffddc820416d6d77d34c44aa6208113aaba3434270a97f433368d322a076758615efeb8fd60239d81980e70839f8f5f2461665a50ac78dbd33413af8081c496a03076f5c4284b6bdb32b2c8103fa302e53eda2f7485c1e024ce9e334d35332d0db104a1f342684e2390023521a9d47ea69f383fb7a5a82c451702197c6574d8d07273975bbdcc2b4f07143ecdd9fea242951581d63cc295115d18a641af832ac67ad5e36e020a64c3b8a4daf5d72e9507c54155d1410ab21c016ad82a626b23d24ae5d2049427b6bcbfb07e7b7cf407adfa5ff956f6c5e1ef06b8589d1613ec9fd13ff247fee0d869edf9d6606d4434040000d038f0e5c4e173a37499453ec5f6620acc4b93312bb28411a45725af017bf7d26e84180500c2f96f56c14db1254f3d8531ab81b16d3951e890cd3ffa330b1d5558a21f7c1f10a66df7df80bbebeeb83f5155405fb0cdcc09d0a4c10cc5aede307bdafedc7569279409a4fd9f5a73432bad441c50db7eb65dc333181e877b2679ad8c351d6f6c40115d363407f4bc4d8d413361d110c717780fd1ed06783134"], 0x9) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x10e}, "7fcfde2c236d06ae6f7d67e49994e9a2ec7fb560b06ad9adab28e40b3adbe251e27e8df03d67bf674a73bf7db23dd76b4d0200000000000000b7491d18c0a6a9b69f5d68cb2c2c6d265a1a36327dbfdafed59d46b23daef4d0b31e7ac4fbee4220143060603f37209076cb6c4e4990602bdf924a11bd710e50fb67a3b00c186e37a17fa8957c2134581e15d6331704a306dd8bf14aafce405d2e59a60871c52a8d4a6acd33b10127d5129fdb6e5ab1c219ee9a0b9a42be927093373300f5ad306493ccbb5d0f60e3e942237f5f4098cbac60278318670fbf2954ae073c674ab9a7c73bb590ca4a5cf3c21ab2b8b5cfe5d273d3c9c5c5aaf50fccacda5be780bcf1cc299ed81ad94b03921a1321c6"}, 0xfffffffffffffdd1) (async) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) ioctl$IMHOLD_L1(r3, 0x80044948, &(0x7f0000000340)=0x6) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) (async) 00:11:47 executing program 5: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e"], 0x14) 00:11:47 executing program 4: syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0000002f0c79c4b3cbaefdd765ccc81515199946b6b2af016faf241f57a836f2cf6d004d6f237d88675046b818ca7473ffc65e8c56ccc4209f581cb4d127477467de337e92165c9e2d0c519b58112557b69c016f6dc38f26d7ffc9a959bb665870bb655c6df1c982341cbf85b9d253ee58c33b6e346c843e94934eeedda71ecd6772"], 0x3) 00:11:47 executing program 1: syz_emit_vhci(0x0, 0x0) 00:11:47 executing program 5: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e"], 0x14) 00:11:47 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e06"], 0x14) [ 707.765497][ T5943] Bluetooth: Wrong link type (-22) [ 707.766683][ T5943] Bluetooth: hci4: link tx timeout [ 707.767805][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:47 executing program 3: rt_sigaction(0x15, &(0x7f00000000c0)={&(0x7f0000000040)="8c73e00da54e0ca9376b62427b5bb934eba7cfcdcdef4679366ae33e68325c59723f27fc1db296f654219968c580d2a3be19", 0x4, &(0x7f0000000080)="dabe49eb6c7882675bf62b09d0367d42da9d5a329c45956500c86170864d191a3f365f1175407a9bd469b8465a656d5e8578", {[0x4]}}, 0x0, 0x8, &(0x7f0000000100)) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) 00:11:47 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16=0x0], 0x3) 00:11:47 executing program 5: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e"], 0x14) [ 707.828050][ T5943] Bluetooth: Wrong link type (-22) [ 707.829329][ T5943] Bluetooth: hci4: link tx timeout [ 707.830468][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:47 executing program 1: syz_emit_vhci(0x0, 0x0) 00:11:47 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000000), 0x7f, 0x129880) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000600)=[0x57, 0x1, 0x9, 0x9, 0x9d8, 0x8000, 0x6, 0x10001, 0x79, 0x80000001], 0xa, 0x80000}) (async) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000600)=[0x57, 0x1, 0x9, 0x9, 0x9d8, 0x8000, 0x6, 0x10001, 0x79, 0x80000001], 0xa, 0x80000, 0x0, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x40, 0x0, 0x300, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xfffffffffffffecf, 0x99, {0x60a, 0x40000048}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x37}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x47}]}, 0x40}, 0x1, 0x0, 0x0, 0x40008890}, 0x10) syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="2c35704904aec8fecb4365d1d90804f8003d5a416dca1a1fcbcf0bf49133da50f0aa9a34c8dfe5cd2cf9d19d71d106098f3bbe75164a4b7b462d4f9c00367a559490911d7f19983767004ca2d0c68b1b6d231b18d60dcb89fa7a0d7f98c6d50a943808fe9c02a7c22f929c892b3665a92a204a716585da3dbb7d45def9da800b53e65ab5e8ee7648ba6e7443d39cf0c73077db7fbffddc820416d6d77d34c44aa6208113aaba3434270a97f433368d322a076758615efeb8fd60239d81980e70839f8f5f2461665a50ac78dbd33413af8081c496a03076f5c4284b6bdb32b2c8103fa302e53eda2f7485c1e024ce9e334d35332d0db104a1f342684e2390023521a9d47ea69f383fb7a5a82c451702197c6574d8d07273975bbdcc2b4f07143ecdd9fea242951581d63cc295115d18a641af832ac67ad5e36e020a64c3b8a4daf5d72e9507c54155d1410ab21c016ad82a626b23d24ae5d2049427b6bcbfb07e7b7cf407adfa5ff956f6c5e1ef06b8589d1613ec9fd13ff247fee0d869edf9d6606d4434040000d038f0e5c4e173a37499453ec5f6620acc4b93312bb28411a45725af017bf7d26e84180500c2f96f56c14db1254f3d8531ab81b16d3951e890cd3ffa330b1d5558a21f7c1f10a66df7df80bbebeeb83f5155405fb0cdcc09d0a4c10cc5aede307bdafedc7569279409a4fd9f5a73432bad441c50db7eb65dc333181e877b2679ad8c351d6f6c40115d363407f4bc4d8d413361d110c717780fd1ed06783134"], 0x9) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x10e}, "7fcfde2c236d06ae6f7d67e49994e9a2ec7fb560b06ad9adab28e40b3adbe251e27e8df03d67bf674a73bf7db23dd76b4d0200000000000000b7491d18c0a6a9b69f5d68cb2c2c6d265a1a36327dbfdafed59d46b23daef4d0b31e7ac4fbee4220143060603f37209076cb6c4e4990602bdf924a11bd710e50fb67a3b00c186e37a17fa8957c2134581e15d6331704a306dd8bf14aafce405d2e59a60871c52a8d4a6acd33b10127d5129fdb6e5ab1c219ee9a0b9a42be927093373300f5ad306493ccbb5d0f60e3e942237f5f4098cbac60278318670fbf2954ae073c674ab9a7c73bb590ca4a5cf3c21ab2b8b5cfe5d273d3c9c5c5aaf50fccacda5be780bcf1cc299ed81ad94b03921a1321c6"}, 0xfffffffffffffdd1) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x10e}, "7fcfde2c236d06ae6f7d67e49994e9a2ec7fb560b06ad9adab28e40b3adbe251e27e8df03d67bf674a73bf7db23dd76b4d0200000000000000b7491d18c0a6a9b69f5d68cb2c2c6d265a1a36327dbfdafed59d46b23daef4d0b31e7ac4fbee4220143060603f37209076cb6c4e4990602bdf924a11bd710e50fb67a3b00c186e37a17fa8957c2134581e15d6331704a306dd8bf14aafce405d2e59a60871c52a8d4a6acd33b10127d5129fdb6e5ab1c219ee9a0b9a42be927093373300f5ad306493ccbb5d0f60e3e942237f5f4098cbac60278318670fbf2954ae073c674ab9a7c73bb590ca4a5cf3c21ab2b8b5cfe5d273d3c9c5c5aaf50fccacda5be780bcf1cc299ed81ad94b03921a1321c6"}, 0xfffffffffffffdd1) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$IMHOLD_L1(r3, 0x80044948, &(0x7f0000000340)=0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) 00:11:47 executing program 5: 00:11:47 executing program 3: rt_sigaction(0x15, &(0x7f00000000c0)={&(0x7f0000000040)="8c73e00da54e0ca9376b62427b5bb934eba7cfcdcdef4679366ae33e68325c59723f27fc1db296f654219968c580d2a3be19", 0x4, &(0x7f0000000080)="dabe49eb6c7882675bf62b09d0367d42da9d5a329c45956500c86170864d191a3f365f1175407a9bd469b8465a656d5e8578", {[0x4]}}, 0x0, 0x8, &(0x7f0000000100)) (async) rt_sigaction(0x15, &(0x7f00000000c0)={&(0x7f0000000040)="8c73e00da54e0ca9376b62427b5bb934eba7cfcdcdef4679366ae33e68325c59723f27fc1db296f654219968c580d2a3be19", 0x4, &(0x7f0000000080)="dabe49eb6c7882675bf62b09d0367d42da9d5a329c45956500c86170864d191a3f365f1175407a9bd469b8465a656d5e8578", {[0x4]}}, 0x0, 0x8, &(0x7f0000000100)) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) 00:11:47 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060b"], 0x14) 00:11:47 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16=0x0], 0x3) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16=0x0], 0x3) (async) 00:11:47 executing program 0: setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, &(0x7f0000000000)='}\x89\x00', 0x3) setsockopt$RXRPC_MIN_SECURITY_LEVEL(0xffffffffffffffff, 0x110, 0x4, &(0x7f0000000080)=0x2, 0x4) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) 00:11:47 executing program 1: syz_emit_vhci(0x0, 0x0) [ 707.924905][ T5943] Bluetooth: Wrong link type (-22) [ 707.926122][ T5943] Bluetooth: hci4: link tx timeout [ 707.927196][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:47 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16=0x0], 0x3) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16=0x0], 0x3) (async) 00:11:47 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060b"], 0x14) 00:11:47 executing program 5: 00:11:47 executing program 3: rt_sigaction(0x15, &(0x7f00000000c0)={&(0x7f0000000040)="8c73e00da54e0ca9376b62427b5bb934eba7cfcdcdef4679366ae33e68325c59723f27fc1db296f654219968c580d2a3be19", 0x4, &(0x7f0000000080)="dabe49eb6c7882675bf62b09d0367d42da9d5a329c45956500c86170864d191a3f365f1175407a9bd469b8465a656d5e8578", {[0x4]}}, 0x0, 0x8, &(0x7f0000000100)) (async, rerun: 32) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (rerun: 32) [ 707.988651][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 00:11:47 executing program 5: 00:11:48 executing program 0: setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, &(0x7f0000000000)='}\x89\x00', 0x3) setsockopt$RXRPC_MIN_SECURITY_LEVEL(0xffffffffffffffff, 0x110, 0x4, &(0x7f0000000080)=0x2, 0x4) (async) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) 00:11:48 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04ed543d4c0e222780180644700a3822211c2cdf43f88dea138c2ddf006f9fef097b80978850a0af4fb56da5dda7a0e95c9db6b03858ee77b256382b536e31957d1048247b82dcb09a594f975b1da3c7ca4ad5c29c41e74516f45f8836f8aa9cc5037f5cb0fe5bb3c79f7c9d4e509fb06d2d4d07fc4910469d"], 0x3) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r0, 0x19) r1 = add_key$fscrypt_provisioning(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000140)={0x2, 0x0, @c}, 0x29, 0xfffffffffffffff8) r2 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r2, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000200)='ceph\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0xfffffffffffffee9, r2) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x3a) 00:11:48 executing program 5: syz_emit_vhci(0x0, 0x14) 00:11:48 executing program 1: syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33"}}}, 0x1a) 00:11:48 executing program 2: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e060b"], 0x14) [ 708.084497][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 708.088752][ T5943] Bluetooth: Wrong link type (-22) [ 708.090068][ T5943] Bluetooth: Wrong link type (-22) [ 708.091271][ T5943] Bluetooth: Wrong link type (-22) [ 708.092376][ T5943] Bluetooth: Wrong link type (-22) [ 708.094179][ T5943] Bluetooth: Wrong link type (-22) [ 708.095357][ T5943] Bluetooth: Wrong link type (-22) [ 708.096547][ T5943] Bluetooth: Wrong link type (-22) [ 708.097682][ T5943] Bluetooth: Wrong link type (-22) [ 708.098847][ T5943] Bluetooth: Wrong link type (-22) [ 708.100052][ T5943] Bluetooth: Wrong link type (-22) [ 708.101147][ T5943] Bluetooth: Wrong link type (-22) [ 708.102298][ T5943] Bluetooth: Wrong link type (-22) [ 708.103908][ T5943] Bluetooth: Wrong link type (-22) [ 708.105084][ T5943] Bluetooth: Wrong link type (-22) [ 708.106205][ T5943] Bluetooth: Wrong link type (-22) [ 708.107371][ T5943] Bluetooth: Wrong link type (-22) [ 708.108516][ T5943] Bluetooth: Wrong link type (-22) [ 708.110151][ T5943] Bluetooth: Wrong link type (-22) [ 708.111235][ T5943] Bluetooth: Wrong link type (-22) [ 708.112335][ T5943] Bluetooth: Wrong link type (-22) [ 708.113618][ T5943] Bluetooth: Wrong link type (-22) [ 708.114672][ T5943] Bluetooth: Wrong link type (-22) [ 708.115773][ T5943] Bluetooth: Wrong link type (-22) [ 708.116886][ T5943] Bluetooth: Wrong link type (-22) [ 708.117991][ T5943] Bluetooth: Wrong link type (-22) [ 708.119106][ T5943] Bluetooth: Wrong link type (-22) [ 708.120266][ T5943] Bluetooth: Wrong link type (-22) [ 708.121384][ T5943] Bluetooth: Wrong link type (-22) [ 708.122469][ T5943] Bluetooth: Wrong link type (-22) [ 708.123645][ T5943] Bluetooth: Wrong link type (-22) [ 708.124799][ T5943] Bluetooth: Wrong link type (-22) [ 708.125943][ T5943] Bluetooth: Wrong link type (-22) [ 708.127050][ T5943] Bluetooth: Wrong link type (-22) 00:11:48 executing program 0: setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, &(0x7f0000000000)='}\x89\x00', 0x3) setsockopt$RXRPC_MIN_SECURITY_LEVEL(0xffffffffffffffff, 0x110, 0x4, &(0x7f0000000080)=0x2, 0x4) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) (async) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) [ 708.128225][ T5943] Bluetooth: hci4: link tx timeout 00:11:48 executing program 5: syz_emit_vhci(0x0, 0x14) [ 708.129311][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:48 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0xff, 0x4}, {0x101, 0xd29}}}}, 0x11) [ 708.150792][ T5943] [ 708.151355][ T5943] ===================================== [ 708.152508][ T5943] WARNING: bad unlock balance detected! [ 708.153756][ T5943] 6.3.0-rc7-syzkaller-g14f8db1c0f9a #0 Not tainted [ 708.155202][ T5943] ------------------------------------- [ 708.156377][ T5943] kworker/u5:2/5943 is trying to release lock (&conn->chan_lock) at: [ 708.158171][ T5943] [] l2cap_disconnect_rsp+0x210/0x30c [ 708.159767][ T5943] but there are no more locks to release! [ 708.161034][ T5943] [ 708.161034][ T5943] other info that might help us debug this: [ 708.162815][ T5943] 2 locks held by kworker/u5:2/5943: [ 708.163936][ T5943] #0: ffff0000df032938 ((wq_completion)hci4#2){+.+.}-{0:0}, at: process_one_work+0x664/0x12d4 [ 708.166403][ T5943] #1: ffff80001e647c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6a8/0x12d4 [ 708.168946][ T5943] [ 708.168946][ T5943] stack backtrace: 00:11:48 executing program 1: syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33"}}}, 0x1a) [ 708.170214][ T5943] CPU: 1 PID: 5943 Comm: kworker/u5:2 Not tainted 6.3.0-rc7-syzkaller-g14f8db1c0f9a #0 [ 708.172334][ T5943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 708.174475][ T5943] Workqueue: hci4 hci_rx_work [ 708.175490][ T5943] Call trace: [ 708.176188][ T5943] dump_backtrace+0x1b8/0x1e4 [ 708.177154][ T5943] show_stack+0x2c/0x44 [ 708.178044][ T5943] dump_stack_lvl+0xd0/0x124 [ 708.179160][ T5943] dump_stack+0x1c/0x28 [ 708.180099][ T5943] print_unlock_imbalance_bug+0x250/0x2a4 00:11:48 executing program 2: syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33"}}}, 0x1a) [ 708.181391][ T5943] lock_release+0x4ac/0x9ac [ 708.182350][ T5943] __mutex_unlock_slowpath+0xe0/0x6b4 [ 708.182744][ T5502] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 708.183551][ T5943] mutex_unlock+0x18/0x24 [ 708.183569][ T5943] l2cap_disconnect_rsp+0x210/0x30c [ 708.183584][ T5943] l2cap_recv_frame+0x18b4/0x6a14 [ 708.183596][ T5943] l2cap_recv_acldata+0x4f4/0x163c 00:11:48 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04ed543d4c0e222780180644700a3822211c2cdf43f88dea138c2ddf006f9fef097b80978850a0af4fb56da5dda7a0e95c9db6b03858ee77b256382b536e31957d1048247b82dcb09a594f975b1da3c7ca4ad5c29c41e74516f45f8836f8aa9cc5037f5cb0fe5bb3c79f7c9d4e509fb06d2d4d07fc4910469d"], 0x3) (async) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r0, 0x19) (async) r1 = add_key$fscrypt_provisioning(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000140)={0x2, 0x0, @c}, 0x29, 0xfffffffffffffff8) (async) r2 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r2, 0xffffffffffffffff, 0x0) (async) add_key(&(0x7f0000000200)='ceph\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0xfffffffffffffee9, r2) (async) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x3a) [ 708.183609][ T5943] hci_rx_work+0x2cc/0x8b8 [ 708.183618][ T5943] process_one_work+0x788/0x12d4 [ 708.183629][ T5943] worker_thread+0x8e0/0xfe8 [ 708.183639][ T5943] kthread+0x250/0x2d8 [ 708.185486][ T5502] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 708.186151][ T5943] ret_from_fork+0x10/0x20 00:11:48 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0xff, 0x4}, {0x101, 0xd29}}}}, 0x11) 00:11:48 executing program 5: syz_emit_vhci(0x0, 0x14) 00:11:48 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0xff, 0x4}, {0x101, 0xd29}}}}, 0x11) 00:11:48 executing program 0: ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, &(0x7f0000000180)={0x0, &(0x7f0000000140)=""/61}) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = memfd_create(&(0x7f0000000000)='{\x00', 0x2) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000080)={0x1, 0x6, [{0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffc000}, {r1, 0x0, 0x0, 0xffffb000}, {0xffffffffffffffff, 0x0, 0x4000, 0x1000}, {r2, 0x0, 0xfffff000, 0x8000}, {0xffffffffffffffff, 0x0, 0x100000000, 0x1000000000000}, {r3, 0x0, 0x0, 0x1000}]}) 00:11:48 executing program 3: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x2, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) [ 708.251037][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 00:11:48 executing program 1: syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33"}}}, 0x1a) 00:11:48 executing program 3: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x2, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) 00:11:48 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04ed543d4c0e222780180644700a3822211c2cdf43f88dea138c2ddf006f9fef097b80978850a0af4fb56da5dda7a0e95c9db6b03858ee77b256382b536e31957d1048247b82dcb09a594f975b1da3c7ca4ad5c29c41e74516f45f8836f8aa9cc5037f5cb0fe5bb3c79f7c9d4e509fb06d2d4d07fc4910469d"], 0x3) (async) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r0, 0x19) r1 = add_key$fscrypt_provisioning(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000140)={0x2, 0x0, @c}, 0x29, 0xfffffffffffffff8) r2 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r2, 0xffffffffffffffff, 0x0) (async) add_key(&(0x7f0000000200)='ceph\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0xfffffffffffffee9, r2) (async) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x3a) 00:11:48 executing program 2: syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33"}}}, 0x1a) 00:11:48 executing program 5: syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x14) 00:11:48 executing program 1: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x2, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) 00:11:48 executing program 0: ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, &(0x7f0000000180)={0x0, &(0x7f0000000140)=""/61}) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = memfd_create(&(0x7f0000000000)='{\x00', 0x2) (async) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000080)={0x1, 0x6, [{0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffc000}, {r1, 0x0, 0x0, 0xffffb000}, {0xffffffffffffffff, 0x0, 0x4000, 0x1000}, {r2, 0x0, 0xfffff000, 0x8000}, {0xffffffffffffffff, 0x0, 0x100000000, 0x1000000000000}, {r3, 0x0, 0x0, 0x1000}]}) 00:11:48 executing program 3: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x2, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x2, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) [ 708.326497][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 00:11:48 executing program 5: syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x14) 00:11:48 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04abac29b78aaaaa11"], 0x9) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000000c0), 0x840, 0x0) mkdirat$cgroup(r0, &(0x7f0000000080)='syz1\x00', 0x1ff) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000040)={0x7, "6a19afc3a6b855bc2a0d034702e248c2c401d28898a9cc9e89e3fcf6867ef487"}) 00:11:48 executing program 2: syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@any, "1ee5c5b2ab86127d5fdc5b1d5187ea33"}}}, 0x1a) 00:11:48 executing program 0: ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, &(0x7f0000000180)={0x0, &(0x7f0000000140)=""/61}) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) (async) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) r1 = memfd_create(&(0x7f0000000000)='{\x00', 0x2) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000080)={0x1, 0x6, [{0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffc000}, {r1, 0x0, 0x0, 0xffffb000}, {0xffffffffffffffff, 0x0, 0x4000, 0x1000}, {r2, 0x0, 0xfffff000, 0x8000}, {0xffffffffffffffff, 0x0, 0x100000000, 0x1000000000000}, {r3, 0x0, 0x0, 0x1000}]}) 00:11:48 executing program 1: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x2, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) 00:11:48 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04abac29b78aaaaa11"], 0x9) (async) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000000c0), 0x840, 0x0) mkdirat$cgroup(r0, &(0x7f0000000080)='syz1\x00', 0x1ff) (async) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000040)={0x7, "6a19afc3a6b855bc2a0d034702e248c2c401d28898a9cc9e89e3fcf6867ef487"}) 00:11:48 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) [ 708.380870][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 00:11:48 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04abac29b78aaaaa11"], 0x9) (async) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04abac29b78aaaaa11"], 0x9) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000000c0), 0x840, 0x0) mkdirat$cgroup(r0, &(0x7f0000000080)='syz1\x00', 0x1ff) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000040)={0x7, "6a19afc3a6b855bc2a0d034702e248c2c401d28898a9cc9e89e3fcf6867ef487"}) 00:11:48 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[0x7, 0x81, 0x1, 0x0, 0x1, 0x8, 0xfff], 0x7, 0x80800, 0x0, 0xffffffffffffffff}) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x0, 0x1, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000000}, 0x4008001) 00:11:48 executing program 2: [ 708.406287][ T5943] Bluetooth: Wrong link type (-22) [ 708.407507][ T5943] Bluetooth: hci4: link tx timeout 00:11:48 executing program 1: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x2, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) [ 708.408551][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:48 executing program 5: syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x14) 00:11:48 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f0000000000)=0x4) 00:11:48 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) (async) 00:11:48 executing program 5: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB], 0x14) 00:11:48 executing program 2: [ 708.458194][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 708.462362][ T5943] Bluetooth: Wrong link type (-22) [ 708.463894][ T5943] Bluetooth: hci4: link tx timeout [ 708.464954][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:48 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[0x7, 0x81, 0x1, 0x0, 0x1, 0x8, 0xfff], 0x7, 0x80800, 0x0, 0xffffffffffffffff}) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x0, 0x1, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000000}, 0x4008001) (async) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x0, 0x1, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000000}, 0x4008001) 00:11:48 executing program 1: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x2, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) 00:11:48 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f0000000000)=0x4) [ 708.482334][ T5943] Bluetooth: Wrong link type (-22) 00:11:48 executing program 5: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB], 0x14) [ 708.484205][ T5943] Bluetooth: hci4: link tx timeout [ 708.485373][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:48 executing program 2: 00:11:48 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) [ 708.517770][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 00:11:48 executing program 1: [ 708.528073][ T5943] Bluetooth: Wrong link type (-22) [ 708.529341][ T5943] Bluetooth: hci4: link tx timeout [ 708.530491][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:48 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0xa000, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_RW(0xffffffffffffffff, 0x3ba0, &(0x7f00000000c0)={0x38, 0x8, r0, 0x0, 0x80, 0x15, &(0x7f0000000080)="fba6a4d204c6bbd04e0508c3bf7508c5766a7fd19c", 0x4}) [ 708.548249][ T5943] Bluetooth: Wrong link type (-22) [ 708.549407][ T5943] Bluetooth: hci4: link tx timeout [ 708.550553][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:48 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f0000000000)=0x4) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) (async) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f0000000000)=0x4) (async) 00:11:48 executing program 2: syz_emit_vhci(0x0, 0x0) 00:11:48 executing program 5: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB], 0x14) 00:11:48 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[0x7, 0x81, 0x1, 0x0, 0x1, 0x8, 0xfff], 0x7, 0x80800, 0x0, 0xffffffffffffffff}) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x0, 0x1, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000000}, 0x4008001) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x9) (async) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[0x7, 0x81, 0x1, 0x0, 0x1, 0x8, 0xfff], 0x7, 0x80800}) (async) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x0, 0x1, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000000}, 0x4008001) (async) 00:11:48 executing program 1: 00:11:48 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0xa000, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_RW(0xffffffffffffffff, 0x3ba0, &(0x7f00000000c0)={0x38, 0x8, r0, 0x0, 0x80, 0x15, &(0x7f0000000080)="fba6a4d204c6bbd04e0508c3bf7508c5766a7fd19c", 0x4}) [ 708.579294][ T5943] Bluetooth: Wrong link type (-22) [ 708.580526][ T5943] Bluetooth: hci4: link tx timeout [ 708.581558][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 708.585881][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 708.587372][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 00:11:48 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0xa000, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_RW(0xffffffffffffffff, 0x3ba0, &(0x7f00000000c0)={0x38, 0x8, r0, 0x0, 0x80, 0x15, &(0x7f0000000080)="fba6a4d204c6bbd04e0508c3bf7508c5766a7fd19c", 0x4}) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0xa000, 0x0) (async) ioctl$IOMMU_TEST_OP_ACCESS_RW(0xffffffffffffffff, 0x3ba0, &(0x7f00000000c0)={0x38, 0x8, r0, 0x0, 0x80, 0x15, &(0x7f0000000080)="fba6a4d204c6bbd04e0508c3bf7508c5766a7fd19c", 0x4}) (async) 00:11:48 executing program 1: 00:11:48 executing program 5: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04"], 0x14) [ 708.615869][ T5943] Bluetooth: Wrong link type (-22) [ 708.616967][ T5943] Bluetooth: hci4: link tx timeout [ 708.618037][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 708.620933][ T5943] Bluetooth: Wrong link type (-22) 00:11:48 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f00000000c0)=ANY=[], 0x11) [ 708.622455][ T5943] Bluetooth: hci4: link tx timeout [ 708.624027][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:48 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_stack_internal={{0xfd, 0xfa}, {0x1, "8aa1f3e29ac5cc2befac55742d0935010e173f1d0cb5bc13c28a345b842dffd6e0ec32661dfdd86f13bfde17497cb703eac284b31af696829346489cf4791808be287e9e57bcd805d87c3835c91f42b6448c42eeee60f49031b434f119927cc04788a10ec1f8a76ccb0269109dff79da971e19f07660932b9f1c4a422f8a7d1e79080639031e097351408f68495905abb1c26451813c6681adcf5f2c5c80949708a3dfa7328a0b2cf2fbe97cdbeb542176b87eda3665832693366073bd4a94ab4ad33cbdceecbcbf09929b732d689188d6aaf77e02f14d5b9276aed2d34228b3a865bb5d879a7cb7e26d53ae8dd0cab2fc01dbbf552c8eea"}}}, 0xfd) 00:11:48 executing program 2: syz_emit_vhci(0x0, 0x0) 00:11:48 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_stack_internal={{0xfd, 0xfa}, {0x1, "8aa1f3e29ac5cc2befac55742d0935010e173f1d0cb5bc13c28a345b842dffd6e0ec32661dfdd86f13bfde17497cb703eac284b31af696829346489cf4791808be287e9e57bcd805d87c3835c91f42b6448c42eeee60f49031b434f119927cc04788a10ec1f8a76ccb0269109dff79da971e19f07660932b9f1c4a422f8a7d1e79080639031e097351408f68495905abb1c26451813c6681adcf5f2c5c80949708a3dfa7328a0b2cf2fbe97cdbeb542176b87eda3665832693366073bd4a94ab4ad33cbdceecbcbf09929b732d689188d6aaf77e02f14d5b9276aed2d34228b3a865bb5d879a7cb7e26d53ae8dd0cab2fc01dbbf552c8eea"}}}, 0xfd) [ 708.644882][ T5943] Bluetooth: hci3: Received unexpected HCI Event 0x00 00:11:48 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x2f, 0x1b, 0x40, 0x5, 0x50, @private0, @rand_addr=' \x01\x00', 0x8000, 0x10, 0x5, 0x2}}) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@bloom_filter={0x1e, 0x9, 0x2, 0x1, 0x0, 0x1, 0xd1d, '\x00', r0, 0xffffffffffffffff, 0x3, 0x3, 0x3, 0x3}, 0x48) 00:11:48 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f00000000c0)=ANY=[], 0x11) 00:11:48 executing program 5: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04"], 0x14) 00:11:48 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async, rerun: 64) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (rerun: 64) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) (async, rerun: 32) syz_emit_vhci(&(0x7f00000000c0)=ANY=[], 0x11) (rerun: 32) 00:11:48 executing program 1: syz_emit_vhci(0x0, 0x0) 00:11:48 executing program 2: syz_emit_vhci(0x0, 0x0) 00:11:48 executing program 1: syz_emit_vhci(0x0, 0x0) 00:11:48 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_stack_internal={{0xfd, 0xfa}, {0x1, "8aa1f3e29ac5cc2befac55742d0935010e173f1d0cb5bc13c28a345b842dffd6e0ec32661dfdd86f13bfde17497cb703eac284b31af696829346489cf4791808be287e9e57bcd805d87c3835c91f42b6448c42eeee60f49031b434f119927cc04788a10ec1f8a76ccb0269109dff79da971e19f07660932b9f1c4a422f8a7d1e79080639031e097351408f68495905abb1c26451813c6681adcf5f2c5c80949708a3dfa7328a0b2cf2fbe97cdbeb542176b87eda3665832693366073bd4a94ab4ad33cbdceecbcbf09929b732d689188d6aaf77e02f14d5b9276aed2d34228b3a865bb5d879a7cb7e26d53ae8dd0cab2fc01dbbf552c8eea"}}}, 0xfd) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) (async) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_stack_internal={{0xfd, 0xfa}, {0x1, "8aa1f3e29ac5cc2befac55742d0935010e173f1d0cb5bc13c28a345b842dffd6e0ec32661dfdd86f13bfde17497cb703eac284b31af696829346489cf4791808be287e9e57bcd805d87c3835c91f42b6448c42eeee60f49031b434f119927cc04788a10ec1f8a76ccb0269109dff79da971e19f07660932b9f1c4a422f8a7d1e79080639031e097351408f68495905abb1c26451813c6681adcf5f2c5c80949708a3dfa7328a0b2cf2fbe97cdbeb542176b87eda3665832693366073bd4a94ab4ad33cbdceecbcbf09929b732d689188d6aaf77e02f14d5b9276aed2d34228b3a865bb5d879a7cb7e26d53ae8dd0cab2fc01dbbf552c8eea"}}}, 0xfd) (async) [ 708.706960][ T5943] Bluetooth: Wrong link type (-22) [ 708.708234][ T5943] Bluetooth: hci4: link tx timeout [ 708.709310][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 708.718998][ T5943] Bluetooth: hci3: Received unexpected HCI Event 0x00 00:11:48 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x2f, 0x1b, 0x40, 0x5, 0x50, @private0, @rand_addr=' \x01\x00', 0x8000, 0x10, 0x5, 0x2}}) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@bloom_filter={0x1e, 0x9, 0x2, 0x1, 0x0, 0x1, 0xd1d, '\x00', r0, 0xffffffffffffffff, 0x3, 0x3, 0x3, 0x3}, 0x48) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x2f, 0x1b, 0x40, 0x5, 0x50, @private0, @rand_addr=' \x01\x00', 0x8000, 0x10, 0x5, 0x2}}) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@bloom_filter={0x1e, 0x9, 0x2, 0x1, 0x0, 0x1, 0xd1d, '\x00', r0, 0xffffffffffffffff, 0x3, 0x3, 0x3, 0x3}, 0x48) (async) 00:11:48 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x4a00, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x9) 00:11:48 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x4a00, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x9) 00:11:48 executing program 5: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04"], 0x14) 00:11:48 executing program 1: syz_emit_vhci(0x0, 0x0) 00:11:48 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x4a00, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x9) [ 708.778354][ T5943] Bluetooth: Wrong link type (-22) 00:11:48 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00'], 0x3) pipe2$9p(&(0x7f0000000040), 0x90880) pipe2$watch_queue(&(0x7f0000000080), 0x80) [ 708.779582][ T5943] Bluetooth: hci4: link tx timeout [ 708.780727][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 708.791063][ T5943] Bluetooth: Wrong link type (-22) [ 708.792241][ T5943] Bluetooth: hci4: link tx timeout [ 708.793461][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 708.795056][ T5502] Bluetooth: hci3: Received unexpected HCI Event 0x00 00:11:48 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x4a00, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x9) 00:11:48 executing program 1: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x1, 0x2, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) 00:11:48 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x2f, 0x1b, 0x40, 0x5, 0x50, @private0, @rand_addr=' \x01\x00', 0x8000, 0x10, 0x5, 0x2}}) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@bloom_filter={0x1e, 0x9, 0x2, 0x1, 0x0, 0x1, 0xd1d, '\x00', r0, 0xffffffffffffffff, 0x3, 0x3, 0x3, 0x3}, 0x48) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x2f, 0x1b, 0x40, 0x5, 0x50, @private0, @rand_addr=' \x01\x00', 0x8000, 0x10, 0x5, 0x2}}) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@bloom_filter={0x1e, 0x9, 0x2, 0x1, 0x0, 0x1, 0xd1d, '\x00', r0, 0xffffffffffffffff, 0x3, 0x3, 0x3, 0x3}, 0x48) (async) [ 708.817819][ T5502] Bluetooth: hci5: ACL packet for unknown connection handle 0 00:11:48 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x4a00, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x9) 00:11:48 executing program 1: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x1, 0x2, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) [ 708.836391][ T5502] Bluetooth: hci5: ACL packet for unknown connection handle 0 [ 708.840379][ T5502] Bluetooth: Wrong link type (-22) [ 708.841644][ T5502] Bluetooth: Wrong link type (-22) [ 708.842992][ T5502] Bluetooth: hci4: link tx timeout [ 708.844121][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:48 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00'], 0x3) (async) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00'], 0x3) pipe2$9p(&(0x7f0000000040), 0x90880) pipe2$watch_queue(&(0x7f0000000080), 0x80) 00:11:48 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x1, 0x2, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) 00:11:48 executing program 0: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="f3fd9a09224d7c4ac000f508f062f7c66bdaab887148441c0088bf2814a85dbb719d56141578779fa877a669e9a9ffad2fde40c9427ad8bf13dd6eab7baede46d8354ebf661c0abff3511340a9079f"], 0x9) 00:11:48 executing program 1: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x1, 0x2, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) [ 708.872708][ T5502] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:48 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x4a00, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x9) 00:11:48 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x5, 0x4) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) socketpair(0x10, 0x1, 0x81, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000004900000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) sendmsg$NL80211_CMD_TDLS_MGMT(r2, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x40, r4, 0x400, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6e, 0x35}}}}, [@NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x8}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x401}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x44040) 00:11:48 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00'], 0x3) (async) pipe2$9p(&(0x7f0000000040), 0x90880) (async) pipe2$watch_queue(&(0x7f0000000080), 0x80) 00:11:48 executing program 0: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="f3fd9a09224d7c4ac000f508f062f7c66bdaab887148441c0088bf2814a85dbb719d56141578779fa877a669e9a9ffad2fde40c9427ad8bf13dd6eab7baede46d8354ebf661c0abff3511340a9079f"], 0x9) [ 708.897139][ T5502] Bluetooth: hci5: ACL packet for unknown connection handle 0 00:11:48 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x1, 0x2, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) [ 708.921636][ T5502] Bluetooth: Wrong link type (-22) [ 708.923037][ T5502] Bluetooth: hci4: link tx timeout 00:11:48 executing program 2: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x4a00, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) 00:11:48 executing program 1: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x2, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) [ 708.924170][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:48 executing program 0: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="f3fd9a09224d7c4ac000f508f062f7c66bdaab887148441c0088bf2814a85dbb719d56141578779fa877a669e9a9ffad2fde40c9427ad8bf13dd6eab7baede46d8354ebf661c0abff3511340a9079f"], 0x9) [ 708.957194][ T5502] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:48 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async, rerun: 32) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x5, 0x4) (async, rerun: 32) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) (async) socketpair(0x10, 0x1, 0x81, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) (async, rerun: 32) r3 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000004900000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) (async, rerun: 64) sendmsg$NL80211_CMD_TDLS_MGMT(r2, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x40, r4, 0x400, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6e, 0x35}}}}, [@NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x8}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x401}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x44040) (rerun: 64) 00:11:48 executing program 4: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000000)) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRES32=r1, @ANYRES8, @ANYRESHEX, @ANYRESDEC=0x0], 0x3) 00:11:48 executing program 0: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16], 0x9) 00:11:48 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x1, 0x2, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) 00:11:48 executing program 1: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) [ 709.003045][ T5502] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 709.003483][ T5943] Bluetooth: Wrong link type (-22) [ 709.005855][ T5943] Bluetooth: hci4: link tx timeout [ 709.006977][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:48 executing program 2: mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000001080)='syz1\x00', 0x1ff) 00:11:49 executing program 0: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16], 0x9) [ 709.017133][ T5943] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:49 executing program 4: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000000)) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRES32=r1, @ANYRES8, @ANYRESHEX, @ANYRESDEC=0x0], 0x3) 00:11:49 executing program 2: mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) 00:11:49 executing program 0: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16], 0x9) 00:11:49 executing program 5: 00:11:49 executing program 1: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) [ 709.076363][ T5943] Bluetooth: hci2: Received unexpected HCI Event 0x00 00:11:49 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x5, 0x4) (async) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) (async) socketpair(0x10, 0x1, 0x81, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000dc0)={&(0x7f0000000b00), 0xc, &(0x7f0000000d80)={&(0x7f0000000b80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000004900000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900000000000000000028007a8024000100740b49178ceded45cc67313c86a887ca62a8567c060d47ce0fcbedb50789f73c"], 0x50}}, 0x0) (async) sendmsg$NL80211_CMD_TDLS_MGMT(r2, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x40, r4, 0x400, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6e, 0x35}}}}, [@NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x8}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x401}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x44040) 00:11:49 executing program 5: 00:11:49 executing program 2: mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) 00:11:49 executing program 1: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) 00:11:49 executing program 4: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000000)) (async) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRES32=r1, @ANYRES8, @ANYRESHEX, @ANYRESDEC=0x0], 0x3) 00:11:49 executing program 0: gettid() syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040587f100000000385f5c1988729d"], 0x9) 00:11:49 executing program 5: 00:11:49 executing program 1: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x2, 0x16}, @l2cap_cid_signaling={{0x12}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}]}}, 0x1b) [ 709.131516][ T5943] Bluetooth: hci2: Received unexpected HCI Event 0x00 00:11:49 executing program 2: mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) [ 709.134595][ T5943] Bluetooth: Wrong link type (-22) [ 709.135840][ T5943] Bluetooth: hci4: link tx timeout [ 709.136914][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:49 executing program 5: syz_emit_vhci(0x0, 0x0) 00:11:49 executing program 1: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x2, 0xa}, @l2cap_cid_signaling={{0x6}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}]}}, 0xf) 00:11:49 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005051708080200e8ff5100000000"], 0x15) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_reconf_req={{0x19, 0x4, 0xa}, {0x41ab, 0x9, [0x400, 0x1, 0x20]}}}}, 0x17) 00:11:49 executing program 4: socket$inet6(0xa, 0x3, 0x3) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) 00:11:49 executing program 0: gettid() (async) gettid() syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040587f100000000385f5c1988729d"], 0x9) 00:11:49 executing program 5: syz_emit_vhci(0x0, 0x0) [ 709.140197][ T5943] Bluetooth: hci0: unexpected event 0x05 length: 6 > 4 [ 709.200673][ T5943] Bluetooth: Wrong link type (-22) [ 709.203638][ T5943] Bluetooth: hci4: link tx timeout [ 709.204734][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:49 executing program 1: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x2, 0x4}}, 0x9) 00:11:49 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005051708080200e8ff5100000000"], 0x15) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_reconf_req={{0x19, 0x4, 0xa}, {0x41ab, 0x9, [0x400, 0x1, 0x20]}}}}, 0x17) 00:11:49 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005051708080200e8ff5100000000"], 0x15) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_reconf_req={{0x19, 0x4, 0xa}, {0x41ab, 0x9, [0x400, 0x1, 0x20]}}}}, 0x17) [ 709.209200][ T5943] Bluetooth: hci0: unexpected event 0x05 length: 6 > 4 [ 709.226351][ T5943] Bluetooth: Wrong link type (-22) [ 709.228920][ T5943] Bluetooth: hci4: link tx timeout 00:11:49 executing program 5: syz_emit_vhci(0x0, 0x0) [ 709.230054][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:49 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005051708080200e8ff5100000000"], 0x15) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_reconf_req={{0x19, 0x4, 0xa}, {0x41ab, 0x9, [0x400, 0x1, 0x20]}}}}, 0x17) [ 709.261368][ T5943] Bluetooth: Unexpected start frame (len 16) [ 709.262679][ T5943] Bluetooth: Wrong link type (-22) 00:11:49 executing program 4: socket$inet6(0xa, 0x3, 0x3) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) 00:11:49 executing program 0: gettid() syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040587f100000000385f5c1988729d"], 0x9) gettid() (async) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040587f100000000385f5c1988729d"], 0x9) (async) 00:11:49 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x2, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) [ 709.281426][ T5943] Bluetooth: Wrong link type (-22) [ 709.282735][ T5943] Bluetooth: hci4: link tx timeout [ 709.283854][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:49 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005051708080200e8ff5100000000"], 0x15) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_reconf_req={{0x19, 0x4, 0xa}, {0x41ab, 0x9, [0x400, 0x1, 0x20]}}}}, 0x17) 00:11:49 executing program 1: socket$inet6(0xa, 0x3, 0x3) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) [ 709.296942][ T5943] Bluetooth: hci0: unexpected event 0x05 length: 6 > 4 [ 709.297472][ T5943] Bluetooth: hci0: unexpected event 0x05 length: 6 > 4 [ 709.300781][ T5943] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:49 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000cec0400170808000000000000000000"], 0x15) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0xc15, "b44995b083a984abdc795fec1a29a08af09d6b55f6bb4964c16842b3df5ac5d7"}) [ 709.311271][ T5943] Bluetooth: Wrong link type (-22) [ 709.312436][ T5943] Bluetooth: hci1: link tx timeout [ 709.313630][ T5943] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:49 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x0, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) 00:11:49 executing program 4: socket$inet6(0xa, 0x3, 0x3) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) 00:11:49 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x9) 00:11:49 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005051708080200e8ff5100000000"], 0x15) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_reconf_req={{0x19, 0x4, 0xa}, {0x41ab, 0x9, [0x400, 0x1, 0x20]}}}}, 0x17) [ 709.339885][ T5943] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:49 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="3548fd04ef0099adffff0000b36ead13fd59f1fe9404159e3834d777"], 0x3) [ 709.344017][ T5943] Bluetooth: Wrong link type (-22) [ 709.345258][ T5943] Bluetooth: hci1: link tx timeout [ 709.346284][ T5943] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:49 executing program 1: socket$inet6(0xa, 0x3, 0x3) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) 00:11:49 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000cec0400170808000000000000000000"], 0x15) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0xc15, "b44995b083a984abdc795fec1a29a08af09d6b55f6bb4964c16842b3df5ac5d7"}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000cec0400170808000000000000000000"], 0x15) (async) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0xc15, "b44995b083a984abdc795fec1a29a08af09d6b55f6bb4964c16842b3df5ac5d7"}) (async) 00:11:49 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005051708080200e8ff5100000000"], 0x15) 00:11:49 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="3548fd04ef0099adffff0000b36ead13fd59f1fe9404159e3834d777"], 0x3) 00:11:49 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x0, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) 00:11:49 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x9) [ 709.391365][ T5943] Bluetooth: Unexpected start frame (len 16) 00:11:49 executing program 1: socket$inet6(0xa, 0x3, 0x3) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) 00:11:49 executing program 4: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="3548fd04ef0099adffff0000b36ead13fd59f1fe9404159e3834d777"], 0x3) [ 709.407905][ T5943] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:49 executing program 2: [ 709.419329][ T5943] Bluetooth: Unexpected start frame (len 16) 00:11:49 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x0, 0x1c}, @l2cap_cid_signaling={{0x18}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0x3}}]}}, 0x21) 00:11:49 executing program 4: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) clock_getres(0x7, &(0x7f0000000000)) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYRES8, @ANYRES8=r0, @ANYBLOB="ed5da653e645d2c6aeaad210140005b94a01dcb7ade2b1e8ad4459e5fc229930aae4a4cb987dad6ada697ff3b4f1da7797e261891cc8c2df8ab91c135a5ac98bc7710c8a93206d783d6c9a90ecac4ac01dd064949d0336aaa64aef37b970f8e23bf5fecf3050f0050cc46004c7d98de281d4b254386bfd1fd89fa5e6c75b23f50fc4c09ae668fe627f1feecd97014bbb8343501ff5e726198302f28349331b3030e1edc30a44cd5f157b6cb4dfe899b51add3cd84d8b571d611b488640b437252856ef9575ec283ba2d8e90a515e7e7e901fcecc943f99bec2b0f8004e60", @ANYBLOB="4dd7fbb877f903d7efe8404b587f1aca88e07b575bfe02ac9e44c91fc5a8e1c7dcf3a136290363c2bb930d08819be9427714fdc4f0e368ded64d16799f63dc0cbd09219ce77722537230e752ab0e632294bff3cca7da416daff7cde103ebaa7de155a678827fa3dfffdb86f3dfaa95de55e0f42a24261ea526569c66b62f25d3ff7e376a0960cb883508f331a9ba944b5fbcbabffde8379befe9133d033f8668fd94684befbf844efce00b468fa0c03d6515ddf2402244250ef43806ecaa859c2178332b8a285a63fbf5f2a6516f75b1c427bf220ecbe2a6abafd20d53a4c77d34ef7a0706db1c368761c2c489951d3f7ee8fdb3b8b895600bec95d4eed384b54ca3466f1998bf82f10a6f"], 0x2) read$watch_queue(r0, &(0x7f0000000040)=""/147, 0x93) 00:11:49 executing program 0: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x9) 00:11:49 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000cec0400170808000000000000000000"], 0x15) (async) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0xc15, "b44995b083a984abdc795fec1a29a08af09d6b55f6bb4964c16842b3df5ac5d7"}) [ 709.439905][ T5943] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:49 executing program 0: rt_sigaction(0x41, &(0x7f00000000c0)={&(0x7f0000000000)="fedf16b0f2693b26d6eb08d1d0b88fb8f0fd8a00e176181db85d7935fec10f8daca8d822e9aeec47750eb1c7a11f3d3da443", 0x8000004, &(0x7f0000000080)="2f2e5e507eb37238c089b06890fde00d30ea4299d01b437d7c31928dd14222d3b48d9e89d98badb7ea8dcb5b57a5b9a1f832", {[0x3e]}}, 0x0, 0x8, &(0x7f0000000100)) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x9) 00:11:49 executing program 1: socket$inet6(0xa, 0x3, 0x3) 00:11:49 executing program 0: rt_sigaction(0x41, &(0x7f00000000c0)={&(0x7f0000000000)="fedf16b0f2693b26d6eb08d1d0b88fb8f0fd8a00e176181db85d7935fec10f8daca8d822e9aeec47750eb1c7a11f3d3da443", 0x8000004, &(0x7f0000000080)="2f2e5e507eb37238c089b06890fde00d30ea4299d01b437d7c31928dd14222d3b48d9e89d98badb7ea8dcb5b57a5b9a1f832", {[0x3e]}}, 0x0, 0x8, &(0x7f0000000100)) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x9) 00:11:49 executing program 2: [ 709.467209][ T5943] Bluetooth: hci0: SCO packet for unknown connection handle 0 00:11:49 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x2, 0x16}, @l2cap_cid_signaling={{0x12}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}]}}, 0x1b) [ 709.477478][ T5943] Bluetooth: Unexpected start frame (len 16) 00:11:49 executing program 4: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) clock_getres(0x7, &(0x7f0000000000)) (async) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYRES8, @ANYRES8=r0, @ANYBLOB="ed5da653e645d2c6aeaad210140005b94a01dcb7ade2b1e8ad4459e5fc229930aae4a4cb987dad6ada697ff3b4f1da7797e261891cc8c2df8ab91c135a5ac98bc7710c8a93206d783d6c9a90ecac4ac01dd064949d0336aaa64aef37b970f8e23bf5fecf3050f0050cc46004c7d98de281d4b254386bfd1fd89fa5e6c75b23f50fc4c09ae668fe627f1feecd97014bbb8343501ff5e726198302f28349331b3030e1edc30a44cd5f157b6cb4dfe899b51add3cd84d8b571d611b488640b437252856ef9575ec283ba2d8e90a515e7e7e901fcecc943f99bec2b0f8004e60", @ANYBLOB="4dd7fbb877f903d7efe8404b587f1aca88e07b575bfe02ac9e44c91fc5a8e1c7dcf3a136290363c2bb930d08819be9427714fdc4f0e368ded64d16799f63dc0cbd09219ce77722537230e752ab0e632294bff3cca7da416daff7cde103ebaa7de155a678827fa3dfffdb86f3dfaa95de55e0f42a24261ea526569c66b62f25d3ff7e376a0960cb883508f331a9ba944b5fbcbabffde8379befe9133d033f8668fd94684befbf844efce00b468fa0c03d6515ddf2402244250ef43806ecaa859c2178332b8a285a63fbf5f2a6516f75b1c427bf220ecbe2a6abafd20d53a4c77d34ef7a0706db1c368761c2c489951d3f7ee8fdb3b8b895600bec95d4eed384b54ca3466f1998bf82f10a6f"], 0x2) read$watch_queue(r0, &(0x7f0000000040)=""/147, 0x93) 00:11:49 executing program 3: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c900100028000500d9803c3c22d4487300da08000000000000000000000000000000006c3bbe72a234e26a53d8278bbba54363028ff43fcb6c1df5d603792876f3066914ca931c0f868eae9db20d44e412717ab5d4912b1d046ce3b0d8c55d06b452942a55639b66533075a5862e059d0795b6084a318b809ea9d5a10e46db2c57ea70aac97e8198"], 0x15) syz_emit_vhci(&(0x7f0000000100)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x7d}, "3b58cfd15cebbbf15aca505cb42cfad21373838b6bc6fc02142fd8183b8baff3c99493fd2b9f9749b561209cdaff0dcc0449102c29d3d294dc59bdcf7c9feccac845142020b6db43804599c35f4fac3ee473464105366a54a517ea45ca3864d0381a7b6368d250b294513d7555163e57d7014d9e0698b1bb21071b2769"}, 0x81) 00:11:49 executing program 2: [ 709.514426][ T5943] Bluetooth: hci0: Received unexpected HCI Event 0x00 00:11:49 executing program 2: syz_emit_vhci(0x0, 0x15) [ 709.525899][ T5943] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 709.527336][ T5502] Bluetooth: Unexpected start frame (len 16) 00:11:49 executing program 0: rt_sigaction(0x41, &(0x7f00000000c0)={&(0x7f0000000000)="fedf16b0f2693b26d6eb08d1d0b88fb8f0fd8a00e176181db85d7935fec10f8daca8d822e9aeec47750eb1c7a11f3d3da443", 0x8000004, &(0x7f0000000080)="2f2e5e507eb37238c089b06890fde00d30ea4299d01b437d7c31928dd14222d3b48d9e89d98badb7ea8dcb5b57a5b9a1f832", {[0x3e]}}, 0x0, 0x8, &(0x7f0000000100)) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x9) rt_sigaction(0x41, &(0x7f00000000c0)={&(0x7f0000000000)="fedf16b0f2693b26d6eb08d1d0b88fb8f0fd8a00e176181db85d7935fec10f8daca8d822e9aeec47750eb1c7a11f3d3da443", 0x8000004, &(0x7f0000000080)="2f2e5e507eb37238c089b06890fde00d30ea4299d01b437d7c31928dd14222d3b48d9e89d98badb7ea8dcb5b57a5b9a1f832", {[0x3e]}}, 0x0, 0x8, &(0x7f0000000100)) (async) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x9) (async) 00:11:49 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x2, 0x16}, @l2cap_cid_signaling={{0x12}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}]}}, 0x1b) 00:11:49 executing program 1: socket$inet6(0xa, 0x0, 0x3) 00:11:49 executing program 3: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c900100028000500d9803c3c22d4487300da08000000000000000000000000000000006c3bbe72a234e26a53d8278bbba54363028ff43fcb6c1df5d603792876f3066914ca931c0f868eae9db20d44e412717ab5d4912b1d046ce3b0d8c55d06b452942a55639b66533075a5862e059d0795b6084a318b809ea9d5a10e46db2c57ea70aac97e8198"], 0x15) syz_emit_vhci(&(0x7f0000000100)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x7d}, "3b58cfd15cebbbf15aca505cb42cfad21373838b6bc6fc02142fd8183b8baff3c99493fd2b9f9749b561209cdaff0dcc0449102c29d3d294dc59bdcf7c9feccac845142020b6db43804599c35f4fac3ee473464105366a54a517ea45ca3864d0381a7b6368d250b294513d7555163e57d7014d9e0698b1bb21071b2769"}, 0x81) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c900100028000500d9803c3c22d4487300da08000000000000000000000000000000006c3bbe72a234e26a53d8278bbba54363028ff43fcb6c1df5d603792876f3066914ca931c0f868eae9db20d44e412717ab5d4912b1d046ce3b0d8c55d06b452942a55639b66533075a5862e059d0795b6084a318b809ea9d5a10e46db2c57ea70aac97e8198"], 0x15) (async) syz_emit_vhci(&(0x7f0000000100)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x7d}, "3b58cfd15cebbbf15aca505cb42cfad21373838b6bc6fc02142fd8183b8baff3c99493fd2b9f9749b561209cdaff0dcc0449102c29d3d294dc59bdcf7c9feccac845142020b6db43804599c35f4fac3ee473464105366a54a517ea45ca3864d0381a7b6368d250b294513d7555163e57d7014d9e0698b1bb21071b2769"}, 0x81) (async) 00:11:49 executing program 4: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) clock_getres(0x7, &(0x7f0000000000)) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYRES8, @ANYRES8=r0, @ANYBLOB="ed5da653e645d2c6aeaad210140005b94a01dcb7ade2b1e8ad4459e5fc229930aae4a4cb987dad6ada697ff3b4f1da7797e261891cc8c2df8ab91c135a5ac98bc7710c8a93206d783d6c9a90ecac4ac01dd064949d0336aaa64aef37b970f8e23bf5fecf3050f0050cc46004c7d98de281d4b254386bfd1fd89fa5e6c75b23f50fc4c09ae668fe627f1feecd97014bbb8343501ff5e726198302f28349331b3030e1edc30a44cd5f157b6cb4dfe899b51add3cd84d8b571d611b488640b437252856ef9575ec283ba2d8e90a515e7e7e901fcecc943f99bec2b0f8004e60", @ANYBLOB="4dd7fbb877f903d7efe8404b587f1aca88e07b575bfe02ac9e44c91fc5a8e1c7dcf3a136290363c2bb930d08819be9427714fdc4f0e368ded64d16799f63dc0cbd09219ce77722537230e752ab0e632294bff3cca7da416daff7cde103ebaa7de155a678827fa3dfffdb86f3dfaa95de55e0f42a24261ea526569c66b62f25d3ff7e376a0960cb883508f331a9ba944b5fbcbabffde8379befe9133d033f8668fd94684befbf844efce00b468fa0c03d6515ddf2402244250ef43806ecaa859c2178332b8a285a63fbf5f2a6516f75b1c427bf220ecbe2a6abafd20d53a4c77d34ef7a0706db1c368761c2c489951d3f7ee8fdb3b8b895600bec95d4eed384b54ca3466f1998bf82f10a6f"], 0x2) read$watch_queue(r0, &(0x7f0000000040)=""/147, 0x93) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) clock_getres(0x7, &(0x7f0000000000)) (async) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYRES8, @ANYRES8=r0, @ANYBLOB="ed5da653e645d2c6aeaad210140005b94a01dcb7ade2b1e8ad4459e5fc229930aae4a4cb987dad6ada697ff3b4f1da7797e261891cc8c2df8ab91c135a5ac98bc7710c8a93206d783d6c9a90ecac4ac01dd064949d0336aaa64aef37b970f8e23bf5fecf3050f0050cc46004c7d98de281d4b254386bfd1fd89fa5e6c75b23f50fc4c09ae668fe627f1feecd97014bbb8343501ff5e726198302f28349331b3030e1edc30a44cd5f157b6cb4dfe899b51add3cd84d8b571d611b488640b437252856ef9575ec283ba2d8e90a515e7e7e901fcecc943f99bec2b0f8004e60", @ANYBLOB="4dd7fbb877f903d7efe8404b587f1aca88e07b575bfe02ac9e44c91fc5a8e1c7dcf3a136290363c2bb930d08819be9427714fdc4f0e368ded64d16799f63dc0cbd09219ce77722537230e752ab0e632294bff3cca7da416daff7cde103ebaa7de155a678827fa3dfffdb86f3dfaa95de55e0f42a24261ea526569c66b62f25d3ff7e376a0960cb883508f331a9ba944b5fbcbabffde8379befe9133d033f8668fd94684befbf844efce00b468fa0c03d6515ddf2402244250ef43806ecaa859c2178332b8a285a63fbf5f2a6516f75b1c427bf220ecbe2a6abafd20d53a4c77d34ef7a0706db1c368761c2c489951d3f7ee8fdb3b8b895600bec95d4eed384b54ca3466f1998bf82f10a6f"], 0x2) (async) read$watch_queue(r0, &(0x7f0000000040)=""/147, 0x93) (async) [ 709.548507][ T5502] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 709.569592][ T5502] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:49 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x2, 0x16}, @l2cap_cid_signaling={{0x12}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x0, 0x3, 0x1e2d, 0x1}}]}}, 0x1b) [ 709.578037][ T5502] Bluetooth: Unexpected start frame (len 16) [ 709.579395][ T5502] Bluetooth: Unexpected start frame (len 16) 00:11:49 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@ipv4}, &(0x7f0000000040)=0x14) 00:11:49 executing program 2: syz_emit_vhci(0x0, 0x15) 00:11:49 executing program 3: syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c900100028000500d9803c3c22d4487300da08000000000000000000000000000000006c3bbe72a234e26a53d8278bbba54363028ff43fcb6c1df5d603792876f3066914ca931c0f868eae9db20d44e412717ab5d4912b1d046ce3b0d8c55d06b452942a55639b66533075a5862e059d0795b6084a318b809ea9d5a10e46db2c57ea70aac97e8198"], 0x15) (async) syz_emit_vhci(&(0x7f0000000100)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x7d}, "3b58cfd15cebbbf15aca505cb42cfad21373838b6bc6fc02142fd8183b8baff3c99493fd2b9f9749b561209cdaff0dcc0449102c29d3d294dc59bdcf7c9feccac845142020b6db43804599c35f4fac3ee473464105366a54a517ea45ca3864d0381a7b6368d250b294513d7555163e57d7014d9e0698b1bb21071b2769"}, 0x81) 00:11:49 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04ff01"], 0x3) [ 709.622469][ T5502] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 709.632419][ T5502] Bluetooth: Unexpected start frame (len 16) 00:11:49 executing program 2: syz_emit_vhci(0x0, 0x15) 00:11:49 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@ipv4}, &(0x7f0000000040)=0x14) 00:11:49 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04ff01"], 0x3) 00:11:49 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x2, 0xa}, @l2cap_cid_signaling={{0x6}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}]}}, 0xf) [ 709.676099][ T5502] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:49 executing program 1: socket$inet6(0xa, 0x0, 0x3) 00:11:49 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0x5, 0xc9, 0xc9, 0xad}}}, 0x8) 00:11:49 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@ipv4}, &(0x7f0000000040)=0x14) 00:11:49 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x15) 00:11:49 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x2, 0xa}, @l2cap_cid_signaling={{0x6}, [@l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}]}}, 0xf) 00:11:49 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04ff01"], 0x3) [ 709.710527][ T5502] Bluetooth: Unexpected start frame (len 16) [ 709.712005][ T5502] Bluetooth: Wrong link type (-22) [ 709.713545][ T5502] Bluetooth: hci4: link tx timeout [ 709.714687][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:49 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0x5, 0xc9, 0xc9, 0xad}}}, 0x8) 00:11:49 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x15) 00:11:49 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x2], 0x400000000000001a, 0x80800, 0x0, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r3, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x20}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x74}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x7c}]}, 0x40}, 0x1, 0x0, 0x0, 0x8040}, 0x4000000) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYRES8=r2], 0x9) [ 709.757126][ T5502] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:49 executing program 4: clock_getres(0x1, &(0x7f0000000000)) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, 0x0, 0x8, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_DEFAULT_TYPES={0xc, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000000}, 0x8000) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) [ 709.770219][ T5502] Bluetooth: Wrong link type (-22) [ 709.771413][ T5502] Bluetooth: hci4: link tx timeout [ 709.772502][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:49 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x15) 00:11:49 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x2, 0x4}}, 0x9) 00:11:49 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x2], 0x400000000000001a, 0x80800}) (async) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x2], 0x400000000000001a, 0x80800, 0x0, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r3, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x20}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x74}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x7c}]}, 0x40}, 0x1, 0x0, 0x0, 0x8040}, 0x4000000) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYRES8=r2], 0x9) 00:11:49 executing program 1: socket$inet6(0xa, 0x0, 0x3) 00:11:49 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async, rerun: 32) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0x5, 0xc9, 0xc9, 0xad}}}, 0x8) (rerun: 32) [ 709.807063][ T5502] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 709.827257][ T5502] Bluetooth: Wrong link type (-22) [ 709.828402][ T5502] Bluetooth: Wrong link type (-22) [ 709.829545][ T5502] Bluetooth: Wrong link type (-22) [ 709.830650][ T5502] Bluetooth: Wrong link type (-22) [ 709.831770][ T5502] Bluetooth: Wrong link type (-22) [ 709.833682][ T5502] Bluetooth: Wrong link type (-22) [ 709.834893][ T5502] Bluetooth: Wrong link type (-22) [ 709.836113][ T5502] Bluetooth: Wrong link type (-22) [ 709.837261][ T5502] Bluetooth: Wrong link type (-22) [ 709.838408][ T5502] Bluetooth: Wrong link type (-22) [ 709.839426][ T5502] Bluetooth: Wrong link type (-22) [ 709.840594][ T5502] Bluetooth: Wrong link type (-22) [ 709.841641][ T5502] Bluetooth: Wrong link type (-22) [ 709.842758][ T5502] Bluetooth: Wrong link type (-22) 00:11:49 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x2, 0x4}}, 0x9) [ 709.844438][ T5502] Bluetooth: Wrong link type (-22) [ 709.845707][ T5502] Bluetooth: Wrong link type (-22) [ 709.846836][ T5502] Bluetooth: Wrong link type (-22) [ 709.847994][ T5502] Bluetooth: Wrong link type (-22) [ 709.849124][ T5502] Bluetooth: Wrong link type (-22) [ 709.850596][ T5502] Bluetooth: Wrong link type (-22) [ 709.851750][ T5502] Bluetooth: Wrong link type (-22) [ 709.853277][ T5502] Bluetooth: Wrong link type (-22) [ 709.854470][ T5502] Bluetooth: Wrong link type (-22) [ 709.855555][ T5502] Bluetooth: Wrong link type (-22) [ 709.856652][ T5502] Bluetooth: Wrong link type (-22) [ 709.857828][ T5502] Bluetooth: Wrong link type (-22) [ 709.858873][ T5502] Bluetooth: Wrong link type (-22) [ 709.859941][ T5502] Bluetooth: Wrong link type (-22) [ 709.861071][ T5502] Bluetooth: Wrong link type (-22) 00:11:49 executing program 4: clock_getres(0x1, &(0x7f0000000000)) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, 0x0, 0x8, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_DEFAULT_TYPES={0xc, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000000}, 0x8000) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) [ 709.862151][ T5502] Bluetooth: Wrong link type (-22) [ 709.863942][ T5502] Bluetooth: Wrong link type (-22) [ 709.865142][ T5502] Bluetooth: Wrong link type (-22) 00:11:49 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x15) [ 709.866270][ T5502] Bluetooth: Wrong link type (-22) [ 709.868092][ T5502] Bluetooth: hci4: link tx timeout [ 709.869243][ T5502] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:49 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x2], 0x400000000000001a, 0x80800, 0x0, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r3, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x20}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x74}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x7c}]}, 0x40}, 0x1, 0x0, 0x0, 0x8040}, 0x4000000) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYRES8=r2], 0x9) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x2], 0x400000000000001a, 0x80800}) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r3, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x20}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x74}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x7c}]}, 0x40}, 0x1, 0x0, 0x0, 0x8040}, 0x4000000) (async) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYRES8=r2], 0x9) (async) 00:11:49 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}, {0xffc1, 0x0, 0x0, 0xffff}}}}, 0x15) [ 709.890248][ T5502] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:49 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x2, 0x4}}, 0x9) [ 709.909376][ T5502] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 709.910042][ T5943] Bluetooth: Wrong link type (-22) [ 709.912561][ T5943] Bluetooth: hci4: link tx timeout [ 709.913970][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:49 executing program 4: clock_getres(0x1, &(0x7f0000000000)) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, 0x0, 0x8, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_DEFAULT_TYPES={0xc, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000000}, 0x8000) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) 00:11:49 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x2, 0xa}, @l2cap_cid_signaling={{0x6}, [@l2cap_info_req={{0xa, 0x0, 0x2}, {0x2}}]}}, 0xf) 00:11:49 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x15) [ 709.931775][ T5943] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:49 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}, {0xffc1, 0x0, 0x0, 0xffff}}}}, 0x15) [ 709.964334][ T5943] Bluetooth: Wrong link type (-22) [ 709.965582][ T5943] Bluetooth: hci4: link tx timeout [ 709.966730][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:49 executing program 1: socket$inet6(0xa, 0x3, 0x0) 00:11:49 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) accept4$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x2711}, 0x10, 0x0) ioctl$DRM_IOCTL_RM_MAP(r0, 0x4028641b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ffa000/0x3000)=nil}) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_RM_MAP(r3, 0x4028641b, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil}) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) getsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)=0x4) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRESHEX=r1], 0x9) 00:11:49 executing program 5: syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x2, 0xa}, @l2cap_cid_signaling={{0x6}, [@l2cap_info_req={{0xa, 0x0, 0x2}}]}}, 0xf) 00:11:49 executing program 4: ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x8, 0x1, 0x6, 0x6, 0x3, 0x4, 0x9, 0x2], 0x8, 0x80800}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) 00:11:49 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x15) 00:11:49 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}, {0xffc1, 0x0, 0x0, 0xffff}}}}, 0x15) [ 709.996390][ T5943] Bluetooth: Wrong link type (-22) [ 709.997628][ T5943] Bluetooth: hci4: link tx timeout [ 709.998783][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:49 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005051708"], 0x15) [ 710.001215][ T5943] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:49 executing program 3: syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x16}, @l2cap_cid_le_signaling={{0x12}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xe}, {0x0, 0x0, 0x0, 0x0, [0x1, 0x0, 0x8]}}}}, 0x1b) 00:11:49 executing program 4: ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x8, 0x1, 0x6, 0x6, 0x3, 0x4, 0x9, 0x2], 0x8, 0x80800}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x8, 0x1, 0x6, 0x6, 0x3, 0x4, 0x9, 0x2], 0x8, 0x80800}) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) (async) [ 710.023601][ T5943] Bluetooth: Wrong link type (-22) [ 710.024742][ T5943] Bluetooth: hci4: link tx timeout [ 710.025843][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:50 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}, {0xffc1, 0x0, 0x0, 0xffff}}}}, 0x15) 00:11:50 executing program 0: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) accept4$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x2711}, 0x10, 0x0) ioctl$DRM_IOCTL_RM_MAP(r0, 0x4028641b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ffa000/0x3000)=nil}) (async) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_RM_MAP(r3, 0x4028641b, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil}) (async) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) getsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)=0x4) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRESHEX=r1], 0x9) 00:11:50 executing program 3: syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x16}, @l2cap_cid_le_signaling={{0x12}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xe}, {0x0, 0x0, 0x0, 0x0, [0x1, 0x0, 0x8]}}}}, 0x1b) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x16}, @l2cap_cid_le_signaling={{0x12}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xe}, {0x0, 0x0, 0x0, 0x0, [0x1, 0x0, 0x8]}}}}, 0x1b) (async) [ 710.066455][ T5943] Bluetooth: Wrong link type (-22) [ 710.067743][ T5943] Bluetooth: hci4: link tx timeout [ 710.068801][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 710.070654][ T5943] Bluetooth: Wrong link type (-22) [ 710.071844][ T5943] Bluetooth: hci4: link tx timeout [ 710.073170][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 710.075431][ T5943] Bluetooth: Wrong link type (-22) 00:11:50 executing program 1: socket$inet6(0xa, 0x3, 0x0) 00:11:50 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}, {0xffc1, 0x0, 0x0, 0xffff}}}}, 0x15) 00:11:50 executing program 3: syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x16}, @l2cap_cid_le_signaling={{0x12}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xe}, {0x0, 0x0, 0x0, 0x0, [0x1, 0x0, 0x8]}}}}, 0x1b) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x16}, @l2cap_cid_le_signaling={{0x12}, @l2cap_ecred_conn_req={{0x17, 0x8, 0xe}, {0x0, 0x0, 0x0, 0x0, [0x1, 0x0, 0x8]}}}}, 0x1b) (async) 00:11:50 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02"], 0x15) [ 710.114272][ T5943] Bluetooth: Wrong link type (-22) [ 710.115384][ T5943] Bluetooth: Wrong link type (-22) [ 710.116539][ T5943] Bluetooth: hci4: link tx timeout 00:11:50 executing program 4: ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x8, 0x1, 0x6, 0x6, 0x3, 0x4, 0x9, 0x2], 0x8, 0x80800}) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) [ 710.117652][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:50 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c800500170808000000000004000000"], 0x15) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="6d04ee53e1d727a046b0f386104021a8d6f86a7541d7781c13ddce0af4d0fee465ba7c5a952e05c251bb086d9aa0514b"], 0x7) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x0, 0x2a}, @l2cap_cid_signaling={{0x26}, [@l2cap_cmd_rej_unk={{0x1, 0x9, 0x2}, {0x8}}, @l2cap_move_chan_rsp={{0xf, 0x2, 0x4}, {0x7, 0x3}}, @l2cap_disconn_req={{0x6, 0x80, 0x4}, {0xee, 0xb34}}, @l2cap_disconn_rsp={{0x7, 0x3, 0x4}, {0x1, 0x1}}, @l2cap_conn_req={{0x2, 0x3, 0x4}, {0x81, 0x6}}]}}, 0x2f) 00:11:50 executing program 0: openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) mkdirat$cgroup(r2, &(0x7f0000001080)='syz1\x00', 0x1ff) accept4$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x2711}, 0x10, 0x0) ioctl$DRM_IOCTL_RM_MAP(r0, 0x4028641b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ffa000/0x3000)=nil}) r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_RM_MAP(r3, 0x4028641b, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil}) (async) ioctl$DRM_IOCTL_RM_MAP(r3, 0x4028641b, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil}) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) getsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)=0x4) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRESHEX=r1], 0x9) [ 710.133576][ T5943] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 710.135771][ T5943] Bluetooth: Wrong link type (-22) 00:11:50 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02"], 0x15) 00:11:50 executing program 4: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r0, 0x8, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0xfffffea6, 0x5e}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x20000010) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04bf00"], 0x3) [ 710.169387][ T5943] Bluetooth: hci1: ACL packet for unknown connection handle 0 00:11:50 executing program 1: socket$inet6(0xa, 0x3, 0x0) 00:11:50 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}, {0xffc1, 0x0, 0x0, 0xffff}}}}, 0x15) [ 710.198825][ T5943] Bluetooth: Wrong link type (-22) [ 710.200006][ T5943] Bluetooth: hci3: link tx timeout [ 710.201017][ T5943] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:50 executing program 0: syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="f8c38ee59ff1bde65b10c54009ef901187ca228827cf48c6be16ee8946baec7f6e1d8ee9e5ad1894fb72b71056e95435fd50e559333e475b788f0b1b883f4707ea8d53e3c5d9a29a0ff279c89a3e280673abcaf5f6bb1bfecd962a6acd8632631036f3c255408deca185423eaf485e97123448625f5fed8a899c970be1936fadf16e764a781d971e5bf7d4392ceec3b05f42bb7d99503561dc8d2573c8b07e5f2e7e05dbf7d613bd41ee2875a3850894a4175e9fe3274c78852d6e9510b6233e5396eaf4ddbb6033e8baecd2181ffa8fceeecaf6a1420e12d8a422b844d79a5d507712b9722afa3dc39b5c61c65186f10179fc2031ce84b6fd17c01349f4aa99312e5e30b4ed3fdf26e2e2f847f2c28d9aa099459e9a00d35f25df95c0d960b6849d31b5b6ed4ccf30ef58aa8dda4663fc1ff19293120f20095b79f4127f723b2e51d6536370bf56fc13e4d7e582db0b2aade4d377318cb02a7c26926aaeaf4a36ed9adfd94f9951bdd841f47b18de"], 0x9) socketpair(0x23, 0x6, 0x9, &(0x7f00000002c0)={0xffffffffffffffff}) sendmsg$FOU_CMD_DEL(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x24, 0x0, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e23}]}, 0x24}, 0x1, 0x0, 0x0, 0xe9aa4ee7702195e6}, 0x4000) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r2, 0x400, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x80000001, 0x4}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x61}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x75}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x4080) 00:11:50 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c800500170808000000000004000000"], 0x15) (async) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="6d04ee53e1d727a046b0f386104021a8d6f86a7541d7781c13ddce0af4d0fee465ba7c5a952e05c251bb086d9aa0514b"], 0x7) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x0, 0x2a}, @l2cap_cid_signaling={{0x26}, [@l2cap_cmd_rej_unk={{0x1, 0x9, 0x2}, {0x8}}, @l2cap_move_chan_rsp={{0xf, 0x2, 0x4}, {0x7, 0x3}}, @l2cap_disconn_req={{0x6, 0x80, 0x4}, {0xee, 0xb34}}, @l2cap_disconn_rsp={{0x7, 0x3, 0x4}, {0x1, 0x1}}, @l2cap_conn_req={{0x2, 0x3, 0x4}, {0x81, 0x6}}]}}, 0x2f) 00:11:50 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02"], 0x15) [ 710.218552][ T5943] Bluetooth: hci1: ACL packet for unknown connection handle 0 00:11:50 executing program 5: [ 710.232436][ T5943] Bluetooth: Unexpected start frame (len 16) 00:11:50 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c"], 0x15) 00:11:50 executing program 5: 00:11:50 executing program 4: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r0, 0x8, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0xfffffea6, 0x5e}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x20000010) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04bf00"], 0x3) 00:11:50 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c800500170808000000000004000000"], 0x15) (async) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="6d04ee53e1d727a046b0f386104021a8d6f86a7541d7781c13ddce0af4d0fee465ba7c5a952e05c251bb086d9aa0514b"], 0x7) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x0, 0x2a}, @l2cap_cid_signaling={{0x26}, [@l2cap_cmd_rej_unk={{0x1, 0x9, 0x2}, {0x8}}, @l2cap_move_chan_rsp={{0xf, 0x2, 0x4}, {0x7, 0x3}}, @l2cap_disconn_req={{0x6, 0x80, 0x4}, {0xee, 0xb34}}, @l2cap_disconn_rsp={{0x7, 0x3, 0x4}, {0x1, 0x1}}, @l2cap_conn_req={{0x2, 0x3, 0x4}, {0x81, 0x6}}]}}, 0x2f) 00:11:50 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02"], 0x15) [ 710.285302][ T5943] Bluetooth: Unexpected start frame (len 16) [ 710.291897][ T5943] Bluetooth: hci1: ACL packet for unknown connection handle 0 00:11:50 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02"], 0x15) [ 710.315549][ T5943] Bluetooth: hci1: ACL packet for unknown connection handle 0 00:11:50 executing program 5: 00:11:50 executing program 0: syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="f8c38ee59ff1bde65b10c54009ef901187ca228827cf48c6be16ee8946baec7f6e1d8ee9e5ad1894fb72b71056e95435fd50e559333e475b788f0b1b883f4707ea8d53e3c5d9a29a0ff279c89a3e280673abcaf5f6bb1bfecd962a6acd8632631036f3c255408deca185423eaf485e97123448625f5fed8a899c970be1936fadf16e764a781d971e5bf7d4392ceec3b05f42bb7d99503561dc8d2573c8b07e5f2e7e05dbf7d613bd41ee2875a3850894a4175e9fe3274c78852d6e9510b6233e5396eaf4ddbb6033e8baecd2181ffa8fceeecaf6a1420e12d8a422b844d79a5d507712b9722afa3dc39b5c61c65186f10179fc2031ce84b6fd17c01349f4aa99312e5e30b4ed3fdf26e2e2f847f2c28d9aa099459e9a00d35f25df95c0d960b6849d31b5b6ed4ccf30ef58aa8dda4663fc1ff19293120f20095b79f4127f723b2e51d6536370bf56fc13e4d7e582db0b2aade4d377318cb02a7c26926aaeaf4a36ed9adfd94f9951bdd841f47b18de"], 0x9) socketpair(0x23, 0x6, 0x9, &(0x7f00000002c0)={0xffffffffffffffff}) sendmsg$FOU_CMD_DEL(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x24, 0x0, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e23}]}, 0x24}, 0x1, 0x0, 0x0, 0xe9aa4ee7702195e6}, 0x4000) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r2, 0x400, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x80000001, 0x4}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x61}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x75}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x4080) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="f8c38ee59ff1bde65b10c54009ef901187ca228827cf48c6be16ee8946baec7f6e1d8ee9e5ad1894fb72b71056e95435fd50e559333e475b788f0b1b883f4707ea8d53e3c5d9a29a0ff279c89a3e280673abcaf5f6bb1bfecd962a6acd8632631036f3c255408deca185423eaf485e97123448625f5fed8a899c970be1936fadf16e764a781d971e5bf7d4392ceec3b05f42bb7d99503561dc8d2573c8b07e5f2e7e05dbf7d613bd41ee2875a3850894a4175e9fe3274c78852d6e9510b6233e5396eaf4ddbb6033e8baecd2181ffa8fceeecaf6a1420e12d8a422b844d79a5d507712b9722afa3dc39b5c61c65186f10179fc2031ce84b6fd17c01349f4aa99312e5e30b4ed3fdf26e2e2f847f2c28d9aa099459e9a00d35f25df95c0d960b6849d31b5b6ed4ccf30ef58aa8dda4663fc1ff19293120f20095b79f4127f723b2e51d6536370bf56fc13e4d7e582db0b2aade4d377318cb02a7c26926aaeaf4a36ed9adfd94f9951bdd841f47b18de"], 0x9) (async) socketpair(0x23, 0x6, 0x9, &(0x7f00000002c0)) (async) sendmsg$FOU_CMD_DEL(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x24, 0x0, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e23}]}, 0x24}, 0x1, 0x0, 0x0, 0xe9aa4ee7702195e6}, 0x4000) (async) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r2, 0x400, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x80000001, 0x4}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x61}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x75}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x4080) (async) 00:11:50 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}, {0x0, 0x20}}}}, 0x15) ioctl$IOMMU_TEST_OP_ACCESS_RW(0xffffffffffffffff, 0x3ba0, &(0x7f0000000140)={0x38, 0x8, 0xffffffffffffffff, 0x0, 0x7fffffffffffffff, 0xc5, &(0x7f0000000040)="8ed89b9b037020b6e63fe002b1408754f7e7fc60635bc591751e128c7294b50add442d6f73b97016248446fdfa3cc00df9785b74cea798d4ccfbf80e396959915f879444397dc119d91a8f464347f8b4d9e8b099a649780398bf65be215a9991b54e6e09b1912d18b70b81ca78698765940b9c95c469e106ba1df2fde166e7d14fbf772537a4703a8da8a50a57a6cc50c3b73bb0305347208d2009d403128077368f04ae7142e2d86175f3e7f8adf938bf949eceb168567624a0480b8ea066a0a93874b064", 0x4}) 00:11:50 executing program 4: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r0, 0x8, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0xfffffea6, 0x5e}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x20000010) (async) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04bf00"], 0x3) 00:11:50 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02"], 0x15) 00:11:50 executing program 1: syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="f8c38ee59ff1bde65b10c54009ef901187ca228827cf48c6be16ee8946baec7f6e1d8ee9e5ad1894fb72b71056e95435fd50e559333e475b788f0b1b883f4707ea8d53e3c5d9a29a0ff279c89a3e280673abcaf5f6bb1bfecd962a6acd8632631036f3c255408deca185423eaf485e97123448625f5fed8a899c970be1936fadf16e764a781d971e5bf7d4392ceec3b05f42bb7d99503561dc8d2573c8b07e5f2e7e05dbf7d613bd41ee2875a3850894a4175e9fe3274c78852d6e9510b6233e5396eaf4ddbb6033e8baecd2181ffa8fceeecaf6a1420e12d8a422b844d79a5d507712b9722afa3dc39b5c61c65186f10179fc2031ce84b6fd17c01349f4aa99312e5e30b4ed3fdf26e2e2f847f2c28d9aa099459e9a00d35f25df95c0d960b6849d31b5b6ed4ccf30ef58aa8dda4663fc1ff19293120f20095b79f4127f723b2e51d6536370bf56fc13e4d7e582db0b2aade4d377318cb02a7c26926aaeaf4a36ed9adfd94f9951bdd841f47b18de"], 0x9) socketpair(0x23, 0x6, 0x9, &(0x7f00000002c0)={0xffffffffffffffff}) sendmsg$FOU_CMD_DEL(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x24, 0x0, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e23}]}, 0x24}, 0x1, 0x0, 0x0, 0xe9aa4ee7702195e6}, 0x4000) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r2, 0x400, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x80000001, 0x4}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x61}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x75}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x4080) 00:11:50 executing program 5: syz_emit_vhci(0x0, 0x0) [ 710.358524][ T5943] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 710.367157][ T5943] Bluetooth: Unexpected start frame (len 16) [ 710.368645][ T5943] Bluetooth: Wrong link type (-22) [ 710.369766][ T5943] Bluetooth: hci4: link tx timeout [ 710.370936][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:50 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010"], 0x15) 00:11:50 executing program 5: syz_emit_vhci(0x0, 0x0) 00:11:50 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}, {0x0, 0x20}}}}, 0x15) (async, rerun: 64) ioctl$IOMMU_TEST_OP_ACCESS_RW(0xffffffffffffffff, 0x3ba0, &(0x7f0000000140)={0x38, 0x8, 0xffffffffffffffff, 0x0, 0x7fffffffffffffff, 0xc5, &(0x7f0000000040)="8ed89b9b037020b6e63fe002b1408754f7e7fc60635bc591751e128c7294b50add442d6f73b97016248446fdfa3cc00df9785b74cea798d4ccfbf80e396959915f879444397dc119d91a8f464347f8b4d9e8b099a649780398bf65be215a9991b54e6e09b1912d18b70b81ca78698765940b9c95c469e106ba1df2fde166e7d14fbf772537a4703a8da8a50a57a6cc50c3b73bb0305347208d2009d403128077368f04ae7142e2d86175f3e7f8adf938bf949eceb168567624a0480b8ea066a0a93874b064", 0x4}) (rerun: 64) 00:11:50 executing program 4: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000040)={0x0, 0x1}) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000000)=[0x2, 0x3], 0x2) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="04ff0090558481758756b702c4cf203add3364c0b031333a71c9568dd2bcaca65a05b580140511acbeb4c3fda498d86b92132248855a03e861fe993d49c006cf11f90be87a38f23c3bf8ae4d0c50e43747a39658aa670d6b34cc062ae01aad7dd885d67cc8d28fffa8653819357181575961f5b33f4bd92c7f2ce4ac7ef04d47e17852a7da9ef13ba0de5a198737fb7595e3c0f2d20fdf0a99508075288e3325282a29a36d2b5269932cdf2ff9a53b92ee784d2e925ad3e5ddec2dcfd0e9d8a1bae05b964ed1e1cf5cc7a340896d444fe56ce35708940f27a0c4cc22798f628e62bfeba8fc2b0c8ddb1fb78d6052a7c1e2eed0353be11ccb7d683d9fdaf14c7fa66098237f72a001f565f8684dbf04f7dbf0bd59e5781e975438e611e175bcfa72fff49b45e4b0b84836"], 0x3) [ 710.407030][ T5943] Bluetooth: Frame is too long (len 16, expected len 4) 00:11:50 executing program 0: syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="f8c38ee59ff1bde65b10c54009ef901187ca228827cf48c6be16ee8946baec7f6e1d8ee9e5ad1894fb72b71056e95435fd50e559333e475b788f0b1b883f4707ea8d53e3c5d9a29a0ff279c89a3e280673abcaf5f6bb1bfecd962a6acd8632631036f3c255408deca185423eaf485e97123448625f5fed8a899c970be1936fadf16e764a781d971e5bf7d4392ceec3b05f42bb7d99503561dc8d2573c8b07e5f2e7e05dbf7d613bd41ee2875a3850894a4175e9fe3274c78852d6e9510b6233e5396eaf4ddbb6033e8baecd2181ffa8fceeecaf6a1420e12d8a422b844d79a5d507712b9722afa3dc39b5c61c65186f10179fc2031ce84b6fd17c01349f4aa99312e5e30b4ed3fdf26e2e2f847f2c28d9aa099459e9a00d35f25df95c0d960b6849d31b5b6ed4ccf30ef58aa8dda4663fc1ff19293120f20095b79f4127f723b2e51d6536370bf56fc13e4d7e582db0b2aade4d377318cb02a7c26926aaeaf4a36ed9adfd94f9951bdd841f47b18de"], 0x9) (async) socketpair(0x23, 0x6, 0x9, &(0x7f00000002c0)={0xffffffffffffffff}) sendmsg$FOU_CMD_DEL(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x24, 0x0, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e23}]}, 0x24}, 0x1, 0x0, 0x0, 0xe9aa4ee7702195e6}, 0x4000) (async) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) (async) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r2, 0x400, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x80000001, 0x4}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x61}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x75}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x4080) 00:11:50 executing program 1: syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="f8c38ee59ff1bde65b10c54009ef901187ca228827cf48c6be16ee8946baec7f6e1d8ee9e5ad1894fb72b71056e95435fd50e559333e475b788f0b1b883f4707ea8d53e3c5d9a29a0ff279c89a3e280673abcaf5f6bb1bfecd962a6acd8632631036f3c255408deca185423eaf485e97123448625f5fed8a899c970be1936fadf16e764a781d971e5bf7d4392ceec3b05f42bb7d99503561dc8d2573c8b07e5f2e7e05dbf7d613bd41ee2875a3850894a4175e9fe3274c78852d6e9510b6233e5396eaf4ddbb6033e8baecd2181ffa8fceeecaf6a1420e12d8a422b844d79a5d507712b9722afa3dc39b5c61c65186f10179fc2031ce84b6fd17c01349f4aa99312e5e30b4ed3fdf26e2e2f847f2c28d9aa099459e9a00d35f25df95c0d960b6849d31b5b6ed4ccf30ef58aa8dda4663fc1ff19293120f20095b79f4127f723b2e51d6536370bf56fc13e4d7e582db0b2aade4d377318cb02a7c26926aaeaf4a36ed9adfd94f9951bdd841f47b18de"], 0x9) socketpair(0x23, 0x6, 0x9, &(0x7f00000002c0)={0xffffffffffffffff}) sendmsg$FOU_CMD_DEL(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x24, 0x0, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e23}]}, 0x24}, 0x1, 0x0, 0x0, 0xe9aa4ee7702195e6}, 0x4000) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r2, 0x400, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x80000001, 0x4}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x61}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x75}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x4080) [ 710.426526][ T5943] Bluetooth: Wrong link type (-22) [ 710.427794][ T5943] Bluetooth: hci4: link tx timeout [ 710.428900][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 710.430594][ T5943] Bluetooth: Wrong link type (-22) [ 710.431754][ T5943] Bluetooth: hci4: link tx timeout [ 710.433502][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 710.435348][ T5943] Bluetooth: Wrong link type (-22) [ 710.436587][ T5943] Bluetooth: hci4: link tx timeout [ 710.437694][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 710.439451][ T5943] Bluetooth: Wrong link type (-22) [ 710.440637][ T5943] Bluetooth: hci4: link tx timeout [ 710.441777][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 710.443515][ T5943] Bluetooth: Wrong link type (-22) [ 710.444687][ T5943] Bluetooth: hci4: link tx timeout [ 710.445782][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 710.447513][ T5943] Bluetooth: Wrong link type (-22) [ 710.448642][ T5943] Bluetooth: hci4: link tx timeout [ 710.449694][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:50 executing program 5: syz_emit_vhci(0x0, 0x0) 00:11:50 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010"], 0x15) 00:11:50 executing program 4: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000040)={0x0, 0x1}) (async) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000000)=[0x2, 0x3], 0x2) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="04ff0090558481758756b702c4cf203add3364c0b031333a71c9568dd2bcaca65a05b580140511acbeb4c3fda498d86b92132248855a03e861fe993d49c006cf11f90be87a38f23c3bf8ae4d0c50e43747a39658aa670d6b34cc062ae01aad7dd885d67cc8d28fffa8653819357181575961f5b33f4bd92c7f2ce4ac7ef04d47e17852a7da9ef13ba0de5a198737fb7595e3c0f2d20fdf0a99508075288e3325282a29a36d2b5269932cdf2ff9a53b92ee784d2e925ad3e5ddec2dcfd0e9d8a1bae05b964ed1e1cf5cc7a340896d444fe56ce35708940f27a0c4cc22798f628e62bfeba8fc2b0c8ddb1fb78d6052a7c1e2eed0353be11ccb7d683d9fdaf14c7fa66098237f72a001f565f8684dbf04f7dbf0bd59e5781e975438e611e175bcfa72fff49b45e4b0b84836"], 0x3) [ 710.451747][ T5943] Bluetooth: Wrong link type (-22) [ 710.453626][ T5943] Bluetooth: hci4: link tx timeout [ 710.454732][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 710.456644][ T5943] Bluetooth: Wrong link type (-22) [ 710.457876][ T5943] Bluetooth: hci4: link tx timeout [ 710.458959][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 710.460733][ T5943] Bluetooth: Wrong link type (-22) [ 710.461888][ T5943] Bluetooth: hci4: link tx timeout [ 710.463060][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 710.465057][ T5943] Bluetooth: Wrong link type (-22) [ 710.466528][ T5943] Bluetooth: Wrong link type (-22) [ 710.467659][ T5943] Bluetooth: Wrong link type (-22) [ 710.468831][ T5943] Bluetooth: Wrong link type (-22) [ 710.469934][ T5943] Bluetooth: Wrong link type (-22) [ 710.471055][ T5943] Bluetooth: Wrong link type (-22) [ 710.472150][ T5943] Bluetooth: Wrong link type (-22) [ 710.473408][ T5943] Bluetooth: Wrong link type (-22) [ 710.474529][ T5943] Bluetooth: Wrong link type (-22) [ 710.475704][ T5943] Bluetooth: Wrong link type (-22) [ 710.476851][ T5943] Bluetooth: Wrong link type (-22) [ 710.478013][ T5943] Bluetooth: Wrong link type (-22) [ 710.479060][ T5943] Bluetooth: Wrong link type (-22) [ 710.480218][ T5943] Bluetooth: Wrong link type (-22) [ 710.481404][ T5943] Bluetooth: Wrong link type (-22) [ 710.482534][ T5943] Bluetooth: Wrong link type (-22) [ 710.483781][ T5943] Bluetooth: Wrong link type (-22) [ 710.484922][ T5943] Bluetooth: Wrong link type (-22) [ 710.486045][ T5943] Bluetooth: Wrong link type (-22) [ 710.487206][ T5943] Bluetooth: Wrong link type (-22) [ 710.488329][ T5943] Bluetooth: Wrong link type (-22) [ 710.489430][ T5943] Bluetooth: Wrong link type (-22) [ 710.490517][ T5943] Bluetooth: Wrong link type (-22) 00:11:50 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}, {0x0, 0x20}}}}, 0x15) (async) ioctl$IOMMU_TEST_OP_ACCESS_RW(0xffffffffffffffff, 0x3ba0, &(0x7f0000000140)={0x38, 0x8, 0xffffffffffffffff, 0x0, 0x7fffffffffffffff, 0xc5, &(0x7f0000000040)="8ed89b9b037020b6e63fe002b1408754f7e7fc60635bc591751e128c7294b50add442d6f73b97016248446fdfa3cc00df9785b74cea798d4ccfbf80e396959915f879444397dc119d91a8f464347f8b4d9e8b099a649780398bf65be215a9991b54e6e09b1912d18b70b81ca78698765940b9c95c469e106ba1df2fde166e7d14fbf772537a4703a8da8a50a57a6cc50c3b73bb0305347208d2009d403128077368f04ae7142e2d86175f3e7f8adf938bf949eceb168567624a0480b8ea066a0a93874b064", 0x4}) [ 710.491686][ T5943] Bluetooth: Wrong link type (-22) [ 710.492770][ T5943] Bluetooth: Wrong link type (-22) [ 710.494040][ T5943] Bluetooth: Wrong link type (-22) [ 710.495139][ T5943] Bluetooth: Wrong link type (-22) [ 710.496238][ T5943] Bluetooth: Wrong link type (-22) [ 710.497302][ T5943] Bluetooth: Wrong link type (-22) [ 710.498429][ T5943] Bluetooth: Wrong link type (-22) [ 710.499539][ T5943] Bluetooth: Wrong link type (-22) [ 710.500636][ T5943] Bluetooth: Wrong link type (-22) [ 710.501725][ T5943] Bluetooth: Wrong link type (-22) [ 710.503604][ T5943] Bluetooth: Wrong link type (-22) [ 710.504855][ T5943] Bluetooth: Wrong link type (-22) [ 710.505918][ T5943] Bluetooth: Wrong link type (-22) [ 710.507082][ T5943] Bluetooth: Wrong link type (-22) [ 710.508188][ T5943] Bluetooth: Wrong link type (-22) [ 710.509340][ T5943] Bluetooth: Wrong link type (-22) [ 710.510435][ T5943] Bluetooth: Wrong link type (-22) [ 710.511537][ T5943] Bluetooth: Wrong link type (-22) [ 710.512642][ T5943] Bluetooth: Wrong link type (-22) [ 710.513813][ T5943] Bluetooth: Wrong link type (-22) [ 710.514907][ T5943] Bluetooth: Wrong link type (-22) [ 710.516037][ T5943] Bluetooth: Wrong link type (-22) [ 710.517133][ T5943] Bluetooth: Wrong link type (-22) [ 710.518245][ T5943] Bluetooth: Wrong link type (-22) [ 710.518325][ T5502] Bluetooth: Frame is too long (len 16, expected len 4) [ 710.519395][ T5943] Bluetooth: Wrong link type (-22) [ 710.519422][ T5943] Bluetooth: Wrong link type (-22) [ 710.523226][ T5943] Bluetooth: Wrong link type (-22) [ 710.524325][ T5943] Bluetooth: Wrong link type (-22) [ 710.525487][ T5943] Bluetooth: Wrong link type (-22) [ 710.526551][ T5943] Bluetooth: Wrong link type (-22) [ 710.527584][ T5943] Bluetooth: Wrong link type (-22) [ 710.528758][ T5943] Bluetooth: Wrong link type (-22) [ 710.529874][ T5943] Bluetooth: Wrong link type (-22) [ 710.531023][ T5943] Bluetooth: Wrong link type (-22) [ 710.532154][ T5943] Bluetooth: hci4: link tx timeout [ 710.533590][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:50 executing program 0: ptrace$peeksig(0x4209, 0x0, &(0x7f0000000000)={0x69, 0x0, 0x2}, &(0x7f0000000080)=[{}, {}]) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x9) r0 = gettid() syz_open_procfs$namespace(r0, 0x0) ptrace$peeksig(0x4209, r0, &(0x7f0000000180)={0x38, 0x0, 0xa}, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}]) 00:11:50 executing program 1: syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="f8c38ee59ff1bde65b10c54009ef901187ca228827cf48c6be16ee8946baec7f6e1d8ee9e5ad1894fb72b71056e95435fd50e559333e475b788f0b1b883f4707ea8d53e3c5d9a29a0ff279c89a3e280673abcaf5f6bb1bfecd962a6acd8632631036f3c255408deca185423eaf485e97123448625f5fed8a899c970be1936fadf16e764a781d971e5bf7d4392ceec3b05f42bb7d99503561dc8d2573c8b07e5f2e7e05dbf7d613bd41ee2875a3850894a4175e9fe3274c78852d6e9510b6233e5396eaf4ddbb6033e8baecd2181ffa8fceeecaf6a1420e12d8a422b844d79a5d507712b9722afa3dc39b5c61c65186f10179fc2031ce84b6fd17c01349f4aa99312e5e30b4ed3fdf26e2e2f847f2c28d9aa099459e9a00d35f25df95c0d960b6849d31b5b6ed4ccf30ef58aa8dda4663fc1ff19293120f20095b79f4127f723b2e51d6536370bf56fc13e4d7e582db0b2aade4d377318cb02a7c26926aaeaf4a36ed9adfd94f9951bdd841f47b18de"], 0x9) socketpair(0x23, 0x6, 0x9, &(0x7f00000002c0)={0xffffffffffffffff}) sendmsg$FOU_CMD_DEL(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x24, 0x0, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e23}]}, 0x24}, 0x1, 0x0, 0x0, 0xe9aa4ee7702195e6}, 0x4000) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r2, 0x400, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x80000001, 0x4}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x61}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x75}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x4080) 00:11:50 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}, {0xffc1, 0x0, 0x0, 0xffff}}}}, 0x15) 00:11:50 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010"], 0x15) 00:11:50 executing program 3: r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) ioctl$DRM_IOCTL_SWITCH_CTX(r0, 0x5452, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) 00:11:50 executing program 4: r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000001080)='syz1\x00', 0x1ff) ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000040)={0x0, 0x1}) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000000)=[0x2, 0x3], 0x2) (async) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000000)=[0x2, 0x3], 0x2) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="04ff0090558481758756b702c4cf203add3364c0b031333a71c9568dd2bcaca65a05b580140511acbeb4c3fda498d86b92132248855a03e861fe993d49c006cf11f90be87a38f23c3bf8ae4d0c50e43747a39658aa670d6b34cc062ae01aad7dd885d67cc8d28fffa8653819357181575961f5b33f4bd92c7f2ce4ac7ef04d47e17852a7da9ef13ba0de5a198737fb7595e3c0f2d20fdf0a99508075288e3325282a29a36d2b5269932cdf2ff9a53b92ee784d2e925ad3e5ddec2dcfd0e9d8a1bae05b964ed1e1cf5cc7a340896d444fe56ce35708940f27a0c4cc22798f628e62bfeba8fc2b0c8ddb1fb78d6052a7c1e2eed0353be11ccb7d683d9fdaf14c7fa66098237f72a001f565f8684dbf04f7dbf0bd59e5781e975438e611e175bcfa72fff49b45e4b0b84836"], 0x3) [ 710.586756][ T5943] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 710.594143][ T5943] Bluetooth: Frame is too long (len 16, expected len 4) 00:11:50 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9001000"], 0x15) 00:11:50 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}, {0xffc1, 0x0, 0x0, 0xffff}}}}, 0x15) [ 710.608005][ T5943] Bluetooth: Wrong link type (-22) [ 710.609197][ T5943] Bluetooth: hci4: link tx timeout [ 710.610295][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 710.623819][ T5943] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:50 executing program 0: ptrace$peeksig(0x4209, 0x0, &(0x7f0000000000)={0x69, 0x0, 0x2}, &(0x7f0000000080)=[{}, {}]) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x9) r0 = gettid() syz_open_procfs$namespace(r0, 0x0) ptrace$peeksig(0x4209, r0, &(0x7f0000000180)={0x38, 0x0, 0xa}, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}]) ptrace$peeksig(0x4209, 0x0, &(0x7f0000000000)={0x69, 0x0, 0x2}, &(0x7f0000000080)=[{}, {}]) (async) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x9) (async) gettid() (async) syz_open_procfs$namespace(r0, 0x0) (async) ptrace$peeksig(0x4209, r0, &(0x7f0000000180)={0x38, 0x0, 0xa}, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}]) (async) 00:11:50 executing program 3: r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) ioctl$DRM_IOCTL_SWITCH_CTX(r0, 0x5452, 0x0) (async) ioctl$DRM_IOCTL_SWITCH_CTX(r0, 0x5452, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) [ 710.640387][ T5943] Bluetooth: Frame is too long (len 16, expected len 4) 00:11:50 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9001000"], 0x15) 00:11:50 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}, {0xffc1, 0x0, 0x0, 0xffff}}}}, 0x15) 00:11:50 executing program 4: pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000040)=0x2, 0x4) getsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f0000000100)={@private0, 0x0}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=@ipv6_getaddr={0x98, 0x16, 0x800, 0x70bd2a, 0x25dfdbfd, {0xa, 0x78, 0x21, 0xff, r1}, [@IFA_ADDRESS={0x14, 0x1, @private0}, @IFA_FLAGS={0x8, 0x8, 0x660}, @IFA_LOCAL={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @IFA_RT_PRIORITY={0x8, 0x9, 0x8cc7}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x2}, @IFA_ADDRESS={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_RT_PRIORITY={0x8, 0x9, 0xfffff3e0}, @IFA_FLAGS={0x8, 0x8, 0x201}, @IFA_CACHEINFO={0x14, 0x6, {0x0, 0x4, 0x7}}]}, 0x98}, 0x1, 0x0, 0x0, 0x24008081}, 0x40000) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) [ 710.666182][ T5943] Bluetooth: hci3: ACL packet for unknown connection handle 0 00:11:50 executing program 1: syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="f8c38ee59ff1bde65b10c54009ef901187ca228827cf48c6be16ee8946baec7f6e1d8ee9e5ad1894fb72b71056e95435fd50e559333e475b788f0b1b883f4707ea8d53e3c5d9a29a0ff279c89a3e280673abcaf5f6bb1bfecd962a6acd8632631036f3c255408deca185423eaf485e97123448625f5fed8a899c970be1936fadf16e764a781d971e5bf7d4392ceec3b05f42bb7d99503561dc8d2573c8b07e5f2e7e05dbf7d613bd41ee2875a3850894a4175e9fe3274c78852d6e9510b6233e5396eaf4ddbb6033e8baecd2181ffa8fceeecaf6a1420e12d8a422b844d79a5d507712b9722afa3dc39b5c61c65186f10179fc2031ce84b6fd17c01349f4aa99312e5e30b4ed3fdf26e2e2f847f2c28d9aa099459e9a00d35f25df95c0d960b6849d31b5b6ed4ccf30ef58aa8dda4663fc1ff19293120f20095b79f4127f723b2e51d6536370bf56fc13e4d7e582db0b2aade4d377318cb02a7c26926aaeaf4a36ed9adfd94f9951bdd841f47b18de"], 0x9) socketpair(0x23, 0x6, 0x9, &(0x7f00000002c0)={0xffffffffffffffff}) sendmsg$FOU_CMD_DEL(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x24, 0x0, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e23}]}, 0x24}, 0x1, 0x0, 0x0, 0xe9aa4ee7702195e6}, 0x4000) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) 00:11:50 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x0, 0x8}, {0xffc1, 0x0, 0x0, 0xffff}}}}, 0x15) 00:11:50 executing program 0: ptrace$peeksig(0x4209, 0x0, &(0x7f0000000000)={0x69, 0x0, 0x2}, &(0x7f0000000080)=[{}, {}]) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x9) r0 = gettid() syz_open_procfs$namespace(r0, 0x0) (async) syz_open_procfs$namespace(r0, 0x0) ptrace$peeksig(0x4209, r0, &(0x7f0000000180)={0x38, 0x0, 0xa}, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}]) [ 710.685752][ T5943] Bluetooth: Frame is too long (len 16, expected len 4) [ 710.687671][ T5943] Bluetooth: Wrong link type (-22) [ 710.688909][ T5943] Bluetooth: hci4: link tx timeout [ 710.690012][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:50 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x0, 0x8}, {0x0, 0x0, 0x0, 0xffff}}}}, 0x15) 00:11:50 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9001000"], 0x15) 00:11:50 executing program 3: r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) ioctl$DRM_IOCTL_SWITCH_CTX(r0, 0x5452, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) (async) ioctl$DRM_IOCTL_SWITCH_CTX(r0, 0x5452, 0x0) (async) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x8}}}}, 0x15) (async) 00:11:50 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000000), 0x5, 0x8040) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000100)={&(0x7f0000000080)=[0x7, 0x0, 0x3], &(0x7f0000000040)=[0x0, 0x0], 0x3, 0x9, 0xc0c0c0c0}) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYRESDEC=r0, @ANYRES16=r0, @ANYRES64=r0, @ANYRESHEX=r0], 0x9) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) sendto$isdn(r1, &(0x7f0000000180)={0x2, 0x401, "10a76b6414d90970e801f8502fd030b091a2ec336f4f028e7b7ce53b9623144819df97b2d0d1a5ed4af66441583bddd4b33e0f3025ca9288b5e5a5e772c2e96883eac67bebed75eeeac77cb8e1fa59d184a478e9bdb1111f30f8b89d1386b89bb86cb4390849c7cb3ed0fd51362aadbfa10e3080f5125c2514247b0cebb734e9fd8aba0ddf80d3b4fcd74a86c4"}, 0x95, 0x4, &(0x7f00000000c0)={0x22, 0x7, 0x13, 0x0, 0x2}, 0x6) geteuid() [ 710.730781][ T5943] Bluetooth: Frame is too long (len 16, expected len 4) 00:11:50 executing program 4: pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000040)=0x2, 0x4) (async) getsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f0000000100)={@private0, 0x0}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=@ipv6_getaddr={0x98, 0x16, 0x800, 0x70bd2a, 0x25dfdbfd, {0xa, 0x78, 0x21, 0xff, r1}, [@IFA_ADDRESS={0x14, 0x1, @private0}, @IFA_FLAGS={0x8, 0x8, 0x660}, @IFA_LOCAL={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @IFA_RT_PRIORITY={0x8, 0x9, 0x8cc7}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x2}, @IFA_ADDRESS={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_RT_PRIORITY={0x8, 0x9, 0xfffff3e0}, @IFA_FLAGS={0x8, 0x8, 0x201}, @IFA_CACHEINFO={0x14, 0x6, {0x0, 0x4, 0x7}}]}, 0x98}, 0x1, 0x0, 0x0, 0x24008081}, 0x40000) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) [ 710.739924][ T5943] Bluetooth: Wrong link type (-22) [ 710.741117][ T5943] Bluetooth: hci4: link tx timeout [ 710.742275][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:50 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x0, 0x8}}}}, 0x15) 00:11:50 executing program 2: pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000040)=0x2, 0x4) getsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f0000000100)={@private0, 0x0}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=@ipv6_getaddr={0x98, 0x16, 0x800, 0x70bd2a, 0x25dfdbfd, {0xa, 0x78, 0x21, 0xff, r1}, [@IFA_ADDRESS={0x14, 0x1, @private0}, @IFA_FLAGS={0x8, 0x8, 0x660}, @IFA_LOCAL={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @IFA_RT_PRIORITY={0x8, 0x9, 0x8cc7}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x2}, @IFA_ADDRESS={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_RT_PRIORITY={0x8, 0x9, 0xfffff3e0}, @IFA_FLAGS={0x8, 0x8, 0x201}, @IFA_CACHEINFO={0x14, 0x6, {0x0, 0x4, 0x7}}]}, 0x98}, 0x1, 0x0, 0x0, 0x24008081}, 0x40000) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) [ 710.760132][ T5943] Bluetooth: Wrong link type (-22) [ 710.761336][ T5943] Bluetooth: hci4: link tx timeout [ 710.762474][ T5943] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa 00:11:50 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000000), 0x5, 0x8040) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000100)={&(0x7f0000000080)=[0x7, 0x0, 0x3], &(0x7f0000000040)=[0x0, 0x0], 0x3, 0x9, 0xc0c0c0c0}) (async) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYRESDEC=r0, @ANYRES16=r0, @ANYRES64=r0, @ANYRESHEX=r0], 0x9) (async) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) mkdirat$cgroup(r1, &(0x7f0000001080)='syz1\x00', 0x1ff) sendto$isdn(r1, &(0x7f0000000180)={0x2, 0x401, "10a76b6414d90970e801f8502fd030b091a2ec336f4f028e7b7ce53b9623144819df97b2d0d1a5ed4af66441583bddd4b33e0f3025ca9288b5e5a5e772c2e96883eac67bebed75eeeac77cb8e1fa59d184a478e9bdb1111f30f8b89d1386b89bb86cb4390849c7cb3ed0fd51362aadbfa10e3080f5125c2514247b0cebb734e9fd8aba0ddf80d3b4fcd74a86c4"}, 0x95, 0x4, &(0x7f00000000c0)={0x22, 0x7, 0x13, 0x0, 0x2}, 0x6) geteuid() 00:11:50 executing program 1: syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="f8c38ee59ff1bde65b10c54009ef901187ca228827cf48c6be16ee8946baec7f6e1d8ee9e5ad1894fb72b71056e95435fd50e559333e475b788f0b1b883f4707ea8d53e3c5d9a29a0ff279c89a3e280673abcaf5f6bb1bfecd962a6acd8632631036f3c255408deca185423eaf485e97123448625f5fed8a899c970be1936fadf16e764a781d971e5bf7d4392ceec3b05f42bb7d99503561dc8d2573c8b07e5f2e7e05dbf7d613bd41ee2875a3850894a4175e9fe3274c78852d6e9510b6233e5396eaf4ddbb6033e8baecd2181ffa8fceeecaf6a1420e12d8a422b844d79a5d507712b9722afa3dc39b5c61c65186f10179fc2031ce84b6fd17c01349f4aa99312e5e30b4ed3fdf26e2e2f847f2c28d9aa099459e9a00d35f25df95c0d960b6849d31b5b6ed4ccf30ef58aa8dda4663fc1ff19293120f20095b79f4127f723b2e51d6536370bf56fc13e4d7e582db0b2aade4d377318cb02a7c26926aaeaf4a36ed9adfd94f9951bdd841f47b18de"], 0x9) socketpair(0x23, 0x6, 0x9, &(0x7f00000002c0)={0xffffffffffffffff}) sendmsg$FOU_CMD_DEL(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x24, 0x0, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e23}]}, 0x24}, 0x1, 0x0, 0x0, 0xe9aa4ee7702195e6}, 0x4000) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) 00:11:50 executing program 4: pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000040)=0x2, 0x4) getsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f0000000100)={@private0, 0x0}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=@ipv6_getaddr={0x98, 0x16, 0x800, 0x70bd2a, 0x25dfdbfd, {0xa, 0x78, 0x21, 0xff, r1}, [@IFA_ADDRESS={0x14, 0x1, @private0}, @IFA_FLAGS={0x8, 0x8, 0x660}, @IFA_LOCAL={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @IFA_RT_PRIORITY={0x8, 0x9, 0x8cc7}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x2}, @IFA_ADDRESS={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_RT_PRIORITY={0x8, 0x9, 0xfffff3e0}, @IFA_FLAGS={0x8, 0x8, 0x201}, @IFA_CACHEINFO={0x14, 0x6, {0x0, 0x4, 0x7}}]}, 0x98}, 0x1, 0x0, 0x0, 0x24008081}, 0x40000) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) (async) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3) 00:11:50 executing program 5: syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="f8c38ee59ff1bde65b10c54009ef901187ca228827cf48c6be16ee8946baec7f6e1d8ee9e5ad1894fb72b71056e95435fd50e559333e475b788f0b1b883f4707ea8d53e3c5d9a29a0ff279c89a3e280673abcaf5f6bb1bfecd962a6acd8632631036f3c255408deca185423eaf485e97123448625f5fed8a899c970be1936fadf16e764a781d971e5bf7