, device number 17 [ 2198.898016][T17808] loop1: detected capacity change from 0 to 65551 [ 2198.905897][T17808] F2FS-fs (loop1): Invalid segment/section count (31, 24 x 1) [ 2198.905925][T17808] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 2198.907046][T17808] F2FS-fs (loop1): invalid crc_offset: 0 [ 2198.910051][T17808] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 0) [ 2198.935261][T17808] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 2198.935286][T17808] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 2198.991090][T17808] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 2198.991121][T17808] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b 19:19:38 executing program 1: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./mnt\x00', 0x0, 0xe, &(0x7f0000000200)=[{&(0x7f0000010000)="1020f5f201000e0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f", 0x31, 0x400}, {&(0x7f0000010360)="1020f5f201000e0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f00000106c0)="0bd03b7500000000001000000000000002000000000000000d0000001000000012000000000000000100000002000000ffffffffffffffffffffffffffffffffffffffff01000000000000000000000000000000030000000b00000005000000ffffffffffffffffffffffffffffffffffffffff010000000000000000000000000000008501000006000000010000000100000001000000040000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010780)="00000000000000000000000000000000000000000000000000000000d9fa28d501000300000000030000000010", 0x2d, 0x200fe0}, {&(0x7f00000107c0)="000000000000000000000000000000000000000000000000000000060000000000010c80", 0x24, 0x2011e0}, {&(0x7f0000010800)="000000000000000000000001", 0xc, 0x201240}, {&(0x7f0000010820)="0000000000000000000000000000000000000000000000000002", 0x1a, 0x201280}, {&(0x7f0000010840)="0000000000000003", 0x8, 0x2012e0}, {&(0x7f0000010860)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v', 0x16, 0x201320}, {&(0x7f0000010880)="00000005", 0x4, 0x201380}, {&(0x7f0000010920)="00000000000000000000000000000000000000000000000000000001000000000bd03b7500000000001000000000000002000000000000000d0000001000000012000000000000000100000002000000ffffffffffffffffffffffffffffffffffffffff01000000000000000000000000000000030000000b00000005000000ffffffffffffffffffffffffffffffffffffffff010000000000000000000000000000008501000006000000010000000100000001000000040000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000010a00)="00000000000000000000000000000000000000000000000000000000d9fa28d5", 0x20, 0x205fe0}, {&(0x7f0000010ca0)="ed410000e8030000e803000002000000001000000000000002", 0x19, 0x1000000}, {&(0x7f0000010d20)="00000000000000000300000003", 0xd, 0x1000fe0}], 0x0, &(0x7f0000010da0)) 19:19:38 executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/seq/clients\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000540)=[{&(0x7f0000000180)=""/191, 0xbf}], 0x1, 0x4, 0x0) 19:19:38 executing program 4: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/seq/clients\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000540)=[{&(0x7f0000000180)=""/191, 0xbf}], 0x1, 0x4, 0x0) 19:19:38 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x29, 0x3a, 0x0, 0xfe87) 19:19:38 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x5452, &(0x7f0000000080)=0xffffffff) 19:19:38 executing program 2: syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[{{0x9, 0x5, 0x81, 0x3, 0x1b831f2f4263a440, 0x6}}], {{0x9, 0x5, 0x82, 0x2, 0x40}}, {{0x9, 0x5, 0x3, 0x2, 0x400}}}}}]}}]}}, 0x0) 19:19:38 executing program 5: syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[{{0x9, 0x5, 0x81, 0x3, 0x1b831f2f4263a440, 0x6}}], {{0x9, 0x5, 0x82, 0x2, 0x40}}, {{0x9, 0x5, 0x3, 0x2, 0x400}}}}}]}}]}}, 0x0) 19:19:38 executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) pipe(&(0x7f0000001080)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000001500)=[{&(0x7f0000000040)="ed", 0x1}], 0x1) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000000)) 19:19:38 executing program 4: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/seq/clients\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000540)=[{&(0x7f0000000180)=""/191, 0xbf}], 0x1, 0x4, 0x0) 19:19:38 executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/seq/clients\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000540)=[{&(0x7f0000000180)=""/191, 0xbf}], 0x1, 0x4, 0x0) [ 2201.264244][T17826] Error: Driver 'raw-gadget' is already registered, aborting... [ 2201.264260][T17826] UDC core: USB Raw Gadget: driver registration failed: -16 [ 2201.264281][T17826] misc raw-gadget: fail, usb_gadget_register_driver returned -16 19:19:39 executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) pipe(&(0x7f0000001080)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000001500)=[{&(0x7f0000000040)="ed", 0x1}], 0x1) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000000)) 19:19:39 executing program 0: sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="340000002c0000000000000000000000000000003b1749c97093e504fbaef42433ee7e835501fe6fdefac02947a03c261bfc5d7c55fa3bb3e995672ec5d86dfacd7a1b36e8e2453f4f1dc7b9f1f512eeed2bae7e47912183ec"], 0x34}}, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003780)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000380)="a18acfd8de8029fceacca74dfc62497f3a52b260db6df61ca293c92284f9c061c25da56ce8cc52de01761b25352690f6c2dd12270b36a2fa980ca76863a9378ea42e2b12aa7c334f6c94d488e971352dd5641f3a4de14f0b191cb0a6be31e15944a5217aedcfc32c00da2747e3aebdd0b5e4d79050aa1129e103220197e5245a836c3755f018b5807cd54468515f448d22bf43fcbd25abbd9a", 0x99}], 0x1}}], 0x1, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000000000000000000000bd000000000000000000000000ed0100000000400000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000067ff00000000000000050000000a004e200e8a34c38f"], 0x310) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000040)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) [ 2201.433315][ T1693] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 2201.793542][ T1693] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 42048, setting to 1024 [ 2201.793582][ T1693] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 2201.793612][ T1693] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 2201.953743][ T1693] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2201.953779][ T1693] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2201.953805][ T1693] usb 3-1: Product: syz [ 2201.953824][ T1693] usb 3-1: Manufacturer: syz [ 2201.953843][ T1693] usb 3-1: SerialNumber: syz [ 2201.980656][T17823] raw-gadget gadget.2: fail, usb_ep_enable returned -22 [ 2201.980712][T17823] raw-gadget gadget.2: fail, usb_ep_enable returned -22 [ 2201.980763][T17823] raw-gadget gadget.2: fail, usb_ep_enable returned -22 [ 2202.213480][ T1693] cdc_ether: probe of 3-1:1.0 failed with error -71 [ 2202.224197][ T1693] usb 3-1: USB disconnect, device number 18 19:19:52 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd4, 0x0, 0x4) 19:19:52 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000700), 0x4) 19:19:52 executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) pipe(&(0x7f0000001080)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000001500)=[{&(0x7f0000000040)="ed", 0x1}], 0x1) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000000)) 19:19:52 executing program 5: syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[{{0x9, 0x5, 0x81, 0x3, 0x1b831f2f4263a440, 0x6}}], {{0x9, 0x5, 0x82, 0x2, 0x40}}, {{0x9, 0x5, 0x3, 0x2, 0x400}}}}}]}}]}}, 0x0) 19:19:52 executing program 2: syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[{{0x9, 0x5, 0x81, 0x3, 0x1b831f2f4263a440, 0x6}}], {{0x9, 0x5, 0x82, 0x2, 0x40}}, {{0x9, 0x5, 0x3, 0x2, 0x400}}}}}]}}]}}, 0x0) 19:19:52 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000140)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000003a00190100000000000000000200000004000000100001800c001000040007"], 0x28}, 0x1, 0x2000}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r2, r1, 0x0, 0x900000002) 19:19:52 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x4a, 0x0, &(0x7f0000000040)) 19:19:52 executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) pipe(&(0x7f0000001080)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000001500)=[{&(0x7f0000000040)="ed", 0x1}], 0x1) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000000)) [ 2214.625910][T17848] Error: Driver 'raw-gadget' is already registered, aborting... [ 2214.625925][T17848] UDC core: USB Raw Gadget: driver registration failed: -16 [ 2214.625945][T17848] misc raw-gadget: fail, usb_gadget_register_driver returned -16 19:19:52 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100)=ANY=[@ANYRES16, @ANYBLOB="b5c7c9eb2501bdb3cbacf1d6a9432b3d9cde2ae877492aa1304ff7"], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20000100"], 0x38}}, 0x0) sendfile(r2, r1, 0x0, 0x80000000003) [ 2214.883563][T17335] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 2214.884879][ T28] audit: type=1804 audit(1655061592.641:875): pid=17859 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1340998625/syzkaller.FdAkly/471/cgroup.controllers" dev="sda1" ino=1183 res=1 errno=0 19:19:52 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000140)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000003a00190100000000000000000200000004000000100001800c001000040007"], 0x28}, 0x1, 0x2000}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r2, r1, 0x0, 0x900000002) [ 2214.903994][T17859] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 2215.057916][ T28] audit: type=1804 audit(1655061592.811:876): pid=17862 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir258052931/syzkaller.Fktl5N/26/cgroup.controllers" dev="sda1" ino=1168 res=1 errno=0 19:19:52 executing program 5: syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[{{0x9, 0x5, 0x81, 0x3, 0x1b831f2f4263a440, 0x6}}], {{0x9, 0x5, 0x82, 0x2, 0x40}}, {{0x9, 0x5, 0x3, 0x2, 0x400}}}}}]}}]}}, 0x0) 19:19:53 executing program 4: openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = socket$unix(0x1, 0x0, 0x0) sendmsg$unix(r0, &(0x7f0000004280)={&(0x7f0000001940)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000002a80)=[{0x0}], 0x1, &(0x7f0000004140)}, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$unix(0x1, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) sendmsg$unix(r1, &(0x7f0000004280)={&(0x7f0000001940)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000002a80)=[{0x0}], 0x1, &(0x7f0000004140)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x10}}], 0x28}, 0x0) openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000002cc0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000002d00), 0x10) syz_clone(0x48002000, &(0x7f0000002d40), 0x0, &(0x7f0000003d40), &(0x7f0000003d80), &(0x7f0000003dc0)="a9d577c3c05044dfb683c4d02e6a11f2a4d59fdde8ac83aaf58e3e196a3543c7b322bbea3de261c461c563aa2c333e232882d683df5decacca3083767013b60aa0002cd1262c499a84d2f89508ac7991") geteuid() [ 2215.236981][T17867] Error: Driver 'raw-gadget' is already registered, aborting... [ 2215.236997][T17867] UDC core: USB Raw Gadget: driver registration failed: -16 [ 2215.237015][T17867] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2215.247736][ T28] audit: type=1804 audit(1655061593.001:877): pid=17866 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1340998625/syzkaller.FdAkly/472/cgroup.controllers" dev="sda1" ino=1180 res=1 errno=0 [ 2215.256327][T17866] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 2215.273627][T17335] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 42048, setting to 1024 [ 2215.273667][T17335] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 2215.273700][T17335] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 2215.433571][T17335] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 19:19:53 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000140)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000003a00190100000000000000000200000004000000100001800c001000040007"], 0x28}, 0x1, 0x2000}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r2, r1, 0x0, 0x900000002) [ 2215.433606][T17335] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2215.433632][T17335] usb 3-1: Product: syz [ 2215.433649][T17335] usb 3-1: Manufacturer: syz [ 2215.433667][T17335] usb 3-1: SerialNumber: syz [ 2215.453606][T17846] raw-gadget gadget.2: fail, usb_ep_enable returned -22 [ 2215.453737][T17846] raw-gadget gadget.2: fail, usb_ep_enable returned -22 [ 2215.453832][T17846] raw-gadget gadget.2: fail, usb_ep_enable returned -22 [ 2215.669637][ T28] audit: type=1804 audit(1655061593.421:878): pid=17873 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1340998625/syzkaller.FdAkly/473/cgroup.controllers" dev="sda1" ino=1180 res=1 errno=0 19:19:53 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@deltaction={0x28, 0x31, 0x501, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x4}, @TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}]}]}, 0x28}}, 0x0) 19:19:53 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)={0x6c, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}}, {0x4, 0x2, @in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}}, 0x0) [ 2215.693443][T17335] cdc_ether: probe of 3-1:1.0 failed with error -71 [ 2215.705633][T17873] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 2215.713457][T17335] usb 3-1: USB disconnect, device number 19 19:19:53 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@deltaction={0x28, 0x31, 0x501, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x4}, @TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}]}]}, 0x28}}, 0x0) [ 2215.941293][T17878] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2215.941333][T17878] tipc: Enabling of bearer rejected, failed to enable media 19:19:54 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)={0x6c, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}}, {0x4, 0x2, @in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}}, 0x0) 19:19:54 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000140)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000003a00190100000000000000000200000004000000100001800c001000040007"], 0x28}, 0x1, 0x2000}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r2, r1, 0x0, 0x900000002) 19:19:54 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@deltaction={0x28, 0x31, 0x501, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x4}, @TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}]}]}, 0x28}}, 0x0) 19:19:54 executing program 2: syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[{{0x9, 0x5, 0x81, 0x3, 0x1b831f2f4263a440, 0x6}}], {{0x9, 0x5, 0x82, 0x2, 0x40}}, {{0x9, 0x5, 0x3, 0x2, 0x400}}}}}]}}]}}, 0x0) 19:19:54 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@deltaction={0x28, 0x31, 0x501, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x4}, @TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}]}]}, 0x28}}, 0x0) 19:19:54 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)={0x6c, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}}, {0x4, 0x2, @in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}}, 0x0) [ 2216.338402][T17886] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2216.338443][T17886] tipc: Enabling of bearer rejected, failed to enable media 19:19:54 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)={0x6c, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}}, {0x4, 0x2, @in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}}, 0x0) [ 2216.537563][ T28] audit: type=1804 audit(1655061594.291:879): pid=17884 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1340998625/syzkaller.FdAkly/474/cgroup.controllers" dev="sda1" ino=1183 res=1 errno=0 [ 2216.539735][T17893] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2216.543435][T17893] tipc: Enabling of bearer rejected, failed to enable media [ 2216.563312][T17884] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 2216.692788][T17897] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2216.692828][T17897] tipc: Enabling of bearer rejected, failed to enable media [ 2216.753394][ T23] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 2217.145175][ T23] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 42048, setting to 1024 [ 2217.145218][ T23] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 2217.145251][ T23] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 2217.313379][ T23] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2217.313415][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2217.313437][ T23] usb 3-1: Product: syz [ 2217.313455][ T23] usb 3-1: Manufacturer: syz [ 2217.313471][ T23] usb 3-1: SerialNumber: syz [ 2217.343543][T17890] raw-gadget gadget.2: fail, usb_ep_enable returned -22 [ 2217.343644][T17890] raw-gadget gadget.2: fail, usb_ep_enable returned -22 [ 2217.345030][T17890] raw-gadget gadget.2: fail, usb_ep_enable returned -22 19:19:55 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@ipv4_delrule={0x1c, 0x21, 0x1}, 0x1c}}, 0x0) 19:19:55 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0) syncfs(r3) 19:19:55 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0x84, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x1, 0x5a}}}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_IE={0x8, 0x2a, [@ibss={0x6, 0x2, 0x7ff}]}, @NL80211_ATTR_HIDDEN_SSID={0xa, 0x7e, @default_ap_ssid}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x1000}, @NL80211_ATTR_MESH_CONFIG={0x2c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_POWER_MODE={0x8, 0x1a, 0x2}, @NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT={0x8, 0xb, 0x8001}, @NL80211_MESHCONF_RETRY_TIMEOUT={0x6, 0x1, 0xb3}, @NL80211_MESHCONF_FORWARDING={0x5, 0x13, 0x1}, @NL80211_MESHCONF_MAX_PEER_LINKS={0x6, 0x4, 0xab}]}, @NL80211_ATTR_HIDDEN_SSID={0x13, 0x7e, @random="d6ea3d88b3bd09eac890c7b1482597"}, @NL80211_ATTR_CONTROL_PORT={0x4}]}, 0x84}, 0x1, 0x0, 0x0, 0x48010}, 0x80) sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x20, 0x6, 0x6, 0x3, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x24005000) 19:19:55 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) (fail_nth: 1) 19:19:55 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (fail_nth: 1) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2217.603737][ T23] cdc_ether: probe of 3-1:1.0 failed with error -71 [ 2217.608189][ T23] usb 3-1: USB disconnect, device number 20 [ 2217.738332][T17903] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2217.741873][T17902] FAULT_INJECTION: forcing a failure. [ 2217.741873][T17902] name fail_usercopy, interval 1, probability 0, space 0, times 1 19:19:55 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) (fail_nth: 2) [ 2217.741905][T17902] CPU: 0 PID: 17902 Comm: syz-executor.4 Not tainted 5.19.0-rc1-syzkaller-00303-g7a68065eb9cd #0 19:19:56 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0) syncfs(r3) 19:19:56 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0x84, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x1, 0x5a}}}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_IE={0x8, 0x2a, [@ibss={0x6, 0x2, 0x7ff}]}, @NL80211_ATTR_HIDDEN_SSID={0xa, 0x7e, @default_ap_ssid}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x1000}, @NL80211_ATTR_MESH_CONFIG={0x2c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_POWER_MODE={0x8, 0x1a, 0x2}, @NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT={0x8, 0xb, 0x8001}, @NL80211_MESHCONF_RETRY_TIMEOUT={0x6, 0x1, 0xb3}, @NL80211_MESHCONF_FORWARDING={0x5, 0x13, 0x1}, @NL80211_MESHCONF_MAX_PEER_LINKS={0x6, 0x4, 0xab}]}, @NL80211_ATTR_HIDDEN_SSID={0x13, 0x7e, @random="d6ea3d88b3bd09eac890c7b1482597"}, @NL80211_ATTR_CONTROL_PORT={0x4}]}, 0x84}, 0x1, 0x0, 0x0, 0x48010}, 0x80) sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x20, 0x6, 0x6, 0x3, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x24005000) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (async) sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0x84, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x1, 0x5a}}}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_IE={0x8, 0x2a, [@ibss={0x6, 0x2, 0x7ff}]}, @NL80211_ATTR_HIDDEN_SSID={0xa, 0x7e, @default_ap_ssid}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x1000}, @NL80211_ATTR_MESH_CONFIG={0x2c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_POWER_MODE={0x8, 0x1a, 0x2}, @NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT={0x8, 0xb, 0x8001}, @NL80211_MESHCONF_RETRY_TIMEOUT={0x6, 0x1, 0xb3}, @NL80211_MESHCONF_FORWARDING={0x5, 0x13, 0x1}, @NL80211_MESHCONF_MAX_PEER_LINKS={0x6, 0x4, 0xab}]}, @NL80211_ATTR_HIDDEN_SSID={0x13, 0x7e, @random="d6ea3d88b3bd09eac890c7b1482597"}, @NL80211_ATTR_CONTROL_PORT={0x4}]}, 0x84}, 0x1, 0x0, 0x0, 0x48010}, 0x80) (async) sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x20, 0x6, 0x6, 0x3, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x24005000) (async) [ 2217.741935][T17902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2217.741949][T17902] Call Trace: [ 2217.741956][T17902] [ 2217.741964][T17902] dump_stack_lvl+0xcd/0x134 [ 2217.742122][T17902] should_fail.cold+0x5/0xa [ 2217.742155][T17902] _copy_from_user+0x2a/0x170 [ 2217.742283][T17902] __copy_msghdr_from_user+0x91/0x4b0 [ 2217.742366][T17902] ? __ia32_sys_shutdown+0x70/0x70 [ 2217.742394][T17902] ? __lock_acquire+0xbca/0x5660 [ 2217.742458][T17902] sendmsg_copy_msghdr+0xa1/0x160 [ 2217.742484][T17902] ? do_recvmmsg+0x6d0/0x6d0 19:19:56 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) (fail_nth: 3) [ 2217.742509][T17902] ? lockdep_hardirqs_on_prepare+0x400/0x400 19:19:56 executing program 2: getpgid(0xffffffffffffffff) r0 = syz_clone(0x1002a400, &(0x7f0000000300), 0x0, &(0x7f0000000400), 0x0, 0x0) syz_clone3(&(0x7f0000000880)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000680), {0x1b}, 0x0, 0x0, 0x0, &(0x7f0000000840)=[0x0], 0x1}, 0x58) r1 = gettid() syz_clone3(&(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000000140), {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[r0, r1], 0x2}, 0x58) [ 2217.742541][T17902] ? _parse_integer+0x30/0x30 [ 2217.742571][T17902] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2217.742605][T17902] ___sys_sendmsg+0xc6/0x170 [ 2217.742630][T17902] ? sendmsg_copy_msghdr+0x160/0x160 [ 2217.742657][T17902] ? __fget_files+0x248/0x440 [ 2217.742724][T17902] ? lock_downgrade+0x6e0/0x6e0 [ 2217.742754][T17902] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2217.742788][T17902] ? __fget_files+0x26a/0x440 [ 2217.742814][T17902] ? __fget_light+0xe5/0x270 [ 2217.742840][T17902] __x64_sys_sendmsg+0x132/0x220 [ 2217.742867][T17902] ? __sys_sendmsg+0x1b0/0x1b0 [ 2217.742895][T17902] ? syscall_enter_from_user_mode+0x21/0x70 [ 2217.742954][T17902] ? syscall_enter_from_user_mode+0x21/0x70 19:19:57 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0) syncfs(r3) [ 2217.742983][T17902] do_syscall_64+0x35/0xb0 [ 2217.743019][T17902] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 2217.743084][T17902] RIP: 0033:0x7f78f6889109 [ 2217.743102][T17902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2217.743132][T17902] RSP: 002b:00007f78f7a9e168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2217.743156][T17902] RAX: ffffffffffffffda RBX: 00007f78f699bf60 RCX: 00007f78f6889109 [ 2217.743174][T17902] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 19:19:57 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0x84, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x1, 0x5a}}}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_IE={0x8, 0x2a, [@ibss={0x6, 0x2, 0x7ff}]}, @NL80211_ATTR_HIDDEN_SSID={0xa, 0x7e, @default_ap_ssid}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x1000}, @NL80211_ATTR_MESH_CONFIG={0x2c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_POWER_MODE={0x8, 0x1a, 0x2}, @NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT={0x8, 0xb, 0x8001}, @NL80211_MESHCONF_RETRY_TIMEOUT={0x6, 0x1, 0xb3}, @NL80211_MESHCONF_FORWARDING={0x5, 0x13, 0x1}, @NL80211_MESHCONF_MAX_PEER_LINKS={0x6, 0x4, 0xab}]}, @NL80211_ATTR_HIDDEN_SSID={0x13, 0x7e, @random="d6ea3d88b3bd09eac890c7b1482597"}, @NL80211_ATTR_CONTROL_PORT={0x4}]}, 0x84}, 0x1, 0x0, 0x0, 0x48010}, 0x80) sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x20, 0x6, 0x6, 0x3, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x24005000) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (async) sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0x84, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x1, 0x5a}}}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_IE={0x8, 0x2a, [@ibss={0x6, 0x2, 0x7ff}]}, @NL80211_ATTR_HIDDEN_SSID={0xa, 0x7e, @default_ap_ssid}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x1000}, @NL80211_ATTR_MESH_CONFIG={0x2c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_POWER_MODE={0x8, 0x1a, 0x2}, @NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT={0x8, 0xb, 0x8001}, @NL80211_MESHCONF_RETRY_TIMEOUT={0x6, 0x1, 0xb3}, @NL80211_MESHCONF_FORWARDING={0x5, 0x13, 0x1}, @NL80211_MESHCONF_MAX_PEER_LINKS={0x6, 0x4, 0xab}]}, @NL80211_ATTR_HIDDEN_SSID={0x13, 0x7e, @random="d6ea3d88b3bd09eac890c7b1482597"}, @NL80211_ATTR_CONTROL_PORT={0x4}]}, 0x84}, 0x1, 0x0, 0x0, 0x48010}, 0x80) (async) sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x20, 0x6, 0x6, 0x3, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x24005000) (async) [ 2217.743188][T17902] RBP: 00007f78f7a9e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2217.743202][T17902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2217.743217][T17902] R13: 00007ffd04f7becf R14: 00007f78f7a9e300 R15: 0000000000022000 [ 2217.743234][T17902] [ 2217.767470][T17905] FAULT_INJECTION: forcing a failure. [ 2217.767470][T17905] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2217.767502][T17905] CPU: 0 PID: 17905 Comm: syz-executor.0 Not tainted 5.19.0-rc1-syzkaller-00303-g7a68065eb9cd #0 [ 2217.767529][T17905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2217.767543][T17905] Call Trace: [ 2217.767550][T17905] [ 2217.767562][T17905] dump_stack_lvl+0xcd/0x134 [ 2217.767594][T17905] should_fail.cold+0x5/0xa [ 2217.767619][T17905] _copy_from_user+0x2a/0x170 [ 2217.767648][T17905] __copy_msghdr_from_user+0x91/0x4b0 [ 2217.767674][T17905] ? __ia32_sys_shutdown+0x70/0x70 [ 2217.767700][T17905] ? __lock_acquire+0xbca/0x5660 [ 2217.767731][T17905] sendmsg_copy_msghdr+0xa1/0x160 [ 2217.767756][T17905] ? do_recvmmsg+0x6d0/0x6d0 [ 2217.767779][T17905] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2217.767808][T17905] ? _parse_integer+0x30/0x30 [ 2217.767835][T17905] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2217.767866][T17905] ___sys_sendmsg+0xc6/0x170 [ 2217.767889][T17905] ? sendmsg_copy_msghdr+0x160/0x160 [ 2217.767914][T17905] ? __fget_files+0x248/0x440 [ 2217.767937][T17905] ? lock_downgrade+0x6e0/0x6e0 [ 2217.767965][T17905] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2217.767996][T17905] ? __fget_files+0x26a/0x440 [ 2217.768019][T17905] ? __fget_light+0xe5/0x270 [ 2217.768043][T17905] __x64_sys_sendmsg+0x132/0x220 [ 2217.768067][T17905] ? __sys_sendmsg+0x1b0/0x1b0 [ 2217.768092][T17905] ? syscall_enter_from_user_mode+0x21/0x70 [ 2217.768120][T17905] ? syscall_enter_from_user_mode+0x21/0x70 [ 2217.768152][T17905] do_syscall_64+0x35/0xb0 [ 2217.768180][T17905] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 2217.768211][T17905] RIP: 0033:0x7f5f9c889109 [ 2217.768229][T17905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2217.768253][T17905] RSP: 002b:00007f5f9d970168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2217.768276][T17905] RAX: ffffffffffffffda RBX: 00007f5f9c99bf60 RCX: 00007f5f9c889109 [ 2217.768293][T17905] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 2217.768308][T17905] RBP: 00007f5f9d9701d0 R08: 0000000000000000 R09: 0000000000000000 [ 2217.768323][T17905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2217.768338][T17905] R13: 00007ffd0822217f R14: 00007f5f9d970300 R15: 0000000000022000 [ 2217.768356][T17905] [ 2217.814576][T17907] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2217.906500][T17905] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2217.962759][T17903] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2218.632859][T17910] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2218.754967][T17912] FAULT_INJECTION: forcing a failure. [ 2218.754967][T17912] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2218.755000][T17912] CPU: 0 PID: 17912 Comm: syz-executor.4 Not tainted 5.19.0-rc1-syzkaller-00303-g7a68065eb9cd #0 [ 2218.755037][T17912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2218.755051][T17912] Call Trace: [ 2218.755057][T17912] [ 2218.755065][T17912] dump_stack_lvl+0xcd/0x134 [ 2218.755097][T17912] should_fail.cold+0x5/0xa [ 2218.755122][T17912] _copy_from_user+0x2a/0x170 [ 2218.755153][T17912] iovec_from_user+0x149/0x3a0 [ 2218.755178][T17912] ? _copy_from_user+0xf9/0x170 [ 2218.755207][T17912] __import_iovec+0x65/0x5d0 [ 2218.755234][T17912] import_iovec+0x10c/0x150 [ 2218.755259][T17912] sendmsg_copy_msghdr+0x12d/0x160 [ 2218.755287][T17912] ? do_recvmmsg+0x6d0/0x6d0 [ 2218.755311][T17912] ? _parse_integer+0x30/0x30 [ 2218.755336][T17912] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2218.755365][T17912] ___sys_sendmsg+0xc6/0x170 [ 2218.755387][T17912] ? sendmsg_copy_msghdr+0x160/0x160 [ 2218.755411][T17912] ? __fget_files+0x248/0x440 [ 2218.755433][T17912] ? lock_downgrade+0x6e0/0x6e0 [ 2218.755459][T17912] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2218.755487][T17912] ? __fget_files+0x26a/0x440 [ 2218.755509][T17912] ? __fget_light+0xe5/0x270 [ 2218.755531][T17912] __x64_sys_sendmsg+0x132/0x220 [ 2218.755556][T17912] ? __sys_sendmsg+0x1b0/0x1b0 [ 2218.755581][T17912] ? syscall_enter_from_user_mode+0x21/0x70 [ 2218.755610][T17912] ? syscall_enter_from_user_mode+0x21/0x70 [ 2218.755636][T17912] do_syscall_64+0x35/0xb0 [ 2218.755662][T17912] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 2218.755690][T17912] RIP: 0033:0x7f78f6889109 [ 2218.755708][T17912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2218.755734][T17912] RSP: 002b:00007f78f7a9e168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2218.755759][T17912] RAX: ffffffffffffffda RBX: 00007f78f699bf60 RCX: 00007f78f6889109 [ 2218.755776][T17912] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 2218.755792][T17912] RBP: 00007f78f7a9e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2218.755809][T17912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2218.755823][T17912] R13: 00007ffd04f7becf R14: 00007f78f7a9e300 R15: 0000000000022000 [ 2218.755841][T17912] [ 2219.269398][T17926] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2219.880992][ T28] audit: type=1400 audit(1655061597.631:880): avc: denied { checkpoint_restore } for pid=17916 comm="syz-executor.2" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 2221.025099][T17935] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2221.082686][T17936] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2221.134257][T17935] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2221.485250][ T7036] tipc: Disabling bearer [ 2221.489756][ T7036] tipc: Left network mode [ 2221.526300][ T1225] ieee802154 phy0 wpan0: encryption failed: -22 [ 2221.526350][ T1225] ieee802154 phy1 wpan1: encryption failed: -22 [ 2221.539279][ T28] audit: type=1400 audit(1655061599.291:881): avc: denied { write } for pid=2961 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2221.539324][ T28] audit: type=1400 audit(1655061599.291:882): avc: denied { remove_name } for pid=2961 comm="syslogd" name="messages" dev="tmpfs" ino=18 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2221.539360][ T28] audit: type=1400 audit(1655061599.291:883): avc: denied { add_name } for pid=2961 comm="syslogd" name="messages.0" dev="tmpfs" ino=17 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2222.456927][ T7036] device hsr_slave_0 left promiscuous mode [ 2222.457593][ T7036] device hsr_slave_1 left promiscuous mode [ 2222.458291][ T7036] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2222.458348][ T7036] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2222.460418][ T7036] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2222.460440][ T7036] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2222.461596][ T7036] device bridge_slave_1 left promiscuous mode [ 2222.461687][ T7036] bridge0: port 2(bridge_slave_1) entered disabled state [ 2222.462659][ T7036] device bridge_slave_0 left promiscuous mode [ 2222.462754][ T7036] bridge0: port 1(bridge_slave_0) entered disabled state [ 2222.502132][ T7036] device veth1_macvtap left promiscuous mode [ 2222.502191][ T7036] device veth0_macvtap left promiscuous mode [ 2222.502314][ T7036] device veth1_vlan left promiscuous mode [ 2222.502399][ T7036] device veth0_vlan left promiscuous mode [ 2222.717615][ T7036] bond3 (unregistering): (slave vlan4): Releasing active interface [ 2222.725911][ T7036] bond3 (unregistering): Released all slaves [ 2222.737971][ T7036] bond2 (unregistering): (slave vlan3): Releasing active interface [ 2222.752082][ T7036] bond2 (unregistering): Released all slaves [ 2222.760640][ T7036] bond1 (unregistering): (slave vlan2): Releasing active interface [ 2222.780542][ T7036] bond1 (unregistering): Released all slaves [ 2223.104424][ T7036] team0 (unregistering): Port device team_slave_1 removed [ 2223.114779][ T7036] team0 (unregistering): Port device team_slave_0 removed [ 2223.132803][ T7036] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2223.148115][ T7036] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2223.228544][ T7036] bond0 (unregistering): Released all slaves [ 2223.613797][ T1693] Bluetooth: hci0: command 0x0406 tx timeout [ 2226.564492][T17506] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 2229.783237][ T49] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 2229.786353][ T49] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 2229.787312][ T49] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 2229.788107][ T49] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 2229.788594][ T49] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 2229.788846][ T49] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 2229.920362][T17942] chnl_net:caif_netlink_parms(): no params data found [ 2229.970163][T17942] bridge0: port 1(bridge_slave_0) entered blocking state [ 2229.970242][T17942] bridge0: port 1(bridge_slave_0) entered disabled state [ 2229.970960][T17942] device bridge_slave_0 entered promiscuous mode [ 2229.972373][T17942] bridge0: port 2(bridge_slave_1) entered blocking state [ 2229.972442][T17942] bridge0: port 2(bridge_slave_1) entered disabled state [ 2229.973102][T17942] device bridge_slave_1 entered promiscuous mode [ 2230.030400][T17942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2230.037744][T17942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2230.069198][T17942] team0: Port device team_slave_0 added [ 2230.070843][T17942] team0: Port device team_slave_1 added [ 2230.100472][T17942] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2230.100487][T17942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2230.100515][T17942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2230.102604][T17942] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2230.102616][T17942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2230.102637][T17942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2230.166383][T17942] device hsr_slave_0 entered promiscuous mode [ 2230.167269][T17942] device hsr_slave_1 entered promiscuous mode [ 2230.167876][T17942] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2230.167917][T17942] Cannot create hsr debugfs directory [ 2230.301136][T17942] bridge0: port 2(bridge_slave_1) entered blocking state [ 2230.301175][T17942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2230.301277][T17942] bridge0: port 1(bridge_slave_0) entered blocking state [ 2230.301322][T17942] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2230.354950][T17942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2230.366677][T17335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2230.367790][T17335] bridge0: port 1(bridge_slave_0) entered disabled state [ 2230.368634][T17335] bridge0: port 2(bridge_slave_1) entered disabled state [ 2230.370330][T17335] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2230.380049][T17942] 8021q: adding VLAN 0 to HW filter on device team0 [ 2230.396053][T17336] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2230.396575][T17336] bridge0: port 1(bridge_slave_0) entered blocking state [ 2230.396635][T17336] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2230.409328][T17336] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2230.409842][T17336] bridge0: port 2(bridge_slave_1) entered blocking state [ 2230.409903][T17336] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2230.442688][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2230.443681][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2230.454469][T17291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2230.459797][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2230.475236][T17291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2230.478943][T17942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2230.505028][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2230.505180][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2230.519546][T17942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2230.794793][T17291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2230.802337][T17291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2230.803973][T17291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2230.804574][T17291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2230.809919][T17942] device veth0_vlan entered promiscuous mode [ 2230.817318][T17942] device veth1_vlan entered promiscuous mode [ 2230.841032][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 2230.841695][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 2230.842549][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2230.847584][T17942] device veth0_macvtap entered promiscuous mode [ 2230.851194][T17942] device veth1_macvtap entered promiscuous mode [ 2230.862784][T17942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2230.862806][T17942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2230.862815][T17942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2230.862829][T17942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2230.862839][T17942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2230.862853][T17942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2230.862865][T17942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2230.862879][T17942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2230.862890][T17942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2230.862905][T17942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2230.868943][T17942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2230.869067][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2230.877277][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 2230.894379][T17942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2230.894400][T17942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2230.894409][T17942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2230.894423][T17942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2230.894434][T17942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2230.894448][T17942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2230.894460][T17942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2230.894474][T17942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2230.894486][T17942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2230.894500][T17942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2230.896244][T17942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2230.896572][T17291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 2231.027171][ T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2231.027191][ T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2231.039348][T17291] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 2231.085353][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2231.085375][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2231.090102][ T1693] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2231.298238][T17964] FAULT_INJECTION: forcing a failure. [ 2231.298238][T17964] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2231.298272][T17964] CPU: 0 PID: 17964 Comm: syz-executor.0 Not tainted 5.19.0-rc1-syzkaller-00303-g7a68065eb9cd #0 [ 2231.298301][T17964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2231.298316][T17964] Call Trace: [ 2231.298322][T17964] [ 2231.298330][T17964] dump_stack_lvl+0xcd/0x134 [ 2231.298362][T17964] should_fail.cold+0x5/0xa [ 2231.298389][T17964] _copy_from_user+0x2a/0x170 [ 2231.298419][T17964] __copy_msghdr_from_user+0x91/0x4b0 [ 2231.298447][T17964] ? __ia32_sys_shutdown+0x70/0x70 [ 2231.298474][T17964] ? __lock_acquire+0xbca/0x5660 [ 2231.298507][T17964] sendmsg_copy_msghdr+0xa1/0x160 [ 2231.298533][T17964] ? do_recvmmsg+0x6d0/0x6d0 [ 2231.298558][T17964] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2231.298590][T17964] ? _parse_integer+0x30/0x30 [ 2231.298619][T17964] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2231.298653][T17964] ___sys_sendmsg+0xc6/0x170 [ 2231.298678][T17964] ? sendmsg_copy_msghdr+0x160/0x160 [ 2231.298704][T17964] ? __fget_files+0x248/0x440 [ 2231.298732][T17964] ? lock_downgrade+0x6e0/0x6e0 [ 2231.298762][T17964] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2231.298796][T17964] ? __fget_files+0x26a/0x440 [ 2231.298827][T17964] ? __fget_light+0xe5/0x270 [ 2231.298852][T17964] __x64_sys_sendmsg+0x132/0x220 [ 2231.298877][T17964] ? __sys_sendmsg+0x1b0/0x1b0 [ 2231.298904][T17964] ? syscall_enter_from_user_mode+0x21/0x70 [ 2231.298934][T17964] ? syscall_enter_from_user_mode+0x21/0x70 [ 2231.298963][T17964] do_syscall_64+0x35/0xb0 [ 2231.298993][T17964] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 2231.299024][T17964] RIP: 0033:0x7fabb3689109 [ 2231.299043][T17964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2231.299068][T17964] RSP: 002b:00007fabb47b3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2231.299093][T17964] RAX: ffffffffffffffda RBX: 00007fabb379bf60 RCX: 00007fabb3689109 [ 2231.299110][T17964] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 2231.299125][T17964] RBP: 00007fabb47b31d0 R08: 0000000000000000 R09: 0000000000000000 [ 2231.299142][T17964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2231.299158][T17964] R13: 00007ffe61ef175f R14: 00007fabb47b3300 R15: 0000000000022000 [ 2231.299178][T17964] [ 2231.301961][T17964] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2231.356660][T17965] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2231.411316][T17964] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2231.845016][T17291] Bluetooth: hci2: command 0x0409 tx timeout [ 2233.933508][ T1693] Bluetooth: hci2: command 0x041b tx timeout [ 2236.013890][ T1693] Bluetooth: hci2: command 0x040f tx timeout [ 2238.083460][T13310] Bluetooth: hci2: command 0x0419 tx timeout 19:20:25 executing program 2: getpgid(0xffffffffffffffff) r0 = syz_clone(0x1002a400, &(0x7f0000000300), 0x0, &(0x7f0000000400), 0x0, 0x0) syz_clone3(&(0x7f0000000880)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000680), {0x1b}, 0x0, 0x0, 0x0, &(0x7f0000000840)=[0x0], 0x1}, 0x58) r1 = gettid() syz_clone3(&(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000000140), {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[r0, r1], 0x2}, 0x58) 19:20:25 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@ipv4_delrule={0x1c, 0x21, 0x1}, 0x1c}}, 0x0) 19:20:25 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0) syncfs(r3) 19:20:25 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) (fail_nth: 4) 19:20:25 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="500000000802110000010802110000000802110000000000000000000000000064000100ed06020202020202010882848b960c121824"], 0x36) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000006, 0x110, r0, 0x54d0000) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890c, &(0x7f0000000040)={0x0, @l2tp={0x2, 0x0, @empty}, @vsock={0x28, 0x0, 0xffffd8ef, @host}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x0, 0x400000, 0x114}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f00000003c0)={0x0, ""/256, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000280)={"e6696328276c80ede1cbb140551427cb", r4, 0x0, {0x0, 0x7ff}, {0x0, 0x8007}, 0x28e, [0x0, 0x0, 0x0, 0x10008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x100, 0x78, 0x3, 0x0, 0xfffffffffffffff8]}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000440)={0x0, 0x0, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000840)={{}, r4, 0x3, @unused=[0x0, 0x6, 0x70000000, 0xfff], @devid=r5}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000600)={{}, 0x0, 0xa, @inherit={0x90, &(0x7f0000001840)=ANY=[@ANYBLOB="0100000000009f0009000000000000a8666da1b5a5143500010400000000000014000000000000006b0f00000000000001000000000000000200000000000000cb930000000000000000000000000080be090000000000003f000000000000001a090000000000000500000000000000feffffffffffffffcd00000000000000ffffff7f000000000500000000000000da8b1f59b04170559a5a3b7e4987b157ec11debcce4a691ea945463011af2a519896fc29999ee54f3c18d7b521082fbafca1f9656f315b58b2dd279b60198ecf3835e69135521838dad7fdec2d6df21a9a8f6d327bedce8d760666da51301f90ec1d146f9295e0c28602baf7eacd60182783da91dae869f45d750fa655e629b498fc17403545924398720c165a5da49f2ebaac9b37b41fc3616882d7b5f78ca459a86eee3340b9fab2307ef7b430d0e494e1422bd65ca7692999459994a7af37a97ac9ec77"]}, @devid=r5}) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000380)={r5, 0xa96, 0xfff, 0x1}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000540)={{}, 0x0, 0x8, @unused=[0x8, 0x4, 0x3, 0xffffffff], @devid=r5}) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:20:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (fail_nth: 2) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:20:25 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) (fail_nth: 5) [ 2248.044679][T17979] FAULT_INJECTION: forcing a failure. [ 2248.044679][T17979] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2248.045016][T17979] CPU: 0 PID: 17979 Comm: syz-executor.0 Not tainted 5.19.0-rc1-syzkaller-00303-g7a68065eb9cd #0 [ 2248.045045][T17979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2248.045059][T17979] Call Trace: [ 2248.045065][T17979] [ 2248.045073][T17979] dump_stack_lvl+0xcd/0x134 [ 2248.045108][T17979] should_fail.cold+0x5/0xa 19:20:26 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async, rerun: 32) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async, rerun: 32) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="500000000802110000010802110000000802110000000000000000000000000064000100ed06020202020202010882848b960c121824"], 0x36) (async) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000006, 0x110, r0, 0x54d0000) (async, rerun: 64) r3 = socket$inet_tcp(0x2, 0x1, 0x0) (rerun: 64) ioctl$sock_SIOCADDRT(r3, 0x890c, &(0x7f0000000040)={0x0, @l2tp={0x2, 0x0, @empty}, @vsock={0x28, 0x0, 0xffffd8ef, @host}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x0, 0x400000, 0x114}) (async) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f00000003c0)={0x0, ""/256, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000280)={"e6696328276c80ede1cbb140551427cb", r4, 0x0, {0x0, 0x7ff}, {0x0, 0x8007}, 0x28e, [0x0, 0x0, 0x0, 0x10008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x100, 0x78, 0x3, 0x0, 0xfffffffffffffff8]}) (async) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000440)={0x0, 0x0, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000840)={{}, r4, 0x3, @unused=[0x0, 0x6, 0x70000000, 0xfff], @devid=r5}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000600)={{}, 0x0, 0xa, @inherit={0x90, &(0x7f0000001840)=ANY=[@ANYBLOB="0100000000009f0009000000000000a8666da1b5a5143500010400000000000014000000000000006b0f00000000000001000000000000000200000000000000cb930000000000000000000000000080be090000000000003f000000000000001a090000000000000500000000000000feffffffffffffffcd00000000000000ffffff7f000000000500000000000000da8b1f59b04170559a5a3b7e4987b157ec11debcce4a691ea945463011af2a519896fc29999ee54f3c18d7b521082fbafca1f9656f315b58b2dd279b60198ecf3835e69135521838dad7fdec2d6df21a9a8f6d327bedce8d760666da51301f90ec1d146f9295e0c28602baf7eacd60182783da91dae869f45d750fa655e629b498fc17403545924398720c165a5da49f2ebaac9b37b41fc3616882d7b5f78ca459a86eee3340b9fab2307ef7b430d0e494e1422bd65ca7692999459994a7af37a97ac9ec77"]}, @devid=r5}) (async) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000380)={r5, 0xa96, 0xfff, 0x1}) (async) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000540)={{}, 0x0, 0x8, @unused=[0x8, 0x4, 0x3, 0xffffffff], @devid=r5}) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async, rerun: 64) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (rerun: 64) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2248.045130][T17979] _copy_from_user+0x2a/0x170 [ 2248.045160][T17979] iovec_from_user+0x149/0x3a0 [ 2248.045182][T17979] ? _copy_from_user+0xf9/0x170 [ 2248.045208][T17979] __import_iovec+0x65/0x5d0 19:20:26 executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_BEACON(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x1c, r0, 0xc31, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) [ 2248.045233][T17979] import_iovec+0x10c/0x150 [ 2248.045256][T17979] sendmsg_copy_msghdr+0x12d/0x160 [ 2248.045284][T17979] ? do_recvmmsg+0x6d0/0x6d0 [ 2248.045307][T17979] ? _parse_integer+0x30/0x30 [ 2248.045346][T17979] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2248.045380][T17979] ___sys_sendmsg+0xc6/0x170 [ 2248.045404][T17979] ? sendmsg_copy_msghdr+0x160/0x160 [ 2248.045428][T17979] ? __fget_files+0x248/0x440 [ 2248.045452][T17979] ? lock_downgrade+0x6e0/0x6e0 [ 2248.045478][T17979] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2248.045509][T17979] ? __fget_files+0x26a/0x440 [ 2248.045532][T17979] ? __fget_light+0xe5/0x270 [ 2248.045556][T17979] __x64_sys_sendmsg+0x132/0x220 [ 2248.045581][T17979] ? __sys_sendmsg+0x1b0/0x1b0 [ 2248.045606][T17979] ? syscall_enter_from_user_mode+0x21/0x70 [ 2248.045636][T17979] ? syscall_enter_from_user_mode+0x21/0x70 [ 2248.045666][T17979] do_syscall_64+0x35/0xb0 19:20:26 executing program 2: getpgid(0xffffffffffffffff) r0 = syz_clone(0x1002a400, &(0x7f0000000300), 0x0, &(0x7f0000000400), 0x0, 0x0) syz_clone3(&(0x7f0000000880)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000680), {0x1b}, 0x0, 0x0, 0x0, &(0x7f0000000840)=[0x0], 0x1}, 0x58) r1 = gettid() syz_clone3(&(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000000140), {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[r0, r1], 0x2}, 0x58) [ 2248.045696][T17979] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 2248.045727][T17979] RIP: 0033:0x7fabb3689109 [ 2248.045747][T17979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2248.045773][T17979] RSP: 002b:00007fabb47b3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2248.045798][T17979] RAX: ffffffffffffffda RBX: 00007fabb379bf60 RCX: 00007fabb3689109 19:20:27 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) (fail_nth: 6) [ 2248.045817][T17979] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 2248.045832][T17979] RBP: 00007fabb47b31d0 R08: 0000000000000000 R09: 0000000000000000 [ 2248.045848][T17979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2248.045864][T17979] R13: 00007ffe61ef175f R14: 00007fabb47b3300 R15: 0000000000022000 [ 2248.045884][T17979] [ 2248.048130][T17978] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2248.048844][ T28] audit: type=1400 audit(1655061625.801:884): avc: denied { accept } for pid=17973 comm="syz-executor.5" path="socket:[82821]" dev="sockfs" ino=82821 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 19:20:27 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="500000000802110000010802110000000802110000000000000000000000000064000100ed06020202020202010882848b960c121824"], 0x36) (async) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000006, 0x110, r0, 0x54d0000) (async) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890c, &(0x7f0000000040)={0x0, @l2tp={0x2, 0x0, @empty}, @vsock={0x28, 0x0, 0xffffd8ef, @host}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x0, 0x400000, 0x114}) (async) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f00000003c0)={0x0, ""/256, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000280)={"e6696328276c80ede1cbb140551427cb", r4, 0x0, {0x0, 0x7ff}, {0x0, 0x8007}, 0x28e, [0x0, 0x0, 0x0, 0x10008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x100, 0x78, 0x3, 0x0, 0xfffffffffffffff8]}) (async) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000440)={0x0, 0x0, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000840)={{}, r4, 0x3, @unused=[0x0, 0x6, 0x70000000, 0xfff], @devid=r5}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000600)={{}, 0x0, 0xa, @inherit={0x90, &(0x7f0000001840)=ANY=[@ANYBLOB="0100000000009f0009000000000000a8666da1b5a5143500010400000000000014000000000000006b0f00000000000001000000000000000200000000000000cb930000000000000000000000000080be090000000000003f000000000000001a090000000000000500000000000000feffffffffffffffcd00000000000000ffffff7f000000000500000000000000da8b1f59b04170559a5a3b7e4987b157ec11debcce4a691ea945463011af2a519896fc29999ee54f3c18d7b521082fbafca1f9656f315b58b2dd279b60198ecf3835e69135521838dad7fdec2d6df21a9a8f6d327bedce8d760666da51301f90ec1d146f9295e0c28602baf7eacd60182783da91dae869f45d750fa655e629b498fc17403545924398720c165a5da49f2ebaac9b37b41fc3616882d7b5f78ca459a86eee3340b9fab2307ef7b430d0e494e1422bd65ca7692999459994a7af37a97ac9ec77"]}, @devid=r5}) (async) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000380)={r5, 0xa96, 0xfff, 0x1}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000540)={{}, 0x0, 0x8, @unused=[0x8, 0x4, 0x3, 0xffffffff], @devid=r5}) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2248.052239][T17979] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2248.210745][T17982] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2248.274957][T17978] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2248.342261][T17984] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2248.956381][T17984] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:20:27 executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_BEACON(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x1c, r0, 0xc31, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) [ 2249.061332][T17991] FAULT_INJECTION: forcing a failure. [ 2249.061332][T17991] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2249.061365][T17991] CPU: 0 PID: 17991 Comm: syz-executor.4 Not tainted 5.19.0-rc1-syzkaller-00303-g7a68065eb9cd #0 [ 2249.061393][T17991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2249.061407][T17991] Call Trace: [ 2249.061413][T17991] [ 2249.061421][T17991] dump_stack_lvl+0xcd/0x134 [ 2249.061451][T17991] should_fail.cold+0x5/0xa [ 2249.061476][T17991] _copy_from_iter+0x389/0x15a0 [ 2249.061503][T17991] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2249.061624][T17991] ? kmem_cache_alloc_node_trace+0x3e5/0x5b0 [ 2249.061703][T17991] ? _copy_from_iter_nocache+0x1510/0x1510 [ 2249.061736][T17991] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2249.061766][T17991] ? memset+0x20/0x40 [ 2249.061794][T17991] ? __phys_addr_symbol+0x2c/0x70 [ 2249.061858][T17991] ? __check_object_size+0x353/0x7a0 [ 2249.061918][T17991] netlink_sendmsg+0x875/0xe10 [ 2249.061986][T17991] ? netlink_unicast+0x7f0/0x7f0 [ 2249.062012][T17991] ? netlink_unicast+0x7f0/0x7f0 [ 2249.062036][T17991] sock_sendmsg+0xcf/0x120 [ 2249.062059][T17991] ____sys_sendmsg+0x6eb/0x810 [ 2249.062082][T17991] ? kernel_sendmsg+0x50/0x50 [ 2249.062105][T17991] ? do_recvmmsg+0x6d0/0x6d0 [ 2249.062128][T17991] ? _parse_integer+0x30/0x30 [ 2249.062156][T17991] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2249.062187][T17991] ___sys_sendmsg+0xf3/0x170 [ 2249.062211][T17991] ? sendmsg_copy_msghdr+0x160/0x160 [ 2249.062242][T17991] ? __fget_files+0x248/0x440 [ 2249.062267][T17991] ? lock_downgrade+0x6e0/0x6e0 [ 2249.062296][T17991] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2249.062328][T17991] ? __fget_files+0x26a/0x440 [ 2249.062353][T17991] ? __fget_light+0xe5/0x270 [ 2249.062378][T17991] __x64_sys_sendmsg+0x132/0x220 [ 2249.062402][T17991] ? __sys_sendmsg+0x1b0/0x1b0 [ 2249.062427][T17991] ? syscall_enter_from_user_mode+0x21/0x70 [ 2249.062454][T17991] ? syscall_enter_from_user_mode+0x21/0x70 [ 2249.062481][T17991] do_syscall_64+0x35/0xb0 [ 2249.062509][T17991] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 2249.062540][T17991] RIP: 0033:0x7f78f6889109 [ 2249.062559][T17991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2249.062583][T17991] RSP: 002b:00007f78f7a7d168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2249.062607][T17991] RAX: ffffffffffffffda RBX: 00007f78f699c030 RCX: 00007f78f6889109 [ 2249.062624][T17991] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 2249.062640][T17991] RBP: 00007f78f7a7d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2249.062655][T17991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2249.062671][T17991] R13: 00007ffd04f7becf R14: 00007f78f7a7d300 R15: 0000000000022000 [ 2249.062691][T17991] [ 2249.368001][T17994] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2249.684307][T18007] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2249.735330][T18009] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2249.736639][T18007] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2250.281240][ T7036] device hsr_slave_0 left promiscuous mode [ 2250.281819][ T7036] device hsr_slave_1 left promiscuous mode [ 2250.282427][ T7036] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2250.282456][ T7036] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2250.286449][ T7036] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2250.286478][ T7036] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2250.292077][ T7036] device bridge_slave_1 left promiscuous mode [ 2250.292226][ T7036] bridge0: port 2(bridge_slave_1) entered disabled state [ 2250.297731][ T7036] device bridge_slave_0 left promiscuous mode [ 2250.297869][ T7036] bridge0: port 1(bridge_slave_0) entered disabled state [ 2250.312596][ T7036] device veth1_macvtap left promiscuous mode [ 2250.312656][ T7036] device veth0_macvtap left promiscuous mode [ 2250.312760][ T7036] device veth1_vlan left promiscuous mode [ 2250.312843][ T7036] device veth0_vlan left promiscuous mode [ 2250.636825][ T7036] team0 (unregistering): Port device team_slave_1 removed [ 2250.642188][ T7036] team0 (unregistering): Port device team_slave_0 removed [ 2250.658653][ T7036] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2250.674731][ T7036] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2250.751906][ T7036] bond0 (unregistering): Released all slaves 19:20:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@ipv4_delrule={0x1c, 0x21, 0x1}, 0x1c}}, 0x0) 19:20:32 executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_BEACON(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x1c, r0, 0xc31, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) 19:20:32 executing program 2: getpgid(0xffffffffffffffff) r0 = syz_clone(0x1002a400, &(0x7f0000000300), 0x0, &(0x7f0000000400), 0x0, 0x0) syz_clone3(&(0x7f0000000880)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000680), {0x1b}, 0x0, 0x0, 0x0, &(0x7f0000000840)=[0x0], 0x1}, 0x58) r1 = gettid() syz_clone3(&(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000000140), {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[r0, r1], 0x2}, 0x58) 19:20:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000600)=@data_frame={@qos_ht={{{@type01={{0x0, 0x2, 0xf, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1}, {}, @device_b, @random="ae07a14837ba", @broadcast, {0xc, 0x20}}, {0xa, 0x0, 0x2, 0x0, 0x6}}, {@type11={{0x0, 0x2, 0x4, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1}, {0x2}, @device_b, @device_a, @from_mac, {0x3, 0x4}, @device_b}, {0x2, 0x1, 0x1, 0x1, 0x6}}}, @ver_80211n={0x0, 0x7f, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}}, @a_msdu=[{@device_a, @device_a, 0x24, "0fe86c3a8d9f1531e1dfedc1a2825bd85a11069f893ff29b6e990f20a8cf460dac486b02"}, {@broadcast, @broadcast, 0x7d, "f95b0d5dc8bbfd581624bf77e1d277b1a653ecf8eb24def4a1aeb2070bf68214fe12cb080abbd01ccb1f09288cfd454d8ac7d3d2026191953a7f1fb0b0b4f5d6a241d70daf68e689f3a35e16fe08b2f690e0bc8f2717197f5f0457ce51b9a4497d133e425481e0ed54025236b70258fb00460b9efef262b6bde36e7e87"}, {@device_a, @device_b, 0x37, "a57fc7f106021261f9bd1e679800c0a583dbf873239626c743d7d20e140c7187284e93b2fc12b600a6fc2f4242f5281f5f56cb8e804423"}, {@device_a, @device_a, 0x1000, "40c5d5208fe0e6a13cebfb11aeaf862948d673769d380094eb221e7da19aeeeb35c3ec92b7d12d8de689a64aebac283b6d37c9ec915e7c01aa4716d8ec81d260989116684cf90639a031d51d284a42babfe43f12e5fdcf12a8d379ad5ec8e5b633b9204d853fa69171272f37a8b4b67917b42e410c9613e8197233e952ccecfccca5d2fc72d539061eb961b7792093008c6104922cbf396a9e5405a1ca937b353886801433f5b6fc0e2173982def85ce9f1ccde2a0298506e34517ba7399d4898e366ba19abaa3e06a6b259eef55e448425d0e34422577cea94dc292c1699a065622ae57ce9ffd8fa69fd459b925d98629fe2d67530f69b8275e74f1b8a6835b41633c66f99461706088f730088a34d70c3c4a1cbcf07e5d50a86f31370cb6b1910a4e0f3879bd55925266a39687a18b7f84634ee3e1ba0bc10287a0111dad6b0a963bd92242ecbbbbeb5e07922370d65ac9cd383809fb9b14f9f46d282e0c5426308932df7cb4c8c3bd5318eb846f2e1fb3b4290dac8e7db5810f9b723654ccaaf9941c03ae196ec073833988db0cde983b3fe11c1ba48014ca01cdb9d267a641eddefdee391c02259bac1cc58a0a5d07af37276720eda120ec151546e0f690c52131ccf56c328fc1b362e2da7dc26087d484f5686e8ca541fb00601d0e0694fc3834b0751932263690d6b5361f7f990f08193e378b2e25a7bf1f345e11f32b40ce48ab7b9152be39084cc8f40bdc3b5e9a5e3dac05335f63c23eb5137608bbbc4c6381c23bb86f6352bad12bf52b1e4991cbf3921372307928792de76e5aafa08bf5eb7731746c08d4b888470e4cefad00be5a39790d7b3c000f1160c203b19c30ea5c191fab3886100ba31caf57542a99a7266bdf11a0eae23af4b2d970a5f20b466cfa3a3a74075ccbfa479b72c20474e6257a7fafc3b5d74c70ba5a3ca570afa48bdb225445b1e9e82918fc8d278a81ffc4fbbe4bc5d59f480be5ab413e1628fdbd660db15fc94f24becafd5a0e45f3633d6208554b01f49cb4afc7798f0659d0f7cba275ab5ea3b37a80b00f92f600cb606fae84d07a3c32a148b154b71f8f1c4d34ee873c461a584d23e3e092480db0e8d40098350350c2c062c8956b72ca3bf9f750e59dcb89602d0af8bf4b19ca80a5a7390a62bd25e57b3ac6fb8140f8e99a9290a318d04e823353c0f584aecef249fbe0e99bcb7cc5712eca6a8e53ea66b8ef9be96e033330179c94990fede64da74d987cfbe0f64142afd360e95e78a9dfa02835a3f25186d17c5364ef29555a294eb446fc768efddd17f5067c58404e0868673b6baf13dedf932b31976f3de8dd95d7be683ea65710582450b35714b3df40af860f8329b7339054d960f2cb510b69f48b67e0d8eb97f41ec90508da1066ec7c7715bf842e2490bba512ca453bec127022897560716c4ce857517fd4feba998cb1a96c2759f82c530e5c6757b7846d2190a8295c309e2e1974a5b479d9a65407905ae865339c3d24291c3ff6c0a36884f62799cce97e3c108dbc844d7bf5bfd95f41f293db1b9aba5f0b895a362025c1b54bd8f082e14446eb3552f6796edb4d9f23a31744b97c0b06c828b22713bd23fb4d3141e9448ea54f555b50680fe20508df4e9ac86c37daf1a97a296c3bf31259aecb6c7f6d3fd703057a1e41d15bc2214ed02f1644eb63e4b37d179a878276e2776bbe253ea196dccec8599a01fc40104478494974bfb0787b4dfe3b1ebe524f71f1bd1e6a0d01f9cb6c38374c45a46992c4abd2333266e0cd79ee008be69c402ced0cf4e87fcc6016c26ed0170e67b5d3735e8a8969da0fe2d27f99f978e5528749b4323ea36e92258465141e921f8159f84e1bfa9c8828ba9917b73cafaa53914f851ae263b7b32f760fee8b46dd2f54ca4c46692f4ba383bc4fadeba443aad97d253524ccee727f9ba6a76b0eadfefc66303da5c525d9334303df4e6f7482a27466d7a6811176789263ab1f63a3c1c6d6926ff43c4df06920dcf60f48ed67c50533160232335b32a163c3ffcc972a2afc4ea0d22e345bb1d36d683cb2455eecca95a0450f55f1389ee3cf8a226be4e6ab9bd5c1d33ba6cab51500e79a783bf13bba8cf8471f99d6f4f6dedb47f3f542c3788f9abd72f02221c66285018ba0df21c289e92839e3390ec7f668f22107ef40cbeb8814b064d053aa4b65efcdcff479ca6ee2adb98d67f6865edaa9fef4d5b001e8c2937dcf84f0d6707e131d876131e3e60f18658d3095a97ea3b926bf12157da9aa9e09c97e75b2fb01fc6867a5b53bb99252869c2258bb0a467756ed1601d71e6277db4ad9d6522a148c9f55285996cf6bbf3aca8dad1da93455ffce6b08a80314cbab2eb66f520714a359ca5a92bf11ab05ca0975b69bd1b6e9a82e5a58e04eb0bd923ee58cd884e9c081e2021a7f2fe5181a6aada74ddc4389516902040f4e1d51151e1aeac6f68cae1db8152895e063662391021a1e24e3eca2588a8b0326c4d338c913006032d2eea0a2c1af42e5ce72c0776b416398bd4822d9700f3707744d0dec6151a94f78dfd59972ae650a8c1ef07f2c29edac48a60011483ec33e2e922534da6532a51c2cf970e693ce6bf5c38c493bbc2722b5237cb04b0d03161876f933071e95346440fa53ad1f0a662877ff1f8cec45ca0a68b13cdb033fc5226c62696fa2f1b5822ccadd37cb3315c2d00901ce3eeb70bc340ef84d7674906bf4e7f464a5645a58dea9901ef0228b67cc7fdaa5c55dde4df2d2ae95a7d82940f6a84dc6c5638676f99382ac7f8e041b9e2f11d98c34439396bf7d48325824f40af24eadb0879b4bb70cf4dd68dbb6d02fc78db17e95e55a306fe48fa897891cb1578cb1de112e6dd053675dbda20659f72f6a6a77c460fe6a18ca9f0f4f141303cd724bd9a9a04a02a60fa306af7c16ca3f458b44203372e4c3bb450e8327ddc7c5ba344129d546c1e2f14d02cabb864d2bfc28d0430dec10213b335e22692968b4af6b021ead2441c35bd10e96ed3f515a3341cf15fd278647e993780a927ad9dbcf733638abb9d738a6b6a6722172dcfac95ff500cb5e81209f8d38b3f6a83fa08df1a5af6a83dabb6f29315c84a8d182178a0d2408137f9ebca69b99cd297195fd4f57c15edab65a7863d1606b7cc793cba681cfaafdcce7a983839ef17bf7e909e82cb748d032ebe7d6df01c4e32ed57ffbca5abbf14a8677fd856cf0817b5e7efc0485aa89b4fac9764eb9438ee6bacc424cb0c71716ffaec03e0b52c3ec3615f743fbad217f4d1be51e3f342d2d6d7a1a98b5ed2a9c6ca913b354cdcd2ce8592f513bade1909dd9e3daefe78e0058c7d553660dc1e8196c7d50298f8fbe163ffd890316fb8db2e2eb7543f0dbeadf20f0ce9adcf5461a346a09150b3a4d3ebb84ea1e8edcfc20ba98f98297b16b5907f861e38052b9e980e479e5a0b39811d42e919a1df857f107325ca3a9b93589db4a19c7648dff8b077d2d4875faa20489361f4288480ed24bdbb102c244299121ea9522ccc78cf2357ba39683d7de30026d973651d6c7a91e74b69960c285f8b847d49d747dde2a395e4b6f6db8cb2339256024b39a9adba4681f10d3bc015603435ae2d39c5c6290714e78f93a37348191a5d226c1ab98ab2e4e4227f1f2fe10a12b868e43e0fd964e3d42343f207b1b2ba13401a436914912ef6925fd95b999d7c53795dd51742c817b640b98e68d09a6e781d4dd155077291f578387bf2981b6c1e90180145851f23b8a57f4a85c2bf99a6fe5df9c56be3a1a852bd57992ca00a41e9072a0b865c91b215f5e77268e4922362a4134aa3682af356beedf9539a5729f862d1993256554c6cc116ee5f4de68c6eca5505b5d15131b88c755d546594b1d690f90f865c3e5437d9c1ff804582341dba3ff33a8dbedc4095fd2a790f76d6395d2f667375628ac41a06213e95df73e204e384e546bbbcf173e3ae2ad47496838323857824002ed3a4552ffa65b05b8bd8af6d4c661d2b9f4c1cd02da036050d0f3a8541b2fcc40be1edafbe73d587457c02ec7d4755001266214a076e6855d264c2aae8ecf7ee0eaa05b13b69e5d6fc149d81aea7b3bbef2f253b2cf5656ae98eaddc310b535711a6fbdd420c4b16e0b80cd303d6f316fb884622376c4af8799824b4569718fe85357bed2c21b3b520021107a9b40b803af60b73efbe1af30f8135ba02887ac3ec429051e92c3a8899b14e0fc7e9aa945a1b6f18ed5c37845bc32c084c6662b1e55d50611593177d9fa662f4b905f467cf5e9f527f1663ca393958d7f1722c08e78a170a7d622928b5becc4fd9a94fad26677293d5d03255bcb20da40cb82b330c9b942c419cd8ad2b1460484323343c43163d674e93b7dd17f4a7c2b5069f75591d2f2d06f723ab226989dc7c9d2c82c0244179343bbdaccf135eb68251fe4bdbaf1864ec5d70b38f7c127cf16aee0529decf75e571080300c1dac688c39f435f92a27d44475287d70438288f15ff85d620d6dce754b4b40b1eb7e637e7bb265afd8007d4e17f8b12ccf13945759dab4e5e91158aa8853d13051953dfc17a5c49b96eec1e5e262830e0e63d3c947de2fc5835386d453ada909b06c31eeb925003a4a131c8870325e2459897fbfe0ec56f4cf68d011fe50084c9a1e9514ab80a6db6c0f8370149d67e5c740c402c7572b7c5737aa4c49c219b87580e963ef5ac7e4d45c1d1bc6ca11011c7c3755df9d3cf81f8f891e64eaf4e1423e6a471777c061515bdbcd0c7d59757f7d25073d2e01b5637a83c7ddd6cf851dffd41ef27f0acc645701f13af9fb1b29843fd3e1eefcfbf5d434950f3f446b2f18aa0f199b1a97f0eb9dba5cc93eba03f273ca5ef2e8f6c62c02d8a5c5f87118989eb7be9fb77b3d09550bcebfa201e0b352d9ce7dd8c8c3797664d4741ffd577ea164d639c55540fcc8f607f8141b086c7fb937d697b7ee48be173c91fa6debd27388ffb8f99e8357734b86c1b82ad7e0aaa11f29de859c6e89e038f7cbe06f9ef2f14ec93faeb2a22aec4d51502a5c15bad5cdae300693ab0a642044967a4068684bae061b558275c96ef5d25d2d9871ff840c34fc7ed56332e0940b8744c2a1429e80fef211fe30e9ba963ee45a118dcec98e946da957784d410ab011ee02fe9548c8cba7a2260a50a55a6832bc491b996818c4e681f5a2b5041696c51bf66a50c28711b8b53eb9ed0220e2f18a70b34add52ddcc7e6d64d4d9372e4988372e42dcc2b384bbe9969c751257ec910ee062707feba1fb93d14c10e69bb0d8ec49d971bd8b37ca4f123e4e6f0d6be12526944f4428d6b14c9f54d976380432c871f8b8ad6ccfc2dec38d3340ba013eef74c3d2815c1b060c52cdbe96c673a4a83b5e265485d8b7851abda1d9e9239bf304f64ccb02ae28c00a4cb23f1e81a2bf9911d17a914ac6f55491edc7a352a4de1332af2addcc9fa8094a1d1b9fdc0e9aca5fb9aa0d6f4691f2eba213f22fe0cd4160238ad7f3c279ce42e70a9e8a7f79a6a17a4a346fd9b8dae861df7195d82fc6005c9ff448fed9d1579a687321a73c337e88c3dfa8bade13be7bcf2897e1972ebf2f5fc30ad745c7d852ec14c333c9dafb6254133f1dda4932e15691a3c8055d36800bc369e7356c5e794ce1dc0990e3fe54f08ab7055394c2870ae1b6da5c2c1cba60b9872d9e84a84e8db3789bf9cf36adea5fbfc69de95ab1a2b4f307253b3b56ab956396eee19b32f9392b1ad68e2b827138d8590f615e9c7d38c75357fb142da32c4d9c30fc7f9115"}, {@device_a, @device_b, 0x19, "9568cc859157ef25890054aa543a890e3f5249a71248390fb3"}, {@device_a, @broadcast, 0x11, "3d76529c3168237c4ff71c54d0dfd3cab4"}, {@device_b, @broadcast, 0xe2, "88920cb51ad3239aded39f7fc032aeecca86a564a4ba8f395bc9e695337c6e297a3a0285c33f08a575ecd6419712af62bb49ca74a33f4d6cc6a0ba193bb78bbdbf5d7e1d10f45387566c5a82dacc402e52d508082e826e90d16fd4c098a489f6c1bc9695278a3d91677fa6c79aa5fe4cb2658ff28612b8e27e9e26242a4c1719d60bada80899d91dcffdad44aceea4cc186fc5e78c86c8307f3ee84f44ad888bb6de2d2b72c391dfec3d2a366718fd0a2f514c2d8a56ae89e5ca3afb39feab6d13346b2b5c7244372e10b49d306cd2b9dbf79dae6f4aee9f81da0da1aee4adf45c43"}, {@device_a, @device_b, 0x1000, "778caf8702fb07f8ffb676d427fd9ce6ad87810001b13a241e8d842988a2c5daeb97527772ef4d6ac004bb40182772bbad0dbe7ac7a3750cfeb19af247b0b157faadbafd8880a705f6007441305716b107acf819cbea73473c8c2e5af2d3bec05aec49d43a8478f561992d06ee7109b30745b6363a9be2fd561821144ed74a168d0d1a51e87b6213efbd669b75717e8969ae2740af6dc8f644f294b13f614a207b2c0326da59a2b30ff6c291e9c166846801b5b095db04dc4e68d6f0b48dbfde72dcf4b307c34aa7029ccbd4b8765e53192383b542886de823c0731786b98b04a38f66ee5b1df98dee3524198700ede37c26ed096de0b9eacc8b4008952156bdd8a1181dd4dcd75ccf0db423e08ee82b052c7fb7ac3d365da395190cc30999cee0e6b39bd78fddbc965666de38ea016158245ea6cf6e047a0eed52587014a604d1a6f439935c0b42928f098918d0b105024ee7440cc8d3f0ac0948ae50e3c3e430c9bd358f1d87a4b05f087e520f288fa02eb6fdc27ff1f8d7ea2c39bb09442d4ee61956b5fbcd91ea209fc779f392d94fe9d601e61cf7d03d6af8692139b1872fdf9bfe81477f7759003c5f25e3a0978d41ccbe4016112e71ce5440affab5ba0bbe6e10336fa7450aa03ddef8e30f2d6e444cc973a068d49ec459616ae0019be581a22a7cdd2d6b34d626030a0dcc44e7212e8d13856910a6c541d2c18f9ac7014c239a4d19cf5eb7e5fb05ef22a71fee57e0016c188a60e886ebe24f52517a0bf169aaed14553468d3e766394e5f4758c6b1ed96108d8929aa8bd209945c459887351343ffdad633e9e4f006df5f94a4528001da4141b936eed2ad1892322892b1d6e93f13c0d3a723de70abedca706cb1c9bee7c942a5323588912117ea1326f2a629ec0feab1fc932a44612ec4f13a0c60e0f92b07cc428513e6772a4a8c870ae65e818e21eed1b1ab28c037eab83327f866e8f48ebb04885a2f33e4a4fb83d6150742b90b73c79ed443b2b8aebdffc2f5a9ab166dfe5d2cb48cb543f99d3a89963444d6b45791045fced3e8696b4a0cc2529745d4725ec9876664542d4770eb4808e7b638790769562b93281302c9b7fdb97652f51dc68dd5b093ae001afce20ae8c5b6bf8cfcb35aa359ada56b9d8fa7ac325afc79f5dbeb6e20c55202d7bfb50c0b909d7cbf4ec312d2f778d96c8690a2f4fdeaa76273f279115d9d3736bc6f54deb19e10c6eb12b33b01bd37551268822776716469c030a17944bbaa571f4da04dc486d9fc9913c17c2278423785997597f189f89e4feb9b59073295972f45f43c056d9a5b4b0e2bb628304cdb6f4ef326557ecdf71a5ffc0b841c1a81f15c888370993f1b0d07ad3e5b74442a3ad3d78733b1e35df4d8904cf6e6fca41918aaa479a7571ffcf32e7f471d4986108b7c503ba7f1c18a6e80088470984ae50a449916bd2d729a29ad4905ecbb883da9881ff8e4a9475ca9052649e21ec138c730281d9700bd036bce93a3db6f5f48ac7e882d8a5d505515c4835a498bec40b9248960c6314f1bdef57bec0a3a24054dc89175a14442002185a16dbe79259021debbc35ca18d5e79e19cb97c8b8f16bddc6d68118697b2cd61058d7bc929bfbc56967daad93750276aefd98b1471080de4b0db4daf83876b1c56d86810ca6c98dd7572c7bde2823ff27ab89cd7e818311f357ebea4892ef927bee951c2feb1598e07e72826f1d68a0be9d6f588cc4bb04452c515cc74a49e28c4286f9a37d063c0e771e5ae77883839be11e8200804f911d6ac45eadc33e36a58c9d4a4536d6e0c0a722a78a36db22eb8f23da4bf434cf33828d2c1b6cdca5c92ed0070919d45ec412a6bac481c9f5cbed407e2e1b6e17346961cf52c728f21118d4015f9f57cf0553c851c62b024e8adedc59497af9250695dd324fad782434aa9337b256d0e347ecaeea9ae982cb5aeb56f873122499731b1e1222f620e0c8f9cd4796e9afe82922df50e3af156260fabf81958d06befb193f69fb522be473042dc63d4261418744e580cfe46993e13ceb2d4965a0f8cdb601a2a30d4fc515018f0d293586d0fd1d48e858f9be234287b20a6d467338004794b91e62178044fa5804ca719ebfe08d89f126588651b4b3d6ba620d046fbb1716a83fd63239240f1a780504ef836174346a135eb5f99938916b013a2609562893f22920369beb3d40dbe951ccbd063d267eecebd7a08b806322aaa6475cc1ff30ec9a020adec52a4d1abfbf96185eceeee3cf21fa00f692ed6c6258472cd2cfc2e47a6d0302c6d1d85107aa2f32c67268b45bf2385cc483664bcb9cff62d2c62743605589e52fe91d331bff85272b5c9b19e269a31a2b06b0c33c11a1987b01d8b45644fb6d9815936e55912f5f55077c446bb941839333a7d016821eea68d16939a0d1fcc3babd248d764b839cb503702a788aab5980acda37fe95034da78e25a26385dfde8c2a4454a6691becafdaf5382e10e8c68dedbb9f255b5fd9cda5688229ad0a4bcf3b34e3513b8aebc6d792e4c053d559e4addc89099816d2eb4d6e7cfd02f131d83e44c15616d30687c8aaf31f81d0e5294a95dd90a46601d96799edc926de63f3127a169fb0e255d3e04a18551d9596bfe3bc5daaff50b373232d8ca6fd68af9d83ed32a3494917c3f5674d1b459ffe91faac14553c6952c543ae84113898018ba49a6f65afebb3858980fbd52a5b45c270573b4e8a16c9908d1bfde11b6bc4230f08006293e0a6ec4353aedf5883863c747edce94ec625f53239cbe1e3ed762e367b6a26f76556d717cbf413339d47af01b5979faad4f6a7c315a310997b74535de46111ae7d3c7076df195178e840d94babd9e1bd1816f5df44f08a59f55bcabba3f8e1869cd72eb32638669330eb88aa687e5902345891d87a35f21028ea6b63bb05be806903f03435b776bb2633b99a38b217c95ed35e1c81b965271215ef715f604f3f54469f5358b0364f888317c9ccec13a4209d6cfa8889ee8756b9a5da6bc1528a82b227b78d30eb6ce701e83efeee7cc952af3067f7806d51e18b3be2c6957621e96f8febc28b7ff8e92381eec73515ad0cadb2b6661afddff920700f8b06fae49275887f60db1feb2c5257107b7a68a9b0c376af27de1be26b5a6814d5767708718ca85df685be2a40a209948236f7165a382d0e6b2c499d18cd30bc44c19724d2004342ed080cc3a3a67b14212072b336f83e592b255e4ce670666cb9f17b010c7d1e7213b0a9cbed989f728bca7af07105b887fcd71a5356fba8ad27dec9dcaee95c1202e2c0ad79a99745aba99ac1de009225d6993d5689a26dfdeeef1b23a60ebe4344afca4dfd9ff3ab1074bbaf1921ec07e5725d309b47ce4cbd2e27ae8fe764ffdf58edc3e13b6772536559696d7dff86348a43dc9ebf303cf045054fcfda77db6b07123e370ad5c1b06739dc33c2c719c99bb25e5cdc35fc0556f5f7f2d09e0ccecb389376b9042c5d26065b981598a5fc17d8788ac9e644431eb3b1c184c8ddfc4323bbe10d4504292ab2e06b36d046e217ce462bcc469403e7e6e2d9efb1adfa3056a4d2eb3d87f7935badee628d6f30de137897d6a5731483b4636a133b91f80a8de1d322f4d53993403136f1af484e059487421bdf1adcb2b1e057482d847c000ab7ab05fd5e44c789aec356bc61b5238c3c11dd078ba6bd58180e5e87613f381215a752ee09c7c09c333aabddf333df09cfa9b84ba793f20b588637d512304c059e2c13e226cb06305bf721cfdf25d16906ae5caf127811f5b26d5da2354dab456a10484968ff080e54131df6f994d03e2454268c35220fa69e12c3262fda0fdb3ad164a602d818fb16856fcb1686bd528f4d1c836fedbfb0990dbfdd25e6d774bf8a72f8d522cfd80650f1fcb06e699505371ce01ba9af5cac4ffb1292d25200a769bdbb0dc91984e3908c9627b8f8005fc552fac89ef277fe1376e1fe4a40b94fcafef720fd8d3d7526d0b2537013ecf93c3b37ca5bb0abb1cddf5f95ddfc3fd5394ba05151d3d91c18744688a0c5ad2374dbc2422fdbec5baf16999969c1e73fe29ce128bc29708f004ca7a2968d74f8960dcfa80b42d198b0492df1b3edaae768392ad7721ef27c5e3ecfd1e94aaf6c89c4c11a0594d2df355343c2c1e68ee2b045924acc12e3d3c30f7388ce8b01df1c7e4638480a3bb462d1614ba96f2e2bb457c19ca9edaebfcffecb0b9227407682afb15320ffc78b0dea5faa6f647133cab49ee6d547191e170d4601a02aa4137ebaaff92a280fa7e0c8dd57c77097cc100cee9082e37b806f1714ec2e84a06d83afa9b054cf0187c42e8964e2f18b8708d97f47eea54e0003ac2cde0612c94409b1334a3fb13efef9efbeaea693cfddf6814f60f50e9106f89e1631ad9c426b917fdfa43938b6a2fbda1240b9076a800eb263b9d57b89dace3c75ca778d3a8f16881ff5ac608cea924bdeafbd146f582b9ad2f93b4b74089a5f916c074874ecf33754078a23ff59c48bc34bd1f3f24a62872305d19f33a635e1c508e64e2290bfb7c13908142ae2224a60a2b0e090a9320a781e08e44d766040d4951aa33ec7e40fff659eb53624f795110b47a7c56c8a74d67c69614bbebccdc9858bd87b2f8079c706f8caf9867bc93283acf594c46bc8239f01388c22b5e7c262280594fbf2ac3210a039718e538536eeec09cf81d239a281d95fd586f78f3500224570d8939c496d07af4e5bcfe0c203b58ad243b70296560a07c78fe0e6a01d183ba8f6fad6ace90041aae1021b30e893be43bc194c8da8cdce1c472f9201db38c9573fd2f97af2ac4d799d41a02ab01b20cd057e0db90d82d9d5b3cb549f5eb3aa0dab8353553eb9d70d41d7e9f56f58372dae28a398a5db534017de1b0464018f17771624c952e1cdfae2bccf8b3ecadd8e053d90d07d6288933b2ec9fcf73035e936a6f1a28350da7cfdcf8e428882b59a97011ed7617491319463b766fa55e7044f315b8eec113c408111f0808b7c0acb2b7512b49319dc9ebc85ef52010ebec4a132a2007ba93ceceef417236bd156315943b448ebfe4ee9318d1e90d9163c704231839cd37190dae3714739a474a3794b8d32831ea410bd555905e2723e69ae410e66fbb07e09bfa858ce3e678da007c903d9773fcc8bc21a0817075f7d341bc75bb30ce267cf55d065b906f4ccc4506009524169a7fa5d8d496e8e30c2e474d6c6a147e8beb1d8df937a0345e27378042cc2c45a3d4aedf5dffe2ba30baa92cf2e0847c1de92064bf1f05bcd6b7c1f262979ee9ede6b98b91f2299f2bc055c949d4d968cedff7335770d69aa1baf9e04d189faedded4d3175d50ea49d0f7a28dde5516619573faf61026f348fe583176d65461607b44d27662d6f976d99eab7ae3365bccb744ceb106e69202f1af57f6bbbac0095ff6a35d2fc8bc4e1f001e15593319d7a12463d0d69e29d870db990ac7080ff634cd5f97a14accc58cffd309b554397be9ad97391e9b899f67c32e0a1922060ce90a3c65802b30667d22abfa6545ea17694e0a159f4f05e3693cc5edf0fe34d6324d564d6faac9293a4d9ce40c42bf4908e6461d6e1b6233cba5382bd95d0741f07631b9b643971b719b7a62dac9bbd49be82be01100e6bf614f56bc1babb1158ffad925de03cb9496c2abe22f947c9aec47f8da6949d2b523891ada92464b1966c3a33e8a165c1d44294b116826b8a4c4dc16bb0152b04280fe95db21670af1c4d58bc901149b04d815df579b9fb7432e663"}]}, 0x229e) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=ANY=[@ANYBLOB="ce000000080211b3b5010811400000080211000000ff3f000200000000"], 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=ANY=[@ANYBLOB="1000000008021100000108021100000008021100000020000100000001000108829eeffd2b121824"], 0x28) [ 2254.600890][T18019] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2254.652263][T18019] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2254.803413][T17506] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 2257.450857][ T49] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 2257.455090][ T49] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 2257.457862][ T49] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 2257.475232][ T49] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 2257.475723][ T49] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 2257.475964][ T49] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 2257.590720][T18024] chnl_net:caif_netlink_parms(): no params data found [ 2257.639052][T18024] bridge0: port 1(bridge_slave_0) entered blocking state [ 2257.639128][T18024] bridge0: port 1(bridge_slave_0) entered disabled state [ 2257.639780][T18024] device bridge_slave_0 entered promiscuous mode [ 2257.641282][T18024] bridge0: port 2(bridge_slave_1) entered blocking state [ 2257.641353][T18024] bridge0: port 2(bridge_slave_1) entered disabled state [ 2257.642101][T18024] device bridge_slave_1 entered promiscuous mode [ 2257.693046][T18024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2257.698895][T18024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2257.729249][T18024] team0: Port device team_slave_0 added [ 2257.730689][T18024] team0: Port device team_slave_1 added [ 2257.754391][T18024] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2257.754406][T18024] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2257.754433][T18024] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2257.756573][T18024] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2257.756586][T18024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2257.756613][T18024] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2257.815678][T18024] device hsr_slave_0 entered promiscuous mode [ 2257.822784][T18024] device hsr_slave_1 entered promiscuous mode [ 2257.845412][T18024] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2257.845439][T18024] Cannot create hsr debugfs directory [ 2257.958174][T18024] bridge0: port 2(bridge_slave_1) entered blocking state [ 2257.958220][T18024] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2257.958327][T18024] bridge0: port 1(bridge_slave_0) entered blocking state [ 2257.958370][T18024] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2258.026057][T18024] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2258.031699][T17291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2258.032726][T17291] bridge0: port 1(bridge_slave_0) entered disabled state [ 2258.033534][T17291] bridge0: port 2(bridge_slave_1) entered disabled state [ 2258.042755][T17291] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2258.060689][T18024] 8021q: adding VLAN 0 to HW filter on device team0 [ 2258.080645][T17336] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2258.081135][T17336] bridge0: port 1(bridge_slave_0) entered blocking state [ 2258.081192][T17336] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2258.094235][T17336] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2258.094704][T17336] bridge0: port 2(bridge_slave_1) entered blocking state [ 2258.094761][T17336] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2258.114085][T17291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2258.115032][T17291] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2258.120535][T17291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2258.134478][ T1693] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2258.139928][T17291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2258.151604][T18024] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2258.167949][ T1693] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2258.168091][ T1693] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2258.189092][T18024] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2258.481506][T17291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2258.482474][T17291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2258.499659][T17291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2258.500414][T17291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2258.505194][T18024] device veth0_vlan entered promiscuous mode [ 2258.524357][T18024] device veth1_vlan entered promiscuous mode [ 2258.548980][T15172] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 2258.549437][T15172] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 2258.550007][T15172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2258.552596][T18024] device veth0_macvtap entered promiscuous mode [ 2258.556635][T18024] device veth1_macvtap entered promiscuous mode [ 2258.568552][T18024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2258.568571][T18024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2258.568648][T18024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2258.568664][T18024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2258.568673][T18024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2258.568687][T18024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2258.568699][T18024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2258.568713][T18024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2258.568726][T18024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2258.568739][T18024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2258.570511][T18024] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2258.570920][T17336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2258.572438][T17336] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 2258.581223][T18024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2258.581241][T18024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2258.581249][T18024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2258.581261][T18024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2258.581271][T18024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2258.581284][T18024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2258.581296][T18024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2258.581310][T18024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2258.581322][T18024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2258.581336][T18024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2258.582469][T18024] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2258.585992][T17336] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 2258.586638][T17336] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 2258.765896][ T6945] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2258.765916][ T6945] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2258.770793][T15172] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 2258.820586][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2258.820606][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2258.827564][T17335] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2258.980105][T18043] FAULT_INJECTION: forcing a failure. [ 2258.980105][T18043] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2258.980140][T18043] CPU: 0 PID: 18043 Comm: syz-executor.0 Not tainted 5.19.0-rc1-syzkaller-00303-g7a68065eb9cd #0 [ 2258.980168][T18043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2258.980183][T18043] Call Trace: [ 2258.980189][T18043] [ 2258.980197][T18043] dump_stack_lvl+0xcd/0x134 [ 2258.980230][T18043] should_fail.cold+0x5/0xa [ 2258.980256][T18043] _copy_from_user+0x2a/0x170 [ 2258.980285][T18043] iovec_from_user+0x149/0x3a0 [ 2258.980311][T18043] ? _copy_from_user+0xf9/0x170 [ 2258.980347][T18043] __import_iovec+0x65/0x5d0 [ 2258.980374][T18043] import_iovec+0x10c/0x150 [ 2258.980399][T18043] sendmsg_copy_msghdr+0x12d/0x160 [ 2258.980426][T18043] ? do_recvmmsg+0x6d0/0x6d0 [ 2258.980449][T18043] ? _parse_integer+0x30/0x30 [ 2258.980470][T18043] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2258.980488][T18043] ___sys_sendmsg+0xc6/0x170 [ 2258.980501][T18043] ? sendmsg_copy_msghdr+0x160/0x160 [ 2258.980515][T18043] ? __fget_files+0x248/0x440 [ 2258.980528][T18043] ? lock_downgrade+0x6e0/0x6e0 [ 2258.980543][T18043] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2258.980560][T18043] ? __fget_files+0x26a/0x440 [ 2258.980572][T18043] ? __fget_light+0xe5/0x270 [ 2258.980586][T18043] __x64_sys_sendmsg+0x132/0x220 [ 2258.980599][T18043] ? __sys_sendmsg+0x1b0/0x1b0 [ 2258.980612][T18043] ? syscall_enter_from_user_mode+0x21/0x70 [ 2258.980628][T18043] ? syscall_enter_from_user_mode+0x21/0x70 [ 2258.980642][T18043] do_syscall_64+0x35/0xb0 [ 2258.980658][T18043] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 2258.980674][T18043] RIP: 0033:0x7fe68f689109 [ 2258.980685][T18043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2258.980698][T18043] RSP: 002b:00007fe690892168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2258.980711][T18043] RAX: ffffffffffffffda RBX: 00007fe68f79bf60 RCX: 00007fe68f689109 [ 2258.980721][T18043] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 2258.980729][T18043] RBP: 00007fe6908921d0 R08: 0000000000000000 R09: 0000000000000000 [ 2258.980737][T18043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2258.980745][T18043] R13: 00007ffd9dcfd5bf R14: 00007fe690892300 R15: 0000000000022000 [ 2258.980755][T18043] [ 2258.982374][T18043] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2259.035374][T18044] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2259.088572][T18043] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:20:37 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (fail_nth: 3) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:20:37 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) (fail_nth: 7) 19:20:37 executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_BEACON(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x1c, r0, 0xc31, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) 19:20:37 executing program 2: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000000140, 0x13ec, 0x6, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000200)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 19:20:37 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async, rerun: 32) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000600)=@data_frame={@qos_ht={{{@type01={{0x0, 0x2, 0xf, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1}, {}, @device_b, @random="ae07a14837ba", @broadcast, {0xc, 0x20}}, {0xa, 0x0, 0x2, 0x0, 0x6}}, {@type11={{0x0, 0x2, 0x4, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1}, {0x2}, @device_b, @device_a, @from_mac, {0x3, 0x4}, @device_b}, {0x2, 0x1, 0x1, 0x1, 0x6}}}, @ver_80211n={0x0, 0x7f, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}}, @a_msdu=[{@device_a, @device_a, 0x24, "0fe86c3a8d9f1531e1dfedc1a2825bd85a11069f893ff29b6e990f20a8cf460dac486b02"}, {@broadcast, @broadcast, 0x7d, "f95b0d5dc8bbfd581624bf77e1d277b1a653ecf8eb24def4a1aeb2070bf68214fe12cb080abbd01ccb1f09288cfd454d8ac7d3d2026191953a7f1fb0b0b4f5d6a241d70daf68e689f3a35e16fe08b2f690e0bc8f2717197f5f0457ce51b9a4497d133e425481e0ed54025236b70258fb00460b9efef262b6bde36e7e87"}, {@device_a, @device_b, 0x37, "a57fc7f106021261f9bd1e679800c0a583dbf873239626c743d7d20e140c7187284e93b2fc12b600a6fc2f4242f5281f5f56cb8e804423"}, {@device_a, @device_a, 0x1000, "40c5d5208fe0e6a13cebfb11aeaf862948d673769d380094eb221e7da19aeeeb35c3ec92b7d12d8de689a64aebac283b6d37c9ec915e7c01aa4716d8ec81d260989116684cf90639a031d51d284a42babfe43f12e5fdcf12a8d379ad5ec8e5b633b9204d853fa69171272f37a8b4b67917b42e410c9613e8197233e952ccecfccca5d2fc72d539061eb961b7792093008c6104922cbf396a9e5405a1ca937b353886801433f5b6fc0e2173982def85ce9f1ccde2a0298506e34517ba7399d4898e366ba19abaa3e06a6b259eef55e448425d0e34422577cea94dc292c1699a065622ae57ce9ffd8fa69fd459b925d98629fe2d67530f69b8275e74f1b8a6835b41633c66f99461706088f730088a34d70c3c4a1cbcf07e5d50a86f31370cb6b1910a4e0f3879bd55925266a39687a18b7f84634ee3e1ba0bc10287a0111dad6b0a963bd92242ecbbbbeb5e07922370d65ac9cd383809fb9b14f9f46d282e0c5426308932df7cb4c8c3bd5318eb846f2e1fb3b4290dac8e7db5810f9b723654ccaaf9941c03ae196ec073833988db0cde983b3fe11c1ba48014ca01cdb9d267a641eddefdee391c02259bac1cc58a0a5d07af37276720eda120ec151546e0f690c52131ccf56c328fc1b362e2da7dc26087d484f5686e8ca541fb00601d0e0694fc3834b0751932263690d6b5361f7f990f08193e378b2e25a7bf1f345e11f32b40ce48ab7b9152be39084cc8f40bdc3b5e9a5e3dac05335f63c23eb5137608bbbc4c6381c23bb86f6352bad12bf52b1e4991cbf3921372307928792de76e5aafa08bf5eb7731746c08d4b888470e4cefad00be5a39790d7b3c000f1160c203b19c30ea5c191fab3886100ba31caf57542a99a7266bdf11a0eae23af4b2d970a5f20b466cfa3a3a74075ccbfa479b72c20474e6257a7fafc3b5d74c70ba5a3ca570afa48bdb225445b1e9e82918fc8d278a81ffc4fbbe4bc5d59f480be5ab413e1628fdbd660db15fc94f24becafd5a0e45f3633d6208554b01f49cb4afc7798f0659d0f7cba275ab5ea3b37a80b00f92f600cb606fae84d07a3c32a148b154b71f8f1c4d34ee873c461a584d23e3e092480db0e8d40098350350c2c062c8956b72ca3bf9f750e59dcb89602d0af8bf4b19ca80a5a7390a62bd25e57b3ac6fb8140f8e99a9290a318d04e823353c0f584aecef249fbe0e99bcb7cc5712eca6a8e53ea66b8ef9be96e033330179c94990fede64da74d987cfbe0f64142afd360e95e78a9dfa02835a3f25186d17c5364ef29555a294eb446fc768efddd17f5067c58404e0868673b6baf13dedf932b31976f3de8dd95d7be683ea65710582450b35714b3df40af860f8329b7339054d960f2cb510b69f48b67e0d8eb97f41ec90508da1066ec7c7715bf842e2490bba512ca453bec127022897560716c4ce857517fd4feba998cb1a96c2759f82c530e5c6757b7846d2190a8295c309e2e1974a5b479d9a65407905ae865339c3d24291c3ff6c0a36884f62799cce97e3c108dbc844d7bf5bfd95f41f293db1b9aba5f0b895a362025c1b54bd8f082e14446eb3552f6796edb4d9f23a31744b97c0b06c828b22713bd23fb4d3141e9448ea54f555b50680fe20508df4e9ac86c37daf1a97a296c3bf31259aecb6c7f6d3fd703057a1e41d15bc2214ed02f1644eb63e4b37d179a878276e2776bbe253ea196dccec8599a01fc40104478494974bfb0787b4dfe3b1ebe524f71f1bd1e6a0d01f9cb6c38374c45a46992c4abd2333266e0cd79ee008be69c402ced0cf4e87fcc6016c26ed0170e67b5d3735e8a8969da0fe2d27f99f978e5528749b4323ea36e92258465141e921f8159f84e1bfa9c8828ba9917b73cafaa53914f851ae263b7b32f760fee8b46dd2f54ca4c46692f4ba383bc4fadeba443aad97d253524ccee727f9ba6a76b0eadfefc66303da5c525d9334303df4e6f7482a27466d7a6811176789263ab1f63a3c1c6d6926ff43c4df06920dcf60f48ed67c50533160232335b32a163c3ffcc972a2afc4ea0d22e345bb1d36d683cb2455eecca95a0450f55f1389ee3cf8a226be4e6ab9bd5c1d33ba6cab51500e79a783bf13bba8cf8471f99d6f4f6dedb47f3f542c3788f9abd72f02221c66285018ba0df21c289e92839e3390ec7f668f22107ef40cbeb8814b064d053aa4b65efcdcff479ca6ee2adb98d67f6865edaa9fef4d5b001e8c2937dcf84f0d6707e131d876131e3e60f18658d3095a97ea3b926bf12157da9aa9e09c97e75b2fb01fc6867a5b53bb99252869c2258bb0a467756ed1601d71e6277db4ad9d6522a148c9f55285996cf6bbf3aca8dad1da93455ffce6b08a80314cbab2eb66f520714a359ca5a92bf11ab05ca0975b69bd1b6e9a82e5a58e04eb0bd923ee58cd884e9c081e2021a7f2fe5181a6aada74ddc4389516902040f4e1d51151e1aeac6f68cae1db8152895e063662391021a1e24e3eca2588a8b0326c4d338c913006032d2eea0a2c1af42e5ce72c0776b416398bd4822d9700f3707744d0dec6151a94f78dfd59972ae650a8c1ef07f2c29edac48a60011483ec33e2e922534da6532a51c2cf970e693ce6bf5c38c493bbc2722b5237cb04b0d03161876f933071e95346440fa53ad1f0a662877ff1f8cec45ca0a68b13cdb033fc5226c62696fa2f1b5822ccadd37cb3315c2d00901ce3eeb70bc340ef84d7674906bf4e7f464a5645a58dea9901ef0228b67cc7fdaa5c55dde4df2d2ae95a7d82940f6a84dc6c5638676f99382ac7f8e041b9e2f11d98c34439396bf7d48325824f40af24eadb0879b4bb70cf4dd68dbb6d02fc78db17e95e55a306fe48fa897891cb1578cb1de112e6dd053675dbda20659f72f6a6a77c460fe6a18ca9f0f4f141303cd724bd9a9a04a02a60fa306af7c16ca3f458b44203372e4c3bb450e8327ddc7c5ba344129d546c1e2f14d02cabb864d2bfc28d0430dec10213b335e22692968b4af6b021ead2441c35bd10e96ed3f515a3341cf15fd278647e993780a927ad9dbcf733638abb9d738a6b6a6722172dcfac95ff500cb5e81209f8d38b3f6a83fa08df1a5af6a83dabb6f29315c84a8d182178a0d2408137f9ebca69b99cd297195fd4f57c15edab65a7863d1606b7cc793cba681cfaafdcce7a983839ef17bf7e909e82cb748d032ebe7d6df01c4e32ed57ffbca5abbf14a8677fd856cf0817b5e7efc0485aa89b4fac9764eb9438ee6bacc424cb0c71716ffaec03e0b52c3ec3615f743fbad217f4d1be51e3f342d2d6d7a1a98b5ed2a9c6ca913b354cdcd2ce8592f513bade1909dd9e3daefe78e0058c7d553660dc1e8196c7d50298f8fbe163ffd890316fb8db2e2eb7543f0dbeadf20f0ce9adcf5461a346a09150b3a4d3ebb84ea1e8edcfc20ba98f98297b16b5907f861e38052b9e980e479e5a0b39811d42e919a1df857f107325ca3a9b93589db4a19c7648dff8b077d2d4875faa20489361f4288480ed24bdbb102c244299121ea9522ccc78cf2357ba39683d7de30026d973651d6c7a91e74b69960c285f8b847d49d747dde2a395e4b6f6db8cb2339256024b39a9adba4681f10d3bc015603435ae2d39c5c6290714e78f93a37348191a5d226c1ab98ab2e4e4227f1f2fe10a12b868e43e0fd964e3d42343f207b1b2ba13401a436914912ef6925fd95b999d7c53795dd51742c817b640b98e68d09a6e781d4dd155077291f578387bf2981b6c1e90180145851f23b8a57f4a85c2bf99a6fe5df9c56be3a1a852bd57992ca00a41e9072a0b865c91b215f5e77268e4922362a4134aa3682af356beedf9539a5729f862d1993256554c6cc116ee5f4de68c6eca5505b5d15131b88c755d546594b1d690f90f865c3e5437d9c1ff804582341dba3ff33a8dbedc4095fd2a790f76d6395d2f667375628ac41a06213e95df73e204e384e546bbbcf173e3ae2ad47496838323857824002ed3a4552ffa65b05b8bd8af6d4c661d2b9f4c1cd02da036050d0f3a8541b2fcc40be1edafbe73d587457c02ec7d4755001266214a076e6855d264c2aae8ecf7ee0eaa05b13b69e5d6fc149d81aea7b3bbef2f253b2cf5656ae98eaddc310b535711a6fbdd420c4b16e0b80cd303d6f316fb884622376c4af8799824b4569718fe85357bed2c21b3b520021107a9b40b803af60b73efbe1af30f8135ba02887ac3ec429051e92c3a8899b14e0fc7e9aa945a1b6f18ed5c37845bc32c084c6662b1e55d50611593177d9fa662f4b905f467cf5e9f527f1663ca393958d7f1722c08e78a170a7d622928b5becc4fd9a94fad26677293d5d03255bcb20da40cb82b330c9b942c419cd8ad2b1460484323343c43163d674e93b7dd17f4a7c2b5069f75591d2f2d06f723ab226989dc7c9d2c82c0244179343bbdaccf135eb68251fe4bdbaf1864ec5d70b38f7c127cf16aee0529decf75e571080300c1dac688c39f435f92a27d44475287d70438288f15ff85d620d6dce754b4b40b1eb7e637e7bb265afd8007d4e17f8b12ccf13945759dab4e5e91158aa8853d13051953dfc17a5c49b96eec1e5e262830e0e63d3c947de2fc5835386d453ada909b06c31eeb925003a4a131c8870325e2459897fbfe0ec56f4cf68d011fe50084c9a1e9514ab80a6db6c0f8370149d67e5c740c402c7572b7c5737aa4c49c219b87580e963ef5ac7e4d45c1d1bc6ca11011c7c3755df9d3cf81f8f891e64eaf4e1423e6a471777c061515bdbcd0c7d59757f7d25073d2e01b5637a83c7ddd6cf851dffd41ef27f0acc645701f13af9fb1b29843fd3e1eefcfbf5d434950f3f446b2f18aa0f199b1a97f0eb9dba5cc93eba03f273ca5ef2e8f6c62c02d8a5c5f87118989eb7be9fb77b3d09550bcebfa201e0b352d9ce7dd8c8c3797664d4741ffd577ea164d639c55540fcc8f607f8141b086c7fb937d697b7ee48be173c91fa6debd27388ffb8f99e8357734b86c1b82ad7e0aaa11f29de859c6e89e038f7cbe06f9ef2f14ec93faeb2a22aec4d51502a5c15bad5cdae300693ab0a642044967a4068684bae061b558275c96ef5d25d2d9871ff840c34fc7ed56332e0940b8744c2a1429e80fef211fe30e9ba963ee45a118dcec98e946da957784d410ab011ee02fe9548c8cba7a2260a50a55a6832bc491b996818c4e681f5a2b5041696c51bf66a50c28711b8b53eb9ed0220e2f18a70b34add52ddcc7e6d64d4d9372e4988372e42dcc2b384bbe9969c751257ec910ee062707feba1fb93d14c10e69bb0d8ec49d971bd8b37ca4f123e4e6f0d6be12526944f4428d6b14c9f54d976380432c871f8b8ad6ccfc2dec38d3340ba013eef74c3d2815c1b060c52cdbe96c673a4a83b5e265485d8b7851abda1d9e9239bf304f64ccb02ae28c00a4cb23f1e81a2bf9911d17a914ac6f55491edc7a352a4de1332af2addcc9fa8094a1d1b9fdc0e9aca5fb9aa0d6f4691f2eba213f22fe0cd4160238ad7f3c279ce42e70a9e8a7f79a6a17a4a346fd9b8dae861df7195d82fc6005c9ff448fed9d1579a687321a73c337e88c3dfa8bade13be7bcf2897e1972ebf2f5fc30ad745c7d852ec14c333c9dafb6254133f1dda4932e15691a3c8055d36800bc369e7356c5e794ce1dc0990e3fe54f08ab7055394c2870ae1b6da5c2c1cba60b9872d9e84a84e8db3789bf9cf36adea5fbfc69de95ab1a2b4f307253b3b56ab956396eee19b32f9392b1ad68e2b827138d8590f615e9c7d38c75357fb142da32c4d9c30fc7f9115"}, {@device_a, @device_b, 0x19, "9568cc859157ef25890054aa543a890e3f5249a71248390fb3"}, {@device_a, @broadcast, 0x11, "3d76529c3168237c4ff71c54d0dfd3cab4"}, {@device_b, @broadcast, 0xe2, "88920cb51ad3239aded39f7fc032aeecca86a564a4ba8f395bc9e695337c6e297a3a0285c33f08a575ecd6419712af62bb49ca74a33f4d6cc6a0ba193bb78bbdbf5d7e1d10f45387566c5a82dacc402e52d508082e826e90d16fd4c098a489f6c1bc9695278a3d91677fa6c79aa5fe4cb2658ff28612b8e27e9e26242a4c1719d60bada80899d91dcffdad44aceea4cc186fc5e78c86c8307f3ee84f44ad888bb6de2d2b72c391dfec3d2a366718fd0a2f514c2d8a56ae89e5ca3afb39feab6d13346b2b5c7244372e10b49d306cd2b9dbf79dae6f4aee9f81da0da1aee4adf45c43"}, {@device_a, @device_b, 0x1000, "778caf8702fb07f8ffb676d427fd9ce6ad87810001b13a241e8d842988a2c5daeb97527772ef4d6ac004bb40182772bbad0dbe7ac7a3750cfeb19af247b0b157faadbafd8880a705f6007441305716b107acf819cbea73473c8c2e5af2d3bec05aec49d43a8478f561992d06ee7109b30745b6363a9be2fd561821144ed74a168d0d1a51e87b6213efbd669b75717e8969ae2740af6dc8f644f294b13f614a207b2c0326da59a2b30ff6c291e9c166846801b5b095db04dc4e68d6f0b48dbfde72dcf4b307c34aa7029ccbd4b8765e53192383b542886de823c0731786b98b04a38f66ee5b1df98dee3524198700ede37c26ed096de0b9eacc8b4008952156bdd8a1181dd4dcd75ccf0db423e08ee82b052c7fb7ac3d365da395190cc30999cee0e6b39bd78fddbc965666de38ea016158245ea6cf6e047a0eed52587014a604d1a6f439935c0b42928f098918d0b105024ee7440cc8d3f0ac0948ae50e3c3e430c9bd358f1d87a4b05f087e520f288fa02eb6fdc27ff1f8d7ea2c39bb09442d4ee61956b5fbcd91ea209fc779f392d94fe9d601e61cf7d03d6af8692139b1872fdf9bfe81477f7759003c5f25e3a0978d41ccbe4016112e71ce5440affab5ba0bbe6e10336fa7450aa03ddef8e30f2d6e444cc973a068d49ec459616ae0019be581a22a7cdd2d6b34d626030a0dcc44e7212e8d13856910a6c541d2c18f9ac7014c239a4d19cf5eb7e5fb05ef22a71fee57e0016c188a60e886ebe24f52517a0bf169aaed14553468d3e766394e5f4758c6b1ed96108d8929aa8bd209945c459887351343ffdad633e9e4f006df5f94a4528001da4141b936eed2ad1892322892b1d6e93f13c0d3a723de70abedca706cb1c9bee7c942a5323588912117ea1326f2a629ec0feab1fc932a44612ec4f13a0c60e0f92b07cc428513e6772a4a8c870ae65e818e21eed1b1ab28c037eab83327f866e8f48ebb04885a2f33e4a4fb83d6150742b90b73c79ed443b2b8aebdffc2f5a9ab166dfe5d2cb48cb543f99d3a89963444d6b45791045fced3e8696b4a0cc2529745d4725ec9876664542d4770eb4808e7b638790769562b93281302c9b7fdb97652f51dc68dd5b093ae001afce20ae8c5b6bf8cfcb35aa359ada56b9d8fa7ac325afc79f5dbeb6e20c55202d7bfb50c0b909d7cbf4ec312d2f778d96c8690a2f4fdeaa76273f279115d9d3736bc6f54deb19e10c6eb12b33b01bd37551268822776716469c030a17944bbaa571f4da04dc486d9fc9913c17c2278423785997597f189f89e4feb9b59073295972f45f43c056d9a5b4b0e2bb628304cdb6f4ef326557ecdf71a5ffc0b841c1a81f15c888370993f1b0d07ad3e5b74442a3ad3d78733b1e35df4d8904cf6e6fca41918aaa479a7571ffcf32e7f471d4986108b7c503ba7f1c18a6e80088470984ae50a449916bd2d729a29ad4905ecbb883da9881ff8e4a9475ca9052649e21ec138c730281d9700bd036bce93a3db6f5f48ac7e882d8a5d505515c4835a498bec40b9248960c6314f1bdef57bec0a3a24054dc89175a14442002185a16dbe79259021debbc35ca18d5e79e19cb97c8b8f16bddc6d68118697b2cd61058d7bc929bfbc56967daad93750276aefd98b1471080de4b0db4daf83876b1c56d86810ca6c98dd7572c7bde2823ff27ab89cd7e818311f357ebea4892ef927bee951c2feb1598e07e72826f1d68a0be9d6f588cc4bb04452c515cc74a49e28c4286f9a37d063c0e771e5ae77883839be11e8200804f911d6ac45eadc33e36a58c9d4a4536d6e0c0a722a78a36db22eb8f23da4bf434cf33828d2c1b6cdca5c92ed0070919d45ec412a6bac481c9f5cbed407e2e1b6e17346961cf52c728f21118d4015f9f57cf0553c851c62b024e8adedc59497af9250695dd324fad782434aa9337b256d0e347ecaeea9ae982cb5aeb56f873122499731b1e1222f620e0c8f9cd4796e9afe82922df50e3af156260fabf81958d06befb193f69fb522be473042dc63d4261418744e580cfe46993e13ceb2d4965a0f8cdb601a2a30d4fc515018f0d293586d0fd1d48e858f9be234287b20a6d467338004794b91e62178044fa5804ca719ebfe08d89f126588651b4b3d6ba620d046fbb1716a83fd63239240f1a780504ef836174346a135eb5f99938916b013a2609562893f22920369beb3d40dbe951ccbd063d267eecebd7a08b806322aaa6475cc1ff30ec9a020adec52a4d1abfbf96185eceeee3cf21fa00f692ed6c6258472cd2cfc2e47a6d0302c6d1d85107aa2f32c67268b45bf2385cc483664bcb9cff62d2c62743605589e52fe91d331bff85272b5c9b19e269a31a2b06b0c33c11a1987b01d8b45644fb6d9815936e55912f5f55077c446bb941839333a7d016821eea68d16939a0d1fcc3babd248d764b839cb503702a788aab5980acda37fe95034da78e25a26385dfde8c2a4454a6691becafdaf5382e10e8c68dedbb9f255b5fd9cda5688229ad0a4bcf3b34e3513b8aebc6d792e4c053d559e4addc89099816d2eb4d6e7cfd02f131d83e44c15616d30687c8aaf31f81d0e5294a95dd90a46601d96799edc926de63f3127a169fb0e255d3e04a18551d9596bfe3bc5daaff50b373232d8ca6fd68af9d83ed32a3494917c3f5674d1b459ffe91faac14553c6952c543ae84113898018ba49a6f65afebb3858980fbd52a5b45c270573b4e8a16c9908d1bfde11b6bc4230f08006293e0a6ec4353aedf5883863c747edce94ec625f53239cbe1e3ed762e367b6a26f76556d717cbf413339d47af01b5979faad4f6a7c315a310997b74535de46111ae7d3c7076df195178e840d94babd9e1bd1816f5df44f08a59f55bcabba3f8e1869cd72eb32638669330eb88aa687e5902345891d87a35f21028ea6b63bb05be806903f03435b776bb2633b99a38b217c95ed35e1c81b965271215ef715f604f3f54469f5358b0364f888317c9ccec13a4209d6cfa8889ee8756b9a5da6bc1528a82b227b78d30eb6ce701e83efeee7cc952af3067f7806d51e18b3be2c6957621e96f8febc28b7ff8e92381eec73515ad0cadb2b6661afddff920700f8b06fae49275887f60db1feb2c5257107b7a68a9b0c376af27de1be26b5a6814d5767708718ca85df685be2a40a209948236f7165a382d0e6b2c499d18cd30bc44c19724d2004342ed080cc3a3a67b14212072b336f83e592b255e4ce670666cb9f17b010c7d1e7213b0a9cbed989f728bca7af07105b887fcd71a5356fba8ad27dec9dcaee95c1202e2c0ad79a99745aba99ac1de009225d6993d5689a26dfdeeef1b23a60ebe4344afca4dfd9ff3ab1074bbaf1921ec07e5725d309b47ce4cbd2e27ae8fe764ffdf58edc3e13b6772536559696d7dff86348a43dc9ebf303cf045054fcfda77db6b07123e370ad5c1b06739dc33c2c719c99bb25e5cdc35fc0556f5f7f2d09e0ccecb389376b9042c5d26065b981598a5fc17d8788ac9e644431eb3b1c184c8ddfc4323bbe10d4504292ab2e06b36d046e217ce462bcc469403e7e6e2d9efb1adfa3056a4d2eb3d87f7935badee628d6f30de137897d6a5731483b4636a133b91f80a8de1d322f4d53993403136f1af484e059487421bdf1adcb2b1e057482d847c000ab7ab05fd5e44c789aec356bc61b5238c3c11dd078ba6bd58180e5e87613f381215a752ee09c7c09c333aabddf333df09cfa9b84ba793f20b588637d512304c059e2c13e226cb06305bf721cfdf25d16906ae5caf127811f5b26d5da2354dab456a10484968ff080e54131df6f994d03e2454268c35220fa69e12c3262fda0fdb3ad164a602d818fb16856fcb1686bd528f4d1c836fedbfb0990dbfdd25e6d774bf8a72f8d522cfd80650f1fcb06e699505371ce01ba9af5cac4ffb1292d25200a769bdbb0dc91984e3908c9627b8f8005fc552fac89ef277fe1376e1fe4a40b94fcafef720fd8d3d7526d0b2537013ecf93c3b37ca5bb0abb1cddf5f95ddfc3fd5394ba05151d3d91c18744688a0c5ad2374dbc2422fdbec5baf16999969c1e73fe29ce128bc29708f004ca7a2968d74f8960dcfa80b42d198b0492df1b3edaae768392ad7721ef27c5e3ecfd1e94aaf6c89c4c11a0594d2df355343c2c1e68ee2b045924acc12e3d3c30f7388ce8b01df1c7e4638480a3bb462d1614ba96f2e2bb457c19ca9edaebfcffecb0b9227407682afb15320ffc78b0dea5faa6f647133cab49ee6d547191e170d4601a02aa4137ebaaff92a280fa7e0c8dd57c77097cc100cee9082e37b806f1714ec2e84a06d83afa9b054cf0187c42e8964e2f18b8708d97f47eea54e0003ac2cde0612c94409b1334a3fb13efef9efbeaea693cfddf6814f60f50e9106f89e1631ad9c426b917fdfa43938b6a2fbda1240b9076a800eb263b9d57b89dace3c75ca778d3a8f16881ff5ac608cea924bdeafbd146f582b9ad2f93b4b74089a5f916c074874ecf33754078a23ff59c48bc34bd1f3f24a62872305d19f33a635e1c508e64e2290bfb7c13908142ae2224a60a2b0e090a9320a781e08e44d766040d4951aa33ec7e40fff659eb53624f795110b47a7c56c8a74d67c69614bbebccdc9858bd87b2f8079c706f8caf9867bc93283acf594c46bc8239f01388c22b5e7c262280594fbf2ac3210a039718e538536eeec09cf81d239a281d95fd586f78f3500224570d8939c496d07af4e5bcfe0c203b58ad243b70296560a07c78fe0e6a01d183ba8f6fad6ace90041aae1021b30e893be43bc194c8da8cdce1c472f9201db38c9573fd2f97af2ac4d799d41a02ab01b20cd057e0db90d82d9d5b3cb549f5eb3aa0dab8353553eb9d70d41d7e9f56f58372dae28a398a5db534017de1b0464018f17771624c952e1cdfae2bccf8b3ecadd8e053d90d07d6288933b2ec9fcf73035e936a6f1a28350da7cfdcf8e428882b59a97011ed7617491319463b766fa55e7044f315b8eec113c408111f0808b7c0acb2b7512b49319dc9ebc85ef52010ebec4a132a2007ba93ceceef417236bd156315943b448ebfe4ee9318d1e90d9163c704231839cd37190dae3714739a474a3794b8d32831ea410bd555905e2723e69ae410e66fbb07e09bfa858ce3e678da007c903d9773fcc8bc21a0817075f7d341bc75bb30ce267cf55d065b906f4ccc4506009524169a7fa5d8d496e8e30c2e474d6c6a147e8beb1d8df937a0345e27378042cc2c45a3d4aedf5dffe2ba30baa92cf2e0847c1de92064bf1f05bcd6b7c1f262979ee9ede6b98b91f2299f2bc055c949d4d968cedff7335770d69aa1baf9e04d189faedded4d3175d50ea49d0f7a28dde5516619573faf61026f348fe583176d65461607b44d27662d6f976d99eab7ae3365bccb744ceb106e69202f1af57f6bbbac0095ff6a35d2fc8bc4e1f001e15593319d7a12463d0d69e29d870db990ac7080ff634cd5f97a14accc58cffd309b554397be9ad97391e9b899f67c32e0a1922060ce90a3c65802b30667d22abfa6545ea17694e0a159f4f05e3693cc5edf0fe34d6324d564d6faac9293a4d9ce40c42bf4908e6461d6e1b6233cba5382bd95d0741f07631b9b643971b719b7a62dac9bbd49be82be01100e6bf614f56bc1babb1158ffad925de03cb9496c2abe22f947c9aec47f8da6949d2b523891ada92464b1966c3a33e8a165c1d44294b116826b8a4c4dc16bb0152b04280fe95db21670af1c4d58bc901149b04d815df579b9fb7432e663"}]}, 0x229e) (async, rerun: 32) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async, rerun: 64) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=ANY=[@ANYBLOB="ce000000080211b3b5010811400000080211000000ff3f000200000000"], 0x1e) (rerun: 64) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=ANY=[@ANYBLOB="1000000008021100000108021100000008021100000020000100000001000108829eeffd2b121824"], 0x28) 19:20:37 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) (fail_nth: 8) 19:20:37 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000600)=@data_frame={@qos_ht={{{@type01={{0x0, 0x2, 0xf, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1}, {}, @device_b, @random="ae07a14837ba", @broadcast, {0xc, 0x20}}, {0xa, 0x0, 0x2, 0x0, 0x6}}, {@type11={{0x0, 0x2, 0x4, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1}, {0x2}, @device_b, @device_a, @from_mac, {0x3, 0x4}, @device_b}, {0x2, 0x1, 0x1, 0x1, 0x6}}}, @ver_80211n={0x0, 0x7f, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}}, @a_msdu=[{@device_a, @device_a, 0x24, "0fe86c3a8d9f1531e1dfedc1a2825bd85a11069f893ff29b6e990f20a8cf460dac486b02"}, {@broadcast, @broadcast, 0x7d, "f95b0d5dc8bbfd581624bf77e1d277b1a653ecf8eb24def4a1aeb2070bf68214fe12cb080abbd01ccb1f09288cfd454d8ac7d3d2026191953a7f1fb0b0b4f5d6a241d70daf68e689f3a35e16fe08b2f690e0bc8f2717197f5f0457ce51b9a4497d133e425481e0ed54025236b70258fb00460b9efef262b6bde36e7e87"}, {@device_a, @device_b, 0x37, "a57fc7f106021261f9bd1e679800c0a583dbf873239626c743d7d20e140c7187284e93b2fc12b600a6fc2f4242f5281f5f56cb8e804423"}, {@device_a, @device_a, 0x1000, "40c5d5208fe0e6a13cebfb11aeaf862948d673769d380094eb221e7da19aeeeb35c3ec92b7d12d8de689a64aebac283b6d37c9ec915e7c01aa4716d8ec81d260989116684cf90639a031d51d284a42babfe43f12e5fdcf12a8d379ad5ec8e5b633b9204d853fa69171272f37a8b4b67917b42e410c9613e8197233e952ccecfccca5d2fc72d539061eb961b7792093008c6104922cbf396a9e5405a1ca937b353886801433f5b6fc0e2173982def85ce9f1ccde2a0298506e34517ba7399d4898e366ba19abaa3e06a6b259eef55e448425d0e34422577cea94dc292c1699a065622ae57ce9ffd8fa69fd459b925d98629fe2d67530f69b8275e74f1b8a6835b41633c66f99461706088f730088a34d70c3c4a1cbcf07e5d50a86f31370cb6b1910a4e0f3879bd55925266a39687a18b7f84634ee3e1ba0bc10287a0111dad6b0a963bd92242ecbbbbeb5e07922370d65ac9cd383809fb9b14f9f46d282e0c5426308932df7cb4c8c3bd5318eb846f2e1fb3b4290dac8e7db5810f9b723654ccaaf9941c03ae196ec073833988db0cde983b3fe11c1ba48014ca01cdb9d267a641eddefdee391c02259bac1cc58a0a5d07af37276720eda120ec151546e0f690c52131ccf56c328fc1b362e2da7dc26087d484f5686e8ca541fb00601d0e0694fc3834b0751932263690d6b5361f7f990f08193e378b2e25a7bf1f345e11f32b40ce48ab7b9152be39084cc8f40bdc3b5e9a5e3dac05335f63c23eb5137608bbbc4c6381c23bb86f6352bad12bf52b1e4991cbf3921372307928792de76e5aafa08bf5eb7731746c08d4b888470e4cefad00be5a39790d7b3c000f1160c203b19c30ea5c191fab3886100ba31caf57542a99a7266bdf11a0eae23af4b2d970a5f20b466cfa3a3a74075ccbfa479b72c20474e6257a7fafc3b5d74c70ba5a3ca570afa48bdb225445b1e9e82918fc8d278a81ffc4fbbe4bc5d59f480be5ab413e1628fdbd660db15fc94f24becafd5a0e45f3633d6208554b01f49cb4afc7798f0659d0f7cba275ab5ea3b37a80b00f92f600cb606fae84d07a3c32a148b154b71f8f1c4d34ee873c461a584d23e3e092480db0e8d40098350350c2c062c8956b72ca3bf9f750e59dcb89602d0af8bf4b19ca80a5a7390a62bd25e57b3ac6fb8140f8e99a9290a318d04e823353c0f584aecef249fbe0e99bcb7cc5712eca6a8e53ea66b8ef9be96e033330179c94990fede64da74d987cfbe0f64142afd360e95e78a9dfa02835a3f25186d17c5364ef29555a294eb446fc768efddd17f5067c58404e0868673b6baf13dedf932b31976f3de8dd95d7be683ea65710582450b35714b3df40af860f8329b7339054d960f2cb510b69f48b67e0d8eb97f41ec90508da1066ec7c7715bf842e2490bba512ca453bec127022897560716c4ce857517fd4feba998cb1a96c2759f82c530e5c6757b7846d2190a8295c309e2e1974a5b479d9a65407905ae865339c3d24291c3ff6c0a36884f62799cce97e3c108dbc844d7bf5bfd95f41f293db1b9aba5f0b895a362025c1b54bd8f082e14446eb3552f6796edb4d9f23a31744b97c0b06c828b22713bd23fb4d3141e9448ea54f555b50680fe20508df4e9ac86c37daf1a97a296c3bf31259aecb6c7f6d3fd703057a1e41d15bc2214ed02f1644eb63e4b37d179a878276e2776bbe253ea196dccec8599a01fc40104478494974bfb0787b4dfe3b1ebe524f71f1bd1e6a0d01f9cb6c38374c45a46992c4abd2333266e0cd79ee008be69c402ced0cf4e87fcc6016c26ed0170e67b5d3735e8a8969da0fe2d27f99f978e5528749b4323ea36e92258465141e921f8159f84e1bfa9c8828ba9917b73cafaa53914f851ae263b7b32f760fee8b46dd2f54ca4c46692f4ba383bc4fadeba443aad97d253524ccee727f9ba6a76b0eadfefc66303da5c525d9334303df4e6f7482a27466d7a6811176789263ab1f63a3c1c6d6926ff43c4df06920dcf60f48ed67c50533160232335b32a163c3ffcc972a2afc4ea0d22e345bb1d36d683cb2455eecca95a0450f55f1389ee3cf8a226be4e6ab9bd5c1d33ba6cab51500e79a783bf13bba8cf8471f99d6f4f6dedb47f3f542c3788f9abd72f02221c66285018ba0df21c289e92839e3390ec7f668f22107ef40cbeb8814b064d053aa4b65efcdcff479ca6ee2adb98d67f6865edaa9fef4d5b001e8c2937dcf84f0d6707e131d876131e3e60f18658d3095a97ea3b926bf12157da9aa9e09c97e75b2fb01fc6867a5b53bb99252869c2258bb0a467756ed1601d71e6277db4ad9d6522a148c9f55285996cf6bbf3aca8dad1da93455ffce6b08a80314cbab2eb66f520714a359ca5a92bf11ab05ca0975b69bd1b6e9a82e5a58e04eb0bd923ee58cd884e9c081e2021a7f2fe5181a6aada74ddc4389516902040f4e1d51151e1aeac6f68cae1db8152895e063662391021a1e24e3eca2588a8b0326c4d338c913006032d2eea0a2c1af42e5ce72c0776b416398bd4822d9700f3707744d0dec6151a94f78dfd59972ae650a8c1ef07f2c29edac48a60011483ec33e2e922534da6532a51c2cf970e693ce6bf5c38c493bbc2722b5237cb04b0d03161876f933071e95346440fa53ad1f0a662877ff1f8cec45ca0a68b13cdb033fc5226c62696fa2f1b5822ccadd37cb3315c2d00901ce3eeb70bc340ef84d7674906bf4e7f464a5645a58dea9901ef0228b67cc7fdaa5c55dde4df2d2ae95a7d82940f6a84dc6c5638676f99382ac7f8e041b9e2f11d98c34439396bf7d48325824f40af24eadb0879b4bb70cf4dd68dbb6d02fc78db17e95e55a306fe48fa897891cb1578cb1de112e6dd053675dbda20659f72f6a6a77c460fe6a18ca9f0f4f141303cd724bd9a9a04a02a60fa306af7c16ca3f458b44203372e4c3bb450e8327ddc7c5ba344129d546c1e2f14d02cabb864d2bfc28d0430dec10213b335e22692968b4af6b021ead2441c35bd10e96ed3f515a3341cf15fd278647e993780a927ad9dbcf733638abb9d738a6b6a6722172dcfac95ff500cb5e81209f8d38b3f6a83fa08df1a5af6a83dabb6f29315c84a8d182178a0d2408137f9ebca69b99cd297195fd4f57c15edab65a7863d1606b7cc793cba681cfaafdcce7a983839ef17bf7e909e82cb748d032ebe7d6df01c4e32ed57ffbca5abbf14a8677fd856cf0817b5e7efc0485aa89b4fac9764eb9438ee6bacc424cb0c71716ffaec03e0b52c3ec3615f743fbad217f4d1be51e3f342d2d6d7a1a98b5ed2a9c6ca913b354cdcd2ce8592f513bade1909dd9e3daefe78e0058c7d553660dc1e8196c7d50298f8fbe163ffd890316fb8db2e2eb7543f0dbeadf20f0ce9adcf5461a346a09150b3a4d3ebb84ea1e8edcfc20ba98f98297b16b5907f861e38052b9e980e479e5a0b39811d42e919a1df857f107325ca3a9b93589db4a19c7648dff8b077d2d4875faa20489361f4288480ed24bdbb102c244299121ea9522ccc78cf2357ba39683d7de30026d973651d6c7a91e74b69960c285f8b847d49d747dde2a395e4b6f6db8cb2339256024b39a9adba4681f10d3bc015603435ae2d39c5c6290714e78f93a37348191a5d226c1ab98ab2e4e4227f1f2fe10a12b868e43e0fd964e3d42343f207b1b2ba13401a436914912ef6925fd95b999d7c53795dd51742c817b640b98e68d09a6e781d4dd155077291f578387bf2981b6c1e90180145851f23b8a57f4a85c2bf99a6fe5df9c56be3a1a852bd57992ca00a41e9072a0b865c91b215f5e77268e4922362a4134aa3682af356beedf9539a5729f862d1993256554c6cc116ee5f4de68c6eca5505b5d15131b88c755d546594b1d690f90f865c3e5437d9c1ff804582341dba3ff33a8dbedc4095fd2a790f76d6395d2f667375628ac41a06213e95df73e204e384e546bbbcf173e3ae2ad47496838323857824002ed3a4552ffa65b05b8bd8af6d4c661d2b9f4c1cd02da036050d0f3a8541b2fcc40be1edafbe73d587457c02ec7d4755001266214a076e6855d264c2aae8ecf7ee0eaa05b13b69e5d6fc149d81aea7b3bbef2f253b2cf5656ae98eaddc310b535711a6fbdd420c4b16e0b80cd303d6f316fb884622376c4af8799824b4569718fe85357bed2c21b3b520021107a9b40b803af60b73efbe1af30f8135ba02887ac3ec429051e92c3a8899b14e0fc7e9aa945a1b6f18ed5c37845bc32c084c6662b1e55d50611593177d9fa662f4b905f467cf5e9f527f1663ca393958d7f1722c08e78a170a7d622928b5becc4fd9a94fad26677293d5d03255bcb20da40cb82b330c9b942c419cd8ad2b1460484323343c43163d674e93b7dd17f4a7c2b5069f75591d2f2d06f723ab226989dc7c9d2c82c0244179343bbdaccf135eb68251fe4bdbaf1864ec5d70b38f7c127cf16aee0529decf75e571080300c1dac688c39f435f92a27d44475287d70438288f15ff85d620d6dce754b4b40b1eb7e637e7bb265afd8007d4e17f8b12ccf13945759dab4e5e91158aa8853d13051953dfc17a5c49b96eec1e5e262830e0e63d3c947de2fc5835386d453ada909b06c31eeb925003a4a131c8870325e2459897fbfe0ec56f4cf68d011fe50084c9a1e9514ab80a6db6c0f8370149d67e5c740c402c7572b7c5737aa4c49c219b87580e963ef5ac7e4d45c1d1bc6ca11011c7c3755df9d3cf81f8f891e64eaf4e1423e6a471777c061515bdbcd0c7d59757f7d25073d2e01b5637a83c7ddd6cf851dffd41ef27f0acc645701f13af9fb1b29843fd3e1eefcfbf5d434950f3f446b2f18aa0f199b1a97f0eb9dba5cc93eba03f273ca5ef2e8f6c62c02d8a5c5f87118989eb7be9fb77b3d09550bcebfa201e0b352d9ce7dd8c8c3797664d4741ffd577ea164d639c55540fcc8f607f8141b086c7fb937d697b7ee48be173c91fa6debd27388ffb8f99e8357734b86c1b82ad7e0aaa11f29de859c6e89e038f7cbe06f9ef2f14ec93faeb2a22aec4d51502a5c15bad5cdae300693ab0a642044967a4068684bae061b558275c96ef5d25d2d9871ff840c34fc7ed56332e0940b8744c2a1429e80fef211fe30e9ba963ee45a118dcec98e946da957784d410ab011ee02fe9548c8cba7a2260a50a55a6832bc491b996818c4e681f5a2b5041696c51bf66a50c28711b8b53eb9ed0220e2f18a70b34add52ddcc7e6d64d4d9372e4988372e42dcc2b384bbe9969c751257ec910ee062707feba1fb93d14c10e69bb0d8ec49d971bd8b37ca4f123e4e6f0d6be12526944f4428d6b14c9f54d976380432c871f8b8ad6ccfc2dec38d3340ba013eef74c3d2815c1b060c52cdbe96c673a4a83b5e265485d8b7851abda1d9e9239bf304f64ccb02ae28c00a4cb23f1e81a2bf9911d17a914ac6f55491edc7a352a4de1332af2addcc9fa8094a1d1b9fdc0e9aca5fb9aa0d6f4691f2eba213f22fe0cd4160238ad7f3c279ce42e70a9e8a7f79a6a17a4a346fd9b8dae861df7195d82fc6005c9ff448fed9d1579a687321a73c337e88c3dfa8bade13be7bcf2897e1972ebf2f5fc30ad745c7d852ec14c333c9dafb6254133f1dda4932e15691a3c8055d36800bc369e7356c5e794ce1dc0990e3fe54f08ab7055394c2870ae1b6da5c2c1cba60b9872d9e84a84e8db3789bf9cf36adea5fbfc69de95ab1a2b4f307253b3b56ab956396eee19b32f9392b1ad68e2b827138d8590f615e9c7d38c75357fb142da32c4d9c30fc7f9115"}, {@device_a, @device_b, 0x19, "9568cc859157ef25890054aa543a890e3f5249a71248390fb3"}, {@device_a, @broadcast, 0x11, "3d76529c3168237c4ff71c54d0dfd3cab4"}, {@device_b, @broadcast, 0xe2, "88920cb51ad3239aded39f7fc032aeecca86a564a4ba8f395bc9e695337c6e297a3a0285c33f08a575ecd6419712af62bb49ca74a33f4d6cc6a0ba193bb78bbdbf5d7e1d10f45387566c5a82dacc402e52d508082e826e90d16fd4c098a489f6c1bc9695278a3d91677fa6c79aa5fe4cb2658ff28612b8e27e9e26242a4c1719d60bada80899d91dcffdad44aceea4cc186fc5e78c86c8307f3ee84f44ad888bb6de2d2b72c391dfec3d2a366718fd0a2f514c2d8a56ae89e5ca3afb39feab6d13346b2b5c7244372e10b49d306cd2b9dbf79dae6f4aee9f81da0da1aee4adf45c43"}, {@device_a, @device_b, 0x1000, "778caf8702fb07f8ffb676d427fd9ce6ad87810001b13a241e8d842988a2c5daeb97527772ef4d6ac004bb40182772bbad0dbe7ac7a3750cfeb19af247b0b157faadbafd8880a705f6007441305716b107acf819cbea73473c8c2e5af2d3bec05aec49d43a8478f561992d06ee7109b30745b6363a9be2fd561821144ed74a168d0d1a51e87b6213efbd669b75717e8969ae2740af6dc8f644f294b13f614a207b2c0326da59a2b30ff6c291e9c166846801b5b095db04dc4e68d6f0b48dbfde72dcf4b307c34aa7029ccbd4b8765e53192383b542886de823c0731786b98b04a38f66ee5b1df98dee3524198700ede37c26ed096de0b9eacc8b4008952156bdd8a1181dd4dcd75ccf0db423e08ee82b052c7fb7ac3d365da395190cc30999cee0e6b39bd78fddbc965666de38ea016158245ea6cf6e047a0eed52587014a604d1a6f439935c0b42928f098918d0b105024ee7440cc8d3f0ac0948ae50e3c3e430c9bd358f1d87a4b05f087e520f288fa02eb6fdc27ff1f8d7ea2c39bb09442d4ee61956b5fbcd91ea209fc779f392d94fe9d601e61cf7d03d6af8692139b1872fdf9bfe81477f7759003c5f25e3a0978d41ccbe4016112e71ce5440affab5ba0bbe6e10336fa7450aa03ddef8e30f2d6e444cc973a068d49ec459616ae0019be581a22a7cdd2d6b34d626030a0dcc44e7212e8d13856910a6c541d2c18f9ac7014c239a4d19cf5eb7e5fb05ef22a71fee57e0016c188a60e886ebe24f52517a0bf169aaed14553468d3e766394e5f4758c6b1ed96108d8929aa8bd209945c459887351343ffdad633e9e4f006df5f94a4528001da4141b936eed2ad1892322892b1d6e93f13c0d3a723de70abedca706cb1c9bee7c942a5323588912117ea1326f2a629ec0feab1fc932a44612ec4f13a0c60e0f92b07cc428513e6772a4a8c870ae65e818e21eed1b1ab28c037eab83327f866e8f48ebb04885a2f33e4a4fb83d6150742b90b73c79ed443b2b8aebdffc2f5a9ab166dfe5d2cb48cb543f99d3a89963444d6b45791045fced3e8696b4a0cc2529745d4725ec9876664542d4770eb4808e7b638790769562b93281302c9b7fdb97652f51dc68dd5b093ae001afce20ae8c5b6bf8cfcb35aa359ada56b9d8fa7ac325afc79f5dbeb6e20c55202d7bfb50c0b909d7cbf4ec312d2f778d96c8690a2f4fdeaa76273f279115d9d3736bc6f54deb19e10c6eb12b33b01bd37551268822776716469c030a17944bbaa571f4da04dc486d9fc9913c17c2278423785997597f189f89e4feb9b59073295972f45f43c056d9a5b4b0e2bb628304cdb6f4ef326557ecdf71a5ffc0b841c1a81f15c888370993f1b0d07ad3e5b74442a3ad3d78733b1e35df4d8904cf6e6fca41918aaa479a7571ffcf32e7f471d4986108b7c503ba7f1c18a6e80088470984ae50a449916bd2d729a29ad4905ecbb883da9881ff8e4a9475ca9052649e21ec138c730281d9700bd036bce93a3db6f5f48ac7e882d8a5d505515c4835a498bec40b9248960c6314f1bdef57bec0a3a24054dc89175a14442002185a16dbe79259021debbc35ca18d5e79e19cb97c8b8f16bddc6d68118697b2cd61058d7bc929bfbc56967daad93750276aefd98b1471080de4b0db4daf83876b1c56d86810ca6c98dd7572c7bde2823ff27ab89cd7e818311f357ebea4892ef927bee951c2feb1598e07e72826f1d68a0be9d6f588cc4bb04452c515cc74a49e28c4286f9a37d063c0e771e5ae77883839be11e8200804f911d6ac45eadc33e36a58c9d4a4536d6e0c0a722a78a36db22eb8f23da4bf434cf33828d2c1b6cdca5c92ed0070919d45ec412a6bac481c9f5cbed407e2e1b6e17346961cf52c728f21118d4015f9f57cf0553c851c62b024e8adedc59497af9250695dd324fad782434aa9337b256d0e347ecaeea9ae982cb5aeb56f873122499731b1e1222f620e0c8f9cd4796e9afe82922df50e3af156260fabf81958d06befb193f69fb522be473042dc63d4261418744e580cfe46993e13ceb2d4965a0f8cdb601a2a30d4fc515018f0d293586d0fd1d48e858f9be234287b20a6d467338004794b91e62178044fa5804ca719ebfe08d89f126588651b4b3d6ba620d046fbb1716a83fd63239240f1a780504ef836174346a135eb5f99938916b013a2609562893f22920369beb3d40dbe951ccbd063d267eecebd7a08b806322aaa6475cc1ff30ec9a020adec52a4d1abfbf96185eceeee3cf21fa00f692ed6c6258472cd2cfc2e47a6d0302c6d1d85107aa2f32c67268b45bf2385cc483664bcb9cff62d2c62743605589e52fe91d331bff85272b5c9b19e269a31a2b06b0c33c11a1987b01d8b45644fb6d9815936e55912f5f55077c446bb941839333a7d016821eea68d16939a0d1fcc3babd248d764b839cb503702a788aab5980acda37fe95034da78e25a26385dfde8c2a4454a6691becafdaf5382e10e8c68dedbb9f255b5fd9cda5688229ad0a4bcf3b34e3513b8aebc6d792e4c053d559e4addc89099816d2eb4d6e7cfd02f131d83e44c15616d30687c8aaf31f81d0e5294a95dd90a46601d96799edc926de63f3127a169fb0e255d3e04a18551d9596bfe3bc5daaff50b373232d8ca6fd68af9d83ed32a3494917c3f5674d1b459ffe91faac14553c6952c543ae84113898018ba49a6f65afebb3858980fbd52a5b45c270573b4e8a16c9908d1bfde11b6bc4230f08006293e0a6ec4353aedf5883863c747edce94ec625f53239cbe1e3ed762e367b6a26f76556d717cbf413339d47af01b5979faad4f6a7c315a310997b74535de46111ae7d3c7076df195178e840d94babd9e1bd1816f5df44f08a59f55bcabba3f8e1869cd72eb32638669330eb88aa687e5902345891d87a35f21028ea6b63bb05be806903f03435b776bb2633b99a38b217c95ed35e1c81b965271215ef715f604f3f54469f5358b0364f888317c9ccec13a4209d6cfa8889ee8756b9a5da6bc1528a82b227b78d30eb6ce701e83efeee7cc952af3067f7806d51e18b3be2c6957621e96f8febc28b7ff8e92381eec73515ad0cadb2b6661afddff920700f8b06fae49275887f60db1feb2c5257107b7a68a9b0c376af27de1be26b5a6814d5767708718ca85df685be2a40a209948236f7165a382d0e6b2c499d18cd30bc44c19724d2004342ed080cc3a3a67b14212072b336f83e592b255e4ce670666cb9f17b010c7d1e7213b0a9cbed989f728bca7af07105b887fcd71a5356fba8ad27dec9dcaee95c1202e2c0ad79a99745aba99ac1de009225d6993d5689a26dfdeeef1b23a60ebe4344afca4dfd9ff3ab1074bbaf1921ec07e5725d309b47ce4cbd2e27ae8fe764ffdf58edc3e13b6772536559696d7dff86348a43dc9ebf303cf045054fcfda77db6b07123e370ad5c1b06739dc33c2c719c99bb25e5cdc35fc0556f5f7f2d09e0ccecb389376b9042c5d26065b981598a5fc17d8788ac9e644431eb3b1c184c8ddfc4323bbe10d4504292ab2e06b36d046e217ce462bcc469403e7e6e2d9efb1adfa3056a4d2eb3d87f7935badee628d6f30de137897d6a5731483b4636a133b91f80a8de1d322f4d53993403136f1af484e059487421bdf1adcb2b1e057482d847c000ab7ab05fd5e44c789aec356bc61b5238c3c11dd078ba6bd58180e5e87613f381215a752ee09c7c09c333aabddf333df09cfa9b84ba793f20b588637d512304c059e2c13e226cb06305bf721cfdf25d16906ae5caf127811f5b26d5da2354dab456a10484968ff080e54131df6f994d03e2454268c35220fa69e12c3262fda0fdb3ad164a602d818fb16856fcb1686bd528f4d1c836fedbfb0990dbfdd25e6d774bf8a72f8d522cfd80650f1fcb06e699505371ce01ba9af5cac4ffb1292d25200a769bdbb0dc91984e3908c9627b8f8005fc552fac89ef277fe1376e1fe4a40b94fcafef720fd8d3d7526d0b2537013ecf93c3b37ca5bb0abb1cddf5f95ddfc3fd5394ba05151d3d91c18744688a0c5ad2374dbc2422fdbec5baf16999969c1e73fe29ce128bc29708f004ca7a2968d74f8960dcfa80b42d198b0492df1b3edaae768392ad7721ef27c5e3ecfd1e94aaf6c89c4c11a0594d2df355343c2c1e68ee2b045924acc12e3d3c30f7388ce8b01df1c7e4638480a3bb462d1614ba96f2e2bb457c19ca9edaebfcffecb0b9227407682afb15320ffc78b0dea5faa6f647133cab49ee6d547191e170d4601a02aa4137ebaaff92a280fa7e0c8dd57c77097cc100cee9082e37b806f1714ec2e84a06d83afa9b054cf0187c42e8964e2f18b8708d97f47eea54e0003ac2cde0612c94409b1334a3fb13efef9efbeaea693cfddf6814f60f50e9106f89e1631ad9c426b917fdfa43938b6a2fbda1240b9076a800eb263b9d57b89dace3c75ca778d3a8f16881ff5ac608cea924bdeafbd146f582b9ad2f93b4b74089a5f916c074874ecf33754078a23ff59c48bc34bd1f3f24a62872305d19f33a635e1c508e64e2290bfb7c13908142ae2224a60a2b0e090a9320a781e08e44d766040d4951aa33ec7e40fff659eb53624f795110b47a7c56c8a74d67c69614bbebccdc9858bd87b2f8079c706f8caf9867bc93283acf594c46bc8239f01388c22b5e7c262280594fbf2ac3210a039718e538536eeec09cf81d239a281d95fd586f78f3500224570d8939c496d07af4e5bcfe0c203b58ad243b70296560a07c78fe0e6a01d183ba8f6fad6ace90041aae1021b30e893be43bc194c8da8cdce1c472f9201db38c9573fd2f97af2ac4d799d41a02ab01b20cd057e0db90d82d9d5b3cb549f5eb3aa0dab8353553eb9d70d41d7e9f56f58372dae28a398a5db534017de1b0464018f17771624c952e1cdfae2bccf8b3ecadd8e053d90d07d6288933b2ec9fcf73035e936a6f1a28350da7cfdcf8e428882b59a97011ed7617491319463b766fa55e7044f315b8eec113c408111f0808b7c0acb2b7512b49319dc9ebc85ef52010ebec4a132a2007ba93ceceef417236bd156315943b448ebfe4ee9318d1e90d9163c704231839cd37190dae3714739a474a3794b8d32831ea410bd555905e2723e69ae410e66fbb07e09bfa858ce3e678da007c903d9773fcc8bc21a0817075f7d341bc75bb30ce267cf55d065b906f4ccc4506009524169a7fa5d8d496e8e30c2e474d6c6a147e8beb1d8df937a0345e27378042cc2c45a3d4aedf5dffe2ba30baa92cf2e0847c1de92064bf1f05bcd6b7c1f262979ee9ede6b98b91f2299f2bc055c949d4d968cedff7335770d69aa1baf9e04d189faedded4d3175d50ea49d0f7a28dde5516619573faf61026f348fe583176d65461607b44d27662d6f976d99eab7ae3365bccb744ceb106e69202f1af57f6bbbac0095ff6a35d2fc8bc4e1f001e15593319d7a12463d0d69e29d870db990ac7080ff634cd5f97a14accc58cffd309b554397be9ad97391e9b899f67c32e0a1922060ce90a3c65802b30667d22abfa6545ea17694e0a159f4f05e3693cc5edf0fe34d6324d564d6faac9293a4d9ce40c42bf4908e6461d6e1b6233cba5382bd95d0741f07631b9b643971b719b7a62dac9bbd49be82be01100e6bf614f56bc1babb1158ffad925de03cb9496c2abe22f947c9aec47f8da6949d2b523891ada92464b1966c3a33e8a165c1d44294b116826b8a4c4dc16bb0152b04280fe95db21670af1c4d58bc901149b04d815df579b9fb7432e663"}]}, 0x229e) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=ANY=[@ANYBLOB="ce000000080211b3b5010811400000080211000000ff3f000200000000"], 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=ANY=[@ANYBLOB="1000000008021100000108021100000008021100000020000100000001000108829eeffd2b121824"], 0x28) 19:20:37 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000bc0)={&(0x7f00000009c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@fwd={0x1}]}}, &(0x7f0000000ac0)=""/235, 0x26, 0xeb, 0x1}, 0x20) [ 2259.524021][T17335] Bluetooth: hci2: command 0x0409 tx timeout [ 2259.553928][T18057] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2259.611261][T18057] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2259.662837][T18057] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2259.723477][T15172] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 2260.084570][T15172] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2260.084593][T15172] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2260.084617][T15172] usb 3-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.40 [ 2260.084633][T15172] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2260.085911][T15172] usb 3-1: config 0 descriptor?? [ 2260.574774][T15172] zydacron 0003:13EC:0006.0010: item fetching failed at offset 0/1 [ 2260.575021][T15172] zydacron 0003:13EC:0006.0010: parse failed [ 2260.575037][T15172] zydacron: probe of 0003:13EC:0006.0010 failed with error -22 [ 2260.776011][T13310] usb 3-1: USB disconnect, device number 21 [ 2261.603605][T17335] Bluetooth: hci2: command 0x041b tx timeout [ 2263.683484][T17335] Bluetooth: hci2: command 0x040f tx timeout [ 2265.763350][T15172] Bluetooth: hci2: command 0x0419 tx timeout 19:20:54 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@ipv4_delrule={0x1c, 0x21, 0x1}, 0x1c}}, 0x0) 19:20:54 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_int(r0, 0x107, 0x14, 0x0, &(0x7f0000000040)) 19:20:54 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) (fail_nth: 9) 19:20:54 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x3c, r1, 0x8, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_DISABLE_HT={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x3c}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000000)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @val={0x2d, 0x1a, {0xc, 0x2, 0x7, 0x0, {0xffffffffffffffa4, 0x1f, 0x0, 0x12f, 0x0, 0x0, 0x1, 0x2, 0x1}, 0x1, 0x1, 0x4}}, @void, @void}, 0x52) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:20:54 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (fail_nth: 4) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:20:54 executing program 2: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000000140, 0x13ec, 0x6, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000200)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 19:20:54 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) (fail_nth: 10) 19:20:54 executing program 3: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f00000006c0)={'syz0', "d032f3cdb128b45aedfb30f48db799c88fca20ad921e24b2fc7f0ba6af476d9e499c39f66310a8fd86234a69eb3b1e5e868a0db702f40f6adec76e55cd2cb85f373a35fe86510e8a8396dd2c89683f55afb405e3aeea026aab00300806af1ecdb5ee00dfc4b9dc018d1ff5a0fa2e9d872b37052e4c83eabc612f1fa669ce8cfbbafe32af61f5b36a44cc4ff712fcbb1ccfb592e5bf255189390bd6c0ae9e5db551256f74f981dddfc83c8c524cf11cfe446dc18a01559a56f733c6f36b7f25c53585636fd0eee049d170d66b09046d772e09894982fa7ff46b7dee18b938068c01702f7b04d22d0e4132d1d62062f53247702e91351ac7472e67f1a24f2f8a2ca60563662a2180f06dc5aedb43d5a7cd0edbf1427b7016c220a36a4ec24cf6d0c9d7a5f0ed924620d1b59dce151f3196095fed210ec1a103a36ba39a2d830db2774060b5b961c4d17e79c3a8684244f42d471d78e7e5583ffabe9785f10b08339148fdc4dd4661d32f98d5f0507d27c57a2a6abe14a877c979683f83c369ec97a73d22df9a382ef1bf3532a9b11b3a5b3f0c7a09591af3daaee4399704462b23c6c5a2d9c778f904e3e43acd12416b81673715f20056bdf2956521de3d5f47a231b0ca59fb93e1e3b4e07fac4de940e3970c7ff7111eeba47886fa1387b613aff03d05199721dfe58398f0b67aa56ad6f29ad2e31ecf5f002765ef72fcfbb2fa86d6482c3eeb6b4a4236b674149c21f6a3fd56624c759dfa79e5b9ed2cfdcd54fd8c39946f209cc3fc95f2e413e22f9fe75bdd6d70058224b7febe59677f11ecd12dd5e1de171cc67d558b05faa2d941e821bd720ff0434b707f5ea698b32515272115cea19c3f463b2ab2253c8bd497fdb1f58fe201f85d523a3f8538bd1b7062b420cecebca5feedc4d12bbee1c87322b4f425d3aaa30cb82d8bffd5697b7295750a005a68a577708b11c200449cdad7cba851c3cae3a40513ed407c310e206f6717d9acdc584a118b051c0ddbe672d937de16dde5504213d487e87ad9e5fae1c9bbe1ecc5893070c77e0d1043d2e3658223c43ee8ab18f05a599e55d85bbbfb620fcb64fbae273cb3b83b6319f9f66747604a81d842637d082a21f33961567c076d27512cbf6f6a5051c2f29975fc5d87d5bc8fee150840ebaeac1d1a6f300f17d6e1409e13c35788d4debc5db2595cffbf0bfca55e4a2e6ff8da3485ce80464b88e8938fe1b1101f5aa17b408033f11863913fb85e60e9a5787571335c9e6ea3a2e3222921c913f00955a46a5425d04fd62f8f70bf4969905effafcc943fb3826aae86977c21867cd5f3411a5ea9bab2eef1e6b3a79f35081003ce08772d23d48f8597259d123ddb043dbda4f6894ada252b8124a6d2b3510ec986f9728db0fb16794e0cd70f78457d3904b53424065cd315fbe09f3814a95f83543b6698a8075ceb3c38ed8efd2a276ce0c05ac3f311550f2222ee448d5e92f69aabbb2aa731a15cdd63bcf643fcb5770b331df963fbff7f463cd138f66564d8780649653a62a16ddd6ed398a131a1295187f061cbe2faf5b19f9e3b2947fbd1d96e573930a42cfdf668efa181e4e30c77557b727d9caed45e318a5b96c90c869f49947ec02aadd2b2dc7c5bf6dc8a8c57a1d244f94b1012e8a44dd9c7d24970d5b6562652a631b446ac363d9ff49659a1880d7c6070f4799fcae3eda0e4236da7672f85cad0818f8e25f9e2cae82e4d8ea2a075df186471878f83f04d7c603cfbd914593e6ba8f4e727229396847dccab4e6d9442a520e924f219903c034553a37f27ca99115c2d7da05710c4256c5fc7f0153e64515920b51fdcf2a1ea6ba49defe0ca2a0bea01ec7b6cffcf937b9fd1811e946186487e422da5d0cacbe53050f02effc31eddeb44cf6c41ff7472741c4be9aee85d27e0568987c3f3facff601ad43ecc4daad5ff060c7dbefe2825fead264bf8191eeadd638cb6ca9ac06d746d9acf879ebc3ff011da1f4abe88bff201445f20696e63dc0c7e4bc46a488a7a6c6d1e25bd02d50b0fc68a5619cb006ce8810b32612b12d5aa5f764ac97cfcade700853c8e8588809807bf30cfb859ead289b209e2e61c047ec86e388425da081ea400e1881fc879aa95996e156d104a64ffee5a8149b3864a7708c24f5842c98408d2017ac53a781a1139f0d12f7876d0129e17d870343e124408d19d4283a673f1e3913f3d7f04553321acda628294894792ba450366c26924d2051de5c0199440fcf9078ff978a193c1e154804e9e58514355b9633d8cce30780eb5ff8c6b082e391b645486318431784ee1b66b0b75c7036fd1ae9d081dea4543a82d81d0aa5fd0cf122edcc11932f0f695f23110a63d20ff4786a093bd256975a10c00405697a7f55a703c4ac946085eee8cdda2e97289dc456c5def04f3891ec5d6e8a7425c14058520fa7954a46784990a447205ae286ef76bdb6ba93db12bd198125e742a65c4b4c00139cc3477cc012ceb541542e395a2994e52be88320682bc7a6bbfd75518bd9c9e2e59ae50f80ba4e25b4a5bcee900c26f271648eb483307f9eef9d87f3b1ff169168db070a764822b7dc07b5fe5177655f80c8447f962ee223025dedb7974d441e934826e3a4ceaa085006d85174b1622489a3a979225b9ba7690d50ae46b8c4b17924f4cca658bebfb7c6c148e30f65fe83f536b96e59bf04a097269b41e81cd64ceede74e7b522a99e293a5f9239a02ff9b763fada4e8f74013862962ed164aed9a714560ccc85dd4fee1862dd7c87594d33585380bddecf877184ec7772b5b53eb82a28746fbc585dd9e542d14700e6e061b7f0254f67ea20cd535c71b375bfd45b8887fa4918a1392d34acf23289c1da81808e2049ba757b13368a09887a45e1948ee4bd1931952ecbb19b633c072387dcff92a750852d96bdf985d7e8952f73ec589baf09ce2dc78bbe262113bf5e7eeebe904cd3e8a3a21d16cd7f4efe0009d95f25d668328972004295cc3285a9c603d44ad929fa4348de26f0fdc858e4c59c42b78b19e308a992efce354afba5d6bab20da1cf9226ffd6ffd43cba00ab52b50f045f9783089819c3cbec78544268990e305244b7bbeeadf8cad892d12b4935d57942de3875fa166ebd2c62a93192e12800b50493355f337fcfa725df9f9d65b7466fe76e952cf8a8810661433794e30d65ab4c8cc7fe5be5d665bf1311790f7020504860724ef3dd47d5dbbdb1922af2e398bb4d1d0bb3ad8953f6f735563b076e76ee23e80da3b0fae0cf676a941a267b422ba4a5bbf00b09ee72e49d6ece5548224b97a6887943e9fb959e4fc34fff15b4302eb6706de70a7222265c22c66b7fa21b882af7d15671f714332ae88cfac8509d0eed87e852cd6f95156b43ab135505274eafe905cdb7fc23bbca495351c6e70bb8d2a63086a0cd4cdb6480ddc42855c3866f2eb4d4514ca11a81739735a53242ba856585d15a183097e78a8f7db3fefd4d07c2c6fe6c7c3ab65acff3aef7d4dd86a1834bc4b476f013235686adce5874c44afc217c63df0c246394d41f26a02eeb0e2d5293e96922378f257357f51acdf62bf039bb781006ef0cc8dc094a6ee0bd62abb1890b183a8a9758a780ffaf1d989d0b24168a05db4f4568ae8e872c55beab5a9190286d9684a623bf439aeafe84017ea132dd50ee59c4fe25be7a988a36b773dbd5b59c715572aa4cd6f95eccd268e4a41ada3cfce401dda3548bc85c90043e2d5c60fa715915be7771b8e282333db93884b50a76b99c47433dbaa58a55e56de28aa49f92532eb7a1ef00d0b6387f5d6457a8b48daa59533f6d11fc3e67298c4582549f4ba2235bd3bc0b0e65cc2d86a81b9d8d9ed95deb5fda56dcf94195e6e9b7fc35d51e7cf712aa3a11b7e62f347219f9fe7196e9dd08944e9eeb9ac420fbf5b81de0b77619a3d87fbd24378427f11d7f62be65a02834a4aa39d288e4d9e804930ae13138429e564c29a655b878196fb66ec26b1d7880a735034353f8d18bf3bdb0e57aedaa20f5fd6f9bebeaa40212978ab0cd19893024eee677c5835d6477989d63ffd2d46e450fc3f8fc85ab5022ab915a22e89d9d2f6eb5aceadd1c912e6ed034323a3ce512ca7aec459da8ef283d2f61dcee2fe5f2b3e38627ef2dc4417228ef14276b9c8c5f063d30dd5eb0cb863a3ee1177eb6b7a331fe6da8ed456ecacadaeacd1fbebe102c85695efbe3b77968d2768baf559b0da91c535315d8768b33a2091d08feb5df7e2ba92a9bb3a0b420f09f67d048d89145ca8a8d60bb13e745dad517c7a230ea12255ac978f54c425a37612b0d4e490bc178a99d09f84b36b0f9a5ef30a6e7a3a786da4babd85580cec13b002bf1952a2aaf48d9033dcde5a681e5c1a3264f00aac88e4f194deed2cad4490fc1ca46962c5aa9183d37ec7cbac13ff38de1253fbbdda3b5bc18dc889e8c70c8afdeb9b3ef805ba736345c3be51bf17b8f1d9cdf8c4d4af601331b344920799be8cb6c3f1f3898a02f381796d3b408ffae737fdcb16888a69060a2926081b3124c2a1724ea3df5a4b9346668f890b18c6454b016700367514d081fabc6aedbc870744a876dbd89a78c5744b1ebc2e73502200d7d8fdd5a0c8c998d8102ec3f506145b85b6ad311160d25584046741f5609bf48a8477d49e8f1b763c774f033295635b32d29794ee60efb49ec8dfc5abcfeca5a57718da530452596d9d48a56904f0afdc49ce81cc03462d48a55ed3e3212d62ba7e211de7c4b1d36cc563d6bc3ca3875edeb448caf4a0f050cb2824b62b3994904ba64ded1095bb64f3a1f626828318c5e1144c17c9ec0ace769cfc5b266052ae25a4538d3c0a5ebcafd51386afc3753a022df461b81f5f0cb19c40d24bbdec9dbda0b233ca341d0a146a1ce922fd261665477ece50a08f83ff6605488809139da1de6c2a0f5dbdff7c31a784e2994c365c25ae084e27b76f0dff8e917ad833fc473b35b3197b5947413c7b0171af4d3f104b7cc87d1ce0cb6701614aaededa5bf989ab16fc7d9ac927e278b9d0dc06279a7b426372d60812da15fbe53e71546e0b292d749cac675b1be03870a129ad80374c5e1bb08bbb0c97cdda85f8f05ea7bf04613b773d516f57bf5540e7aeb6770716d9e3f375f047ca62c543365fa228712450e05a497515f4414ae59b1fda50b7c6401e8ca55916748e00f920f0fd434e5ec8f6d54f3417aa8a5d0f1a4fc305591a21e3c108e8a914ce312dc914b37fd69b02f5f6870c7bba063d3ceee0275f6368424607390be8a6386955b7354121d43f72da9fee79096cc662803673945285b788ef9d55116c513b596076cc67350b30c50e2b7fdafc0105993d2e319c25ffd0c548a6aae4b68281cc65f8a99d1855a8c5d5ce774606c37242860d505118ffc8e3f6aa42d42a4222fb3f0f2bed6d37d0e05743f4d0c48dc7d272ec8319cb39e3b3a64a00e786074a6388a2a201868e0ced16d55963db2b5bb2e09a44860544f015c21ddcb155c699a4b5ecdc393afeebb5590f69b26796dda55ab6818284b00612c1d00ed83df5c9fd1ad240b5516992294460e602e65f19f715f9c0cd4711c02acc4cf297e9767e6d8e2c7cfa31366701f6a59475be1cfb8a6dd1506392342f55f7a6e6d7d7a3debc5876838062f5a15562ebb2adff9aac5efbd8d00b324610573cb6aaacefa6692198f09911c9f6d944c4e9ec01c14164c1f923ec0679630f927d2d7a8c9c9851d7d4fb0acf59c6a2048f7cc"}, 0xff1) write$binfmt_misc(r1, &(0x7f0000000040)={'syz1', "966f48230c846f04719ffd82"}, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x4000000000000a12, 0x0) [ 2276.349188][T18086] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2276.365377][T18085] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2276.401806][T18091] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2276.422646][T18092] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:20:54 executing program 3: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r0 = getpid() r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) ioctl$VFAT_IOCTL_READDIR_BOTH(0xffffffffffffffff, 0x82307201, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{0x0}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x10000000) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) getpid() syz_io_uring_setup(0x0, 0x0, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000040)=0x272) [ 2276.466243][T18091] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2276.480423][T18085] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:20:54 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) (fail_nth: 11) [ 2276.613501][T15172] usb 3-1: new high-speed USB device number 22 using dummy_hcd 19:20:54 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2276.672732][T18100] FAULT_INJECTION: forcing a failure. [ 2276.672732][T18100] name fail_usercopy, interval 1, probability 0, space 0, times 0 19:20:54 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (fail_nth: 5) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2276.672760][T18100] CPU: 1 PID: 18100 Comm: syz-executor.4 Not tainted 5.19.0-rc1-syzkaller-00303-g7a68065eb9cd #0 [ 2276.672776][T18100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2276.672783][T18100] Call Trace: [ 2276.672787][T18100] [ 2276.672792][T18100] dump_stack_lvl+0xcd/0x134 [ 2276.672811][T18100] should_fail.cold+0x5/0xa [ 2276.672827][T18100] _copy_to_user+0x2a/0x140 [ 2276.672843][T18100] simple_read_from_buffer+0xcc/0x160 [ 2276.672925][T18100] proc_fail_nth_read+0x187/0x220 [ 2276.672972][T18100] ? proc_exe_link+0x1d0/0x1d0 [ 2276.672996][T18100] ? security_file_permission+0xab/0xd0 [ 2276.673072][T18100] ? proc_exe_link+0x1d0/0x1d0 [ 2276.673086][T18100] vfs_read+0x1ef/0x5d0 [ 2276.673102][T18100] ksys_read+0x127/0x250 [ 2276.673115][T18100] ? vfs_write+0xac0/0xac0 [ 2276.673128][T18100] ? syscall_enter_from_user_mode+0x21/0x70 [ 2276.673145][T18100] ? syscall_enter_from_user_mode+0x21/0x70 [ 2276.673162][T18100] do_syscall_64+0x35/0xb0 [ 2276.673189][T18100] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 2276.673217][T18100] RIP: 0033:0x7f78f683bcbc [ 2276.673234][T18100] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 2276.673259][T18100] RSP: 002b:00007f78f7a9e160 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2276.673283][T18100] RAX: ffffffffffffffda RBX: 00007f78f699bf60 RCX: 00007f78f683bcbc [ 2276.673300][T18100] RDX: 000000000000000f RSI: 00007f78f7a9e1e0 RDI: 0000000000000004 [ 2276.673315][T18100] RBP: 00007f78f7a9e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2276.673331][T18100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2276.673345][T18100] R13: 00007ffd04f7becf R14: 00007f78f7a9e300 R15: 0000000000022000 [ 2276.673355][T18100] [ 2276.947085][T18105] FAULT_INJECTION: forcing a failure. [ 2276.947085][T18105] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2276.947106][T18105] CPU: 0 PID: 18105 Comm: syz-executor.0 Not tainted 5.19.0-rc1-syzkaller-00303-g7a68065eb9cd #0 [ 2276.947122][T18105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2276.947129][T18105] Call Trace: [ 2276.947133][T18105] [ 2276.947137][T18105] dump_stack_lvl+0xcd/0x134 [ 2276.947157][T18105] should_fail.cold+0x5/0xa [ 2276.947170][T18105] _copy_from_iter+0x389/0x15a0 [ 2276.947193][T18105] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2276.947211][T18105] ? kmem_cache_alloc_node_trace+0x3e5/0x5b0 [ 2276.947228][T18105] ? _copy_from_iter_nocache+0x1510/0x1510 [ 2276.947242][T18105] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2276.947258][T18105] ? memset+0x20/0x40 [ 2276.947273][T18105] ? __phys_addr_symbol+0x2c/0x70 [ 2276.947290][T18105] ? __check_object_size+0x353/0x7a0 [ 2276.947309][T18105] netlink_sendmsg+0x875/0xe10 [ 2276.947323][T18105] ? netlink_unicast+0x7f0/0x7f0 [ 2276.947336][T18105] ? netlink_unicast+0x7f0/0x7f0 [ 2276.947348][T18105] sock_sendmsg+0xcf/0x120 [ 2276.947361][T18105] ____sys_sendmsg+0x6eb/0x810 [ 2276.947373][T18105] ? kernel_sendmsg+0x50/0x50 [ 2276.947384][T18105] ? do_recvmmsg+0x6d0/0x6d0 [ 2276.947397][T18105] ? _parse_integer+0x30/0x30 [ 2276.947411][T18105] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2276.947429][T18105] ___sys_sendmsg+0xf3/0x170 [ 2276.947441][T18105] ? sendmsg_copy_msghdr+0x160/0x160 [ 2276.947455][T18105] ? __fget_files+0x248/0x440 [ 2276.947467][T18105] ? lock_downgrade+0x6e0/0x6e0 [ 2276.947483][T18105] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2276.947500][T18105] ? __fget_files+0x26a/0x440 [ 2276.947512][T18105] ? __fget_light+0xe5/0x270 [ 2276.947525][T18105] __x64_sys_sendmsg+0x132/0x220 [ 2276.947538][T18105] ? __sys_sendmsg+0x1b0/0x1b0 [ 2276.947552][T18105] ? syscall_enter_from_user_mode+0x21/0x70 [ 2276.947567][T18105] ? syscall_enter_from_user_mode+0x21/0x70 [ 2276.947582][T18105] do_syscall_64+0x35/0xb0 [ 2276.947597][T18105] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 2276.947613][T18105] RIP: 0033:0x7fe68f689109 [ 2276.947624][T18105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2276.947637][T18105] RSP: 002b:00007fe690892168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2276.947650][T18105] RAX: ffffffffffffffda RBX: 00007fe68f79bf60 RCX: 00007fe68f689109 [ 2276.947660][T18105] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 2276.947668][T18105] RBP: 00007fe6908921d0 R08: 0000000000000000 R09: 0000000000000000 [ 2276.947676][T18105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2276.947684][T18105] R13: 00007ffd9dcfd5bf R14: 00007fe690892300 R15: 0000000000022000 [ 2276.947694][T18105] [ 2276.970439][T18105] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2276.973698][T15172] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2276.973720][T15172] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2276.973744][T15172] usb 3-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.40 [ 2276.973760][T15172] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2276.975114][T15172] usb 3-1: config 0 descriptor?? [ 2277.026529][T18106] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2277.078920][T18106] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2277.444853][T15172] zydacron 0003:13EC:0006.0011: item fetching failed at offset 0/1 [ 2277.445159][T15172] zydacron 0003:13EC:0006.0011: parse failed [ 2277.445178][T15172] zydacron: probe of 0003:13EC:0006.0011 failed with error -22 [ 2277.688763][T15172] usb 3-1: USB disconnect, device number 22 [ 2282.965181][ T1225] ieee802154 phy0 wpan0: encryption failed: -22 [ 2282.965231][ T1225] ieee802154 phy1 wpan1: encryption failed: -22 19:21:04 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:21:04 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x3c, r1, 0x8, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_DISABLE_HT={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x3c}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000000)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @val={0x2d, 0x1a, {0xc, 0x2, 0x7, 0x0, {0xffffffffffffffa4, 0x1f, 0x0, 0x12f, 0x0, 0x0, 0x1, 0x2, 0x1}, 0x1, 0x1, 0x4}}, @void, @void}, 0x52) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:21:04 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (fail_nth: 6) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:21:04 executing program 3: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r0 = getpid() r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) ioctl$VFAT_IOCTL_READDIR_BOTH(0xffffffffffffffff, 0x82307201, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{0x0}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x10000000) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) getpid() syz_io_uring_setup(0x0, 0x0, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000040)=0x272) 19:21:04 executing program 2: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000000140, 0x13ec, 0x6, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000200)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 19:21:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000000)={0x2, 0x0, [{0x1, 0x0, 0x0, 0x0, 0x0, 0x80ffff}, {0xa, 0x0, 0x0, 0xfffffffd}]}) 19:21:04 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x2, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:21:04 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (rerun: 64) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x3c, r1, 0x8, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_DISABLE_HT={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x3c}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000000)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @val={0x2d, 0x1a, {0xc, 0x2, 0x7, 0x0, {0xffffffffffffffa4, 0x1f, 0x0, 0x12f, 0x0, 0x0, 0x1, 0x2, 0x1}, 0x1, 0x1, 0x4}}, @void, @void}, 0x52) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2286.934249][T18124] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2286.949025][T15172] wlan1: authenticate with 08:02:11:00:00:00 [ 2286.949122][T15172] wlan1: bad VHT capabilities, disabling VHT [ 2286.949131][T15172] wlan1: Invalid HE elem, Disable HE [ 2286.950492][T15172] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) 19:21:04 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x3, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2286.986000][T18129] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2286.986315][ T8] wlan1: authenticated [ 2286.987081][ T1693] mac80211_hwsim hwsim37 wlan1: disabling HT/VHT/HE as WMM/QoS is not supported by the AP [ 2286.993698][ T8] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 2287.037887][ T8] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 2287.038508][ T8] wlan1: associated [ 2287.039457][T18124] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:05 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="5000000008021100000108021100000000006a26f188e18d4d5db4110000000000000000000000000064000100000202020201088284"], 0x36) syz_80211_inject_frame(&(0x7f00000005c0)=@device_b, &(0x7f0000000600)=@mgmt_frame=@action_no_ack={@wo_ht={{0x0, 0x0, 0xe, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x647f}, @device_a, @device_a, @random="3efb17cfd03d", {0x1, 0x8}}, @sp_mp_open={0xf, 0x1, {0x100, {0x1, 0x3, [{0x60}, {0x3}, {0xb}]}, @val={0x72, 0x6}, @void}}}, 0x29) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000680)={0x1, 'macsec0\x00', {}, 0x7ff}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, @mcast2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x20, 0x5218af3e5c9494b0, 0x3f}}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r4) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r3, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x80, r5, 0x100, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x65}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x16}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x19}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x51}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x54}]}, 0x80}, 0x1, 0x0, 0x0, 0x8011}, 0x4040000) sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000800)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000940)={0x688, r5, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9c1, 0x79}}}}, [@NL80211_ATTR_BEACON_TAIL={0x341, 0xf, [@dsss={0x3, 0x1, 0xa}, @peer_mgmt={0x75, 0x14, {0x1, 0x7, @void, @void, @val="425397a56ed0fc8846bdf15a059f9bf7"}}, @gcr_ga={0xbd, 0x6, @broadcast}, @fast_bss_trans={0x37, 0x77, {0x9, 0x2, "c7421d6a31f0d3e80ed2182e941928c6", "ee20ba33479f399675c864fc94b40619e8a3aaa485d565e3ee40bfa98e07c46b", "120bf4750865ef2ff64f3a575db2fd58031f736eb91b6e7b18701b4c2a31f1e7", [{0x3, 0x1a, "9e89a114dfb18d7bea8f7e1ffb3c6b3418612fd769a6c58c9437"}, {0x2, 0x7, "5c0cf5f1d46bc4"}]}}, @perr={0x84, 0xee, {0x3f, 0xe, [@not_ext={{}, @device_b, 0xe9, "", 0x8}, @ext={{}, @device_b, 0x1f, @device_b, 0x16}, @not_ext={{}, @device_b, 0x7, "", 0x26}, @not_ext={{}, @broadcast, 0x4a02, "", 0x1}, @ext={{}, @device_a, 0x3, @broadcast, 0x32}, @ext={{}, @device_b, 0x10000, @device_b, 0x36}, @ext={{}, @device_b, 0x1, @device_b, 0x12}, @ext={{}, @device_a, 0x6, @device_a, 0x4}, @ext={{}, @device_a, 0x100, @device_a, 0x2c}, @ext={{}, @device_a, 0x2, @device_a, 0x11}, @ext={{}, @device_a, 0xff, @device_a, 0x29}, @not_ext={{}, @broadcast, 0x0, "", 0x2d}, @ext={{}, @broadcast, 0xeb, @broadcast, 0x2c}, @not_ext={{}, @broadcast, 0x2, "", 0x21}]}}, @random_vendor={0xdd, 0xcb, "b824b29c966f7d78c40cf0f1ba400a2c2737fead014eea7e326d94d7fa738ca866b013ee88baeeb0205581ed396317a8033eb81e12f7ae261af3566fedfcfd2cad050ee70ba64cd77c8d3662d80a6d8551390cedb8d275aa4d567dcdbb362089ccf99401579251284b94e7e1673a5da47266702fa36e844c74d795383a3208c9e19a0cf19167b38bf901118fcb5a403579c5bd0a71c011a22ddd77f283ee6882d359603df9ba290c0a5b2d0be024ac64a37108b1431463f9c41da4cc1e765845b660ee6fcd51f264d23528"}, @mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0xa, 0x20}}, @tim={0x5, 0xd0, {0x40, 0x7b, 0xb9, "760a49f4d9b379e642a679c5716937a8635f7cbdae879fc1da44deca6b5878513435327ab44da727223af589470f0f56f25dfc347a90348e5adb576e9d59688ad9992b54ac7532ddc7f74a90933dcd044bd7ecb7cc5b29bc9a81f57f41ab82ca1db9d29c9215a0da2d8984279d1703804bfb391e88689690895b761b1df14d65e20aabe48b22789b82da95c6addf022d04327e9bd2a98e523a0788f819b1270434c18f7d3abb9c1e8e4d30cec0d23bcda5a861f5ed7e67f0e1ac26dc2fba211fcf369f05d18d4edfe4c1c523f9"}}, @sec_chan_ofs={0x3e, 0x1}, @gcr_ga={0xbd, 0x6}]}, @NL80211_ATTR_IE={0x23a, 0x2a, [@tim={0x5, 0xdd, {0x1, 0x5f, 0x8f, "f03505deab38e5dd71b9134b8562111caaea49da8e01da61663e2a04114b901575ab3fe32479d90b1bef465d496133b4f2fdc3f0254498b3988a4b57b4e5efcfd75ae034e440d38c9f1b484250fb16109e1aa1485941f671c7eb161d757aca536c5ed99d6adc74f8987b116f3b9822d15f4374c2dad0890ab06df1cbd84b0af336b33a18df924c9b7cd5c431f7d7bae9351bb4169b9e71671d67f56eda9c44e2b5521173b2a87093673b582c58aad1eeb4bc5c7587e73c5e1b4942fdbbeb1528c9dadf2e038ebef09e520c461362dee294fdb66001fdd23e8d90"}}, @mesh_id={0x72, 0x6}, @mic={0x8c, 0x10, {0x27, "85359bbf0068", @short="8b3b59d03b184c8d"}}, @tim={0x5, 0x5a, {0x6, 0x58, 0x4, "9f574fd134487abb3f99a7b32f631de681adba64e7c3b756c6962f76a4b12b8bc87fb17e0ab034bd4265249937de35c1417cd5365108776fcd742b52b6064f443e93224dee52a1ef0961192d6d5170b4edf0944cce3375"}}, @sec_chan_ofs={0x3e, 0x1, 0x1}, @peer_mgmt={0x75, 0x16, {0x1, 0xc0c, @val=0xffff, @void, @val="e643000d7e85a8845b613a1a88d6e28c"}}, @supported_rates={0x1, 0x3, [{0x4, 0x1}, {0x6c, 0x1}, {0x1b, 0x1}]}, @random_vendor={0xdd, 0xbf, "085c772f9789ba10e5181009ddbba0c6cc0d1a75beb1bade7bb95b8c13e58eb6568d910f9cfd6bfc9447e95c73ed5b7edd1f952ddc448d1bbea289ee32b5e06537c9c333e793833a95de7660593332feb4c8cd456adf16e4415a0a629447bfa30784fd47b944bfb3af6a9debbf84e2ea853cb6b74dbf357411963b875b536f36d51d91f6214f8872b0a4bb61f68951c606e3173c7fce0d29acd2378931940f4a8902c7f1511282f4304c27ee3f8ae6809cf616fe0c3f37170d03d340cf8ac8"}]}, @NL80211_ATTR_IE_PROBE_RESP={0xaa, 0x7f, [@tim={0x5, 0xa4, {0x3f, 0xc9, 0xa1, "7b35d246dec05f9a28efdd55e088b840a20ea627f12ace35163a657109060ea98567e8becb1b9445fa11c733f867c7efcbb0a28b7c381444f59a00f6cc2fd3c0e899148d299191a5582569f565f5f75a4ca82890bb53e84d644cf8d11820132fe55bc4915551ecb7bbda0f91979e8f704bfa819af139918f7495219c50dfb01dc5b2bf747d74fb70b4e36e34baf51245e8c853339accea1be7db2a4e427513b167"}}]}, @NL80211_ATTR_BEACON_TAIL={0x34, 0xf, [@ht={0x2d, 0x1a, {0x300, 0x2, 0x3, 0x0, {0x10001, 0x7, 0x0, 0x4, 0x0, 0x1, 0x1, 0x2}, 0x800, 0x101, 0x6}}, @link_id={0x65, 0x12, {@initial, @device_b, @broadcast}}]}]}, 0x688}, 0x1, 0x0, 0x0, 0x40000c0}, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x50, r5, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$NL80211_CMD_ABORT_SCAN(r0, &(0x7f0000000580)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000540)={&(0x7f0000000180)={0x20, r5, 0x200, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x0, 0x6e}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0xc890) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:21:05 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x4, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:21:05 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (fail_nth: 7) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2287.153353][T17291] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 2287.386467][T18141] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2287.389323][T18141] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2287.441037][T18141] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:05 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x5, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2287.501301][T18141] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18141 comm=syz-executor.5 [ 2287.504392][T18141] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:05 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x6, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2287.513593][T17291] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2287.513629][T17291] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2287.513664][T17291] usb 3-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.40 [ 2287.513695][T17291] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 19:21:05 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="5000000008021100000108021100000000006a26f188e18d4d5db4110000000000000000000000000064000100000202020201088284"], 0x36) (async) syz_80211_inject_frame(&(0x7f00000005c0)=@device_b, &(0x7f0000000600)=@mgmt_frame=@action_no_ack={@wo_ht={{0x0, 0x0, 0xe, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x647f}, @device_a, @device_a, @random="3efb17cfd03d", {0x1, 0x8}}, @sp_mp_open={0xf, 0x1, {0x100, {0x1, 0x3, [{0x60}, {0x3}, {0xb}]}, @val={0x72, 0x6}, @void}}}, 0x29) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r4 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000680)={0x1, 'macsec0\x00', {}, 0x7ff}) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, @mcast2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x20, 0x5218af3e5c9494b0, 0x3f}}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r4) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r3, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x80, r5, 0x100, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x65}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x16}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x19}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x51}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x54}]}, 0x80}, 0x1, 0x0, 0x0, 0x8011}, 0x4040000) sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000800)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000940)={0x688, r5, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9c1, 0x79}}}}, [@NL80211_ATTR_BEACON_TAIL={0x341, 0xf, [@dsss={0x3, 0x1, 0xa}, @peer_mgmt={0x75, 0x14, {0x1, 0x7, @void, @void, @val="425397a56ed0fc8846bdf15a059f9bf7"}}, @gcr_ga={0xbd, 0x6, @broadcast}, @fast_bss_trans={0x37, 0x77, {0x9, 0x2, "c7421d6a31f0d3e80ed2182e941928c6", "ee20ba33479f399675c864fc94b40619e8a3aaa485d565e3ee40bfa98e07c46b", "120bf4750865ef2ff64f3a575db2fd58031f736eb91b6e7b18701b4c2a31f1e7", [{0x3, 0x1a, "9e89a114dfb18d7bea8f7e1ffb3c6b3418612fd769a6c58c9437"}, {0x2, 0x7, "5c0cf5f1d46bc4"}]}}, @perr={0x84, 0xee, {0x3f, 0xe, [@not_ext={{}, @device_b, 0xe9, "", 0x8}, @ext={{}, @device_b, 0x1f, @device_b, 0x16}, @not_ext={{}, @device_b, 0x7, "", 0x26}, @not_ext={{}, @broadcast, 0x4a02, "", 0x1}, @ext={{}, @device_a, 0x3, @broadcast, 0x32}, @ext={{}, @device_b, 0x10000, @device_b, 0x36}, @ext={{}, @device_b, 0x1, @device_b, 0x12}, @ext={{}, @device_a, 0x6, @device_a, 0x4}, @ext={{}, @device_a, 0x100, @device_a, 0x2c}, @ext={{}, @device_a, 0x2, @device_a, 0x11}, @ext={{}, @device_a, 0xff, @device_a, 0x29}, @not_ext={{}, @broadcast, 0x0, "", 0x2d}, @ext={{}, @broadcast, 0xeb, @broadcast, 0x2c}, @not_ext={{}, @broadcast, 0x2, "", 0x21}]}}, @random_vendor={0xdd, 0xcb, "b824b29c966f7d78c40cf0f1ba400a2c2737fead014eea7e326d94d7fa738ca866b013ee88baeeb0205581ed396317a8033eb81e12f7ae261af3566fedfcfd2cad050ee70ba64cd77c8d3662d80a6d8551390cedb8d275aa4d567dcdbb362089ccf99401579251284b94e7e1673a5da47266702fa36e844c74d795383a3208c9e19a0cf19167b38bf901118fcb5a403579c5bd0a71c011a22ddd77f283ee6882d359603df9ba290c0a5b2d0be024ac64a37108b1431463f9c41da4cc1e765845b660ee6fcd51f264d23528"}, @mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0xa, 0x20}}, @tim={0x5, 0xd0, {0x40, 0x7b, 0xb9, "760a49f4d9b379e642a679c5716937a8635f7cbdae879fc1da44deca6b5878513435327ab44da727223af589470f0f56f25dfc347a90348e5adb576e9d59688ad9992b54ac7532ddc7f74a90933dcd044bd7ecb7cc5b29bc9a81f57f41ab82ca1db9d29c9215a0da2d8984279d1703804bfb391e88689690895b761b1df14d65e20aabe48b22789b82da95c6addf022d04327e9bd2a98e523a0788f819b1270434c18f7d3abb9c1e8e4d30cec0d23bcda5a861f5ed7e67f0e1ac26dc2fba211fcf369f05d18d4edfe4c1c523f9"}}, @sec_chan_ofs={0x3e, 0x1}, @gcr_ga={0xbd, 0x6}]}, @NL80211_ATTR_IE={0x23a, 0x2a, [@tim={0x5, 0xdd, {0x1, 0x5f, 0x8f, "f03505deab38e5dd71b9134b8562111caaea49da8e01da61663e2a04114b901575ab3fe32479d90b1bef465d496133b4f2fdc3f0254498b3988a4b57b4e5efcfd75ae034e440d38c9f1b484250fb16109e1aa1485941f671c7eb161d757aca536c5ed99d6adc74f8987b116f3b9822d15f4374c2dad0890ab06df1cbd84b0af336b33a18df924c9b7cd5c431f7d7bae9351bb4169b9e71671d67f56eda9c44e2b5521173b2a87093673b582c58aad1eeb4bc5c7587e73c5e1b4942fdbbeb1528c9dadf2e038ebef09e520c461362dee294fdb66001fdd23e8d90"}}, @mesh_id={0x72, 0x6}, @mic={0x8c, 0x10, {0x27, "85359bbf0068", @short="8b3b59d03b184c8d"}}, @tim={0x5, 0x5a, {0x6, 0x58, 0x4, "9f574fd134487abb3f99a7b32f631de681adba64e7c3b756c6962f76a4b12b8bc87fb17e0ab034bd4265249937de35c1417cd5365108776fcd742b52b6064f443e93224dee52a1ef0961192d6d5170b4edf0944cce3375"}}, @sec_chan_ofs={0x3e, 0x1, 0x1}, @peer_mgmt={0x75, 0x16, {0x1, 0xc0c, @val=0xffff, @void, @val="e643000d7e85a8845b613a1a88d6e28c"}}, @supported_rates={0x1, 0x3, [{0x4, 0x1}, {0x6c, 0x1}, {0x1b, 0x1}]}, @random_vendor={0xdd, 0xbf, "085c772f9789ba10e5181009ddbba0c6cc0d1a75beb1bade7bb95b8c13e58eb6568d910f9cfd6bfc9447e95c73ed5b7edd1f952ddc448d1bbea289ee32b5e06537c9c333e793833a95de7660593332feb4c8cd456adf16e4415a0a629447bfa30784fd47b944bfb3af6a9debbf84e2ea853cb6b74dbf357411963b875b536f36d51d91f6214f8872b0a4bb61f68951c606e3173c7fce0d29acd2378931940f4a8902c7f1511282f4304c27ee3f8ae6809cf616fe0c3f37170d03d340cf8ac8"}]}, @NL80211_ATTR_IE_PROBE_RESP={0xaa, 0x7f, [@tim={0x5, 0xa4, {0x3f, 0xc9, 0xa1, "7b35d246dec05f9a28efdd55e088b840a20ea627f12ace35163a657109060ea98567e8becb1b9445fa11c733f867c7efcbb0a28b7c381444f59a00f6cc2fd3c0e899148d299191a5582569f565f5f75a4ca82890bb53e84d644cf8d11820132fe55bc4915551ecb7bbda0f91979e8f704bfa819af139918f7495219c50dfb01dc5b2bf747d74fb70b4e36e34baf51245e8c853339accea1be7db2a4e427513b167"}}]}, @NL80211_ATTR_BEACON_TAIL={0x34, 0xf, [@ht={0x2d, 0x1a, {0x300, 0x2, 0x3, 0x0, {0x10001, 0x7, 0x0, 0x4, 0x0, 0x1, 0x1, 0x2}, 0x800, 0x101, 0x6}}, @link_id={0x65, 0x12, {@initial, @device_b, @broadcast}}]}]}, 0x688}, 0x1, 0x0, 0x0, 0x40000c0}, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x50, r5, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) (async) sendmsg$NL80211_CMD_ABORT_SCAN(r0, &(0x7f0000000580)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000540)={&(0x7f0000000180)={0x20, r5, 0x200, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x0, 0x6e}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0xc890) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2287.516240][T17291] usb 3-1: config 0 descriptor?? [ 2287.543514][T18145] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:05 executing program 3: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r0 = getpid() r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) ioctl$VFAT_IOCTL_READDIR_BOTH(0xffffffffffffffff, 0x82307201, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{0x0}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x10000000) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) getpid() syz_io_uring_setup(0x0, 0x0, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000040)=0x272) [ 2287.612671][T18145] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2287.670369][T18148] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2287.983802][T18152] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2288.002304][T17291] zydacron 0003:13EC:0006.0012: item fetching failed at offset 0/1 [ 2288.002756][T17291] zydacron 0003:13EC:0006.0012: parse failed [ 2288.002788][T17291] zydacron: probe of 0003:13EC:0006.0012 failed with error -22 [ 2288.235291][T17291] usb 3-1: USB disconnect, device number 23 19:21:06 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x7, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:21:19 executing program 1: ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x8004745a, &(0x7f0000000080)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_clone(0x20000, 0x0, 0x3f, 0x0, 0x0, 0x0) process_vm_readv(r0, &(0x7f0000000940)=[{&(0x7f0000000340)=""/240, 0xf0}, {&(0x7f0000000440)=""/192, 0xc0}, {0x0}, {&(0x7f00000006c0)=""/42, 0x2a}, {&(0x7f0000000700)=""/3, 0x3}, {0x0}], 0x6, &(0x7f0000000740)=[{&(0x7f00000009c0)=""/68, 0x44}], 0x1, 0x0) r1 = syz_clone3(0x0, 0x0) syz_clone3(&(0x7f0000000280)={0x0, &(0x7f0000000000), 0x0, 0x0, {}, &(0x7f0000000140)=""/40, 0x28, &(0x7f0000000180)=""/168, &(0x7f0000000240)=[r1, 0xffffffffffffffff], 0x2}, 0x58) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x169, 0x4) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{0x0}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) getpriority(0x0, r4) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000780)={@in={{0x2, 0x0, @local}}, 0x0, 0x9, 0x6, 0x0, "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030cf00"}, 0xd8) ptrace$pokeuser(0x6, r0, 0x5, 0x7) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x5, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r2, &(0x7f0000000c80)=ANY=[@ANYBLOB="8a110af6fe08d19c187ef92f9d61e3412751dd7d526910bee6ee78bd6471b05dd3cfa35b3c0d1135739067cb938b757dfaa67beb7deec6d8a60000ddf50065ab9f8c4ec89385a7000000001bb0f97287c2d5127581b736321c86c98b80b8c4f12663f5c7a0793c020dcef2311dc04ffcc29a1244b2656c1c4006540f2920a52a878d6cd3f57a182897578f6d08c478cc1b5cb78b59b20d457f63439a2c54d5560dcdb664e5046de5efa15fcdf5b64f5b05cdad5cac6fc8ff0e20acf0c0edaa8e9a6d5cd18747b9a4f5f3a191ecf50a82d51155831b996f5fcc48fae12732a0f7c5af462bf68aad9fcfadd6db21c9615452e29a1a7cf8405d00000000050000007bd247fbed37630a3f8c499fe75600000000000000005f93698a8e103c6de766e7117138e58de0426b14645e54735aaed6b71faa8366e6dbaa93eb8fd82f648bf2d7a2e7a3b144aa524b72ce6e00e9ae85b29c95c4e996fbf1d5ccf6a6f53fdb3dcc643dc012b15c2784d89354f24bef90a5c805e28cbffb729c47bc85dc3e7d5213e8b796c52f666f39bf67cb85a3b9f26b6882ec5e05c08002d976b88ef85b0da78bd7fbaa250a51985e159fcea2fdceb22d349def3d0514ff002a739318f775bb3ad810bab61963df745438dd32bd864bb356444e27cd514eae2c446c8c24b392cd13d0aebe53ca0819", @ANYRESOCT], 0xfc30) 19:21:19 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (fail_nth: 8) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:21:19 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) (rerun: 32) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async, rerun: 64) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (rerun: 64) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="5000000008021100000108021100000000006a26f188e18d4d5db4110000000000000000000000000064000100000202020201088284"], 0x36) (async) syz_80211_inject_frame(&(0x7f00000005c0)=@device_b, &(0x7f0000000600)=@mgmt_frame=@action_no_ack={@wo_ht={{0x0, 0x0, 0xe, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x647f}, @device_a, @device_a, @random="3efb17cfd03d", {0x1, 0x8}}, @sp_mp_open={0xf, 0x1, {0x100, {0x1, 0x3, [{0x60}, {0x3}, {0xb}]}, @val={0x72, 0x6}, @void}}}, 0x29) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async, rerun: 32) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 32) r4 = socket(0x10, 0x3, 0x0) (async) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000680)={0x1, 'macsec0\x00', {}, 0x7ff}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, @mcast2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x20, 0x5218af3e5c9494b0, 0x3f}}) (async) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r4) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r3, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x80, r5, 0x100, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x65}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x16}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x19}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x51}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x54}]}, 0x80}, 0x1, 0x0, 0x0, 0x8011}, 0x4040000) sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000800)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000940)={0x688, r5, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9c1, 0x79}}}}, [@NL80211_ATTR_BEACON_TAIL={0x341, 0xf, [@dsss={0x3, 0x1, 0xa}, @peer_mgmt={0x75, 0x14, {0x1, 0x7, @void, @void, @val="425397a56ed0fc8846bdf15a059f9bf7"}}, @gcr_ga={0xbd, 0x6, @broadcast}, @fast_bss_trans={0x37, 0x77, {0x9, 0x2, "c7421d6a31f0d3e80ed2182e941928c6", "ee20ba33479f399675c864fc94b40619e8a3aaa485d565e3ee40bfa98e07c46b", "120bf4750865ef2ff64f3a575db2fd58031f736eb91b6e7b18701b4c2a31f1e7", [{0x3, 0x1a, "9e89a114dfb18d7bea8f7e1ffb3c6b3418612fd769a6c58c9437"}, {0x2, 0x7, "5c0cf5f1d46bc4"}]}}, @perr={0x84, 0xee, {0x3f, 0xe, [@not_ext={{}, @device_b, 0xe9, "", 0x8}, @ext={{}, @device_b, 0x1f, @device_b, 0x16}, @not_ext={{}, @device_b, 0x7, "", 0x26}, @not_ext={{}, @broadcast, 0x4a02, "", 0x1}, @ext={{}, @device_a, 0x3, @broadcast, 0x32}, @ext={{}, @device_b, 0x10000, @device_b, 0x36}, @ext={{}, @device_b, 0x1, @device_b, 0x12}, @ext={{}, @device_a, 0x6, @device_a, 0x4}, @ext={{}, @device_a, 0x100, @device_a, 0x2c}, @ext={{}, @device_a, 0x2, @device_a, 0x11}, @ext={{}, @device_a, 0xff, @device_a, 0x29}, @not_ext={{}, @broadcast, 0x0, "", 0x2d}, @ext={{}, @broadcast, 0xeb, @broadcast, 0x2c}, @not_ext={{}, @broadcast, 0x2, "", 0x21}]}}, @random_vendor={0xdd, 0xcb, "b824b29c966f7d78c40cf0f1ba400a2c2737fead014eea7e326d94d7fa738ca866b013ee88baeeb0205581ed396317a8033eb81e12f7ae261af3566fedfcfd2cad050ee70ba64cd77c8d3662d80a6d8551390cedb8d275aa4d567dcdbb362089ccf99401579251284b94e7e1673a5da47266702fa36e844c74d795383a3208c9e19a0cf19167b38bf901118fcb5a403579c5bd0a71c011a22ddd77f283ee6882d359603df9ba290c0a5b2d0be024ac64a37108b1431463f9c41da4cc1e765845b660ee6fcd51f264d23528"}, @mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0xa, 0x20}}, @tim={0x5, 0xd0, {0x40, 0x7b, 0xb9, "760a49f4d9b379e642a679c5716937a8635f7cbdae879fc1da44deca6b5878513435327ab44da727223af589470f0f56f25dfc347a90348e5adb576e9d59688ad9992b54ac7532ddc7f74a90933dcd044bd7ecb7cc5b29bc9a81f57f41ab82ca1db9d29c9215a0da2d8984279d1703804bfb391e88689690895b761b1df14d65e20aabe48b22789b82da95c6addf022d04327e9bd2a98e523a0788f819b1270434c18f7d3abb9c1e8e4d30cec0d23bcda5a861f5ed7e67f0e1ac26dc2fba211fcf369f05d18d4edfe4c1c523f9"}}, @sec_chan_ofs={0x3e, 0x1}, @gcr_ga={0xbd, 0x6}]}, @NL80211_ATTR_IE={0x23a, 0x2a, [@tim={0x5, 0xdd, {0x1, 0x5f, 0x8f, "f03505deab38e5dd71b9134b8562111caaea49da8e01da61663e2a04114b901575ab3fe32479d90b1bef465d496133b4f2fdc3f0254498b3988a4b57b4e5efcfd75ae034e440d38c9f1b484250fb16109e1aa1485941f671c7eb161d757aca536c5ed99d6adc74f8987b116f3b9822d15f4374c2dad0890ab06df1cbd84b0af336b33a18df924c9b7cd5c431f7d7bae9351bb4169b9e71671d67f56eda9c44e2b5521173b2a87093673b582c58aad1eeb4bc5c7587e73c5e1b4942fdbbeb1528c9dadf2e038ebef09e520c461362dee294fdb66001fdd23e8d90"}}, @mesh_id={0x72, 0x6}, @mic={0x8c, 0x10, {0x27, "85359bbf0068", @short="8b3b59d03b184c8d"}}, @tim={0x5, 0x5a, {0x6, 0x58, 0x4, "9f574fd134487abb3f99a7b32f631de681adba64e7c3b756c6962f76a4b12b8bc87fb17e0ab034bd4265249937de35c1417cd5365108776fcd742b52b6064f443e93224dee52a1ef0961192d6d5170b4edf0944cce3375"}}, @sec_chan_ofs={0x3e, 0x1, 0x1}, @peer_mgmt={0x75, 0x16, {0x1, 0xc0c, @val=0xffff, @void, @val="e643000d7e85a8845b613a1a88d6e28c"}}, @supported_rates={0x1, 0x3, [{0x4, 0x1}, {0x6c, 0x1}, {0x1b, 0x1}]}, @random_vendor={0xdd, 0xbf, "085c772f9789ba10e5181009ddbba0c6cc0d1a75beb1bade7bb95b8c13e58eb6568d910f9cfd6bfc9447e95c73ed5b7edd1f952ddc448d1bbea289ee32b5e06537c9c333e793833a95de7660593332feb4c8cd456adf16e4415a0a629447bfa30784fd47b944bfb3af6a9debbf84e2ea853cb6b74dbf357411963b875b536f36d51d91f6214f8872b0a4bb61f68951c606e3173c7fce0d29acd2378931940f4a8902c7f1511282f4304c27ee3f8ae6809cf616fe0c3f37170d03d340cf8ac8"}]}, @NL80211_ATTR_IE_PROBE_RESP={0xaa, 0x7f, [@tim={0x5, 0xa4, {0x3f, 0xc9, 0xa1, "7b35d246dec05f9a28efdd55e088b840a20ea627f12ace35163a657109060ea98567e8becb1b9445fa11c733f867c7efcbb0a28b7c381444f59a00f6cc2fd3c0e899148d299191a5582569f565f5f75a4ca82890bb53e84d644cf8d11820132fe55bc4915551ecb7bbda0f91979e8f704bfa819af139918f7495219c50dfb01dc5b2bf747d74fb70b4e36e34baf51245e8c853339accea1be7db2a4e427513b167"}}]}, @NL80211_ATTR_BEACON_TAIL={0x34, 0xf, [@ht={0x2d, 0x1a, {0x300, 0x2, 0x3, 0x0, {0x10001, 0x7, 0x0, 0x4, 0x0, 0x1, 0x1, 0x2}, 0x800, 0x101, 0x6}}, @link_id={0x65, 0x12, {@initial, @device_b, @broadcast}}]}]}, 0x688}, 0x1, 0x0, 0x0, 0x40000c0}, 0x0) (async) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x50, r5, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) (async) sendmsg$NL80211_CMD_ABORT_SCAN(r0, &(0x7f0000000580)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000540)={&(0x7f0000000180)={0x20, r5, 0x200, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x0, 0x6e}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0xc890) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:21:19 executing program 2: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000000140, 0x13ec, 0x6, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000200)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 19:21:19 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x8, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:21:19 executing program 3: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r0 = getpid() r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) ioctl$VFAT_IOCTL_READDIR_BOTH(0xffffffffffffffff, 0x82307201, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{0x0}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x10000000) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) getpid() syz_io_uring_setup(0x0, 0x0, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000040)=0x272) 19:21:19 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x9, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:21:19 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0xc, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:21:19 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x54, 0x0, 0x4, 0x70bd26, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x401}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}]}, 0x54}, 0x1, 0x0, 0x0, 0x14}, 0x4040090) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) r3 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000), 0x40100, 0x0) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r3, &(0x7f0000000600)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x74, r1, 0x20, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x4d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x22}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x76}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6f}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x1c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x70}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x41}]}, 0x74}, 0x1, 0x0, 0x0, 0x8054}, 0x20040000) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2301.812327][T18189] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2301.817549][T18184] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2301.867814][T18195] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2301.919624][T18189] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:19 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0xe, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2302.007366][T18199] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2302.023837][T17335] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 2302.060250][T18199] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:19 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0xf, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2302.111501][T18199] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:20 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (fail_nth: 9) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2302.383678][T17335] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2302.383718][T17335] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2302.383757][T17335] usb 3-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.40 [ 2302.383786][T17335] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2302.387861][T17335] usb 3-1: config 0 descriptor?? [ 2302.411445][T18205] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2302.471091][T18205] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2302.524141][T18206] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2302.865206][T17335] zydacron 0003:13EC:0006.0013: item fetching failed at offset 0/1 [ 2302.865623][T17335] zydacron 0003:13EC:0006.0013: parse failed [ 2302.865655][T17335] zydacron: probe of 0003:13EC:0006.0013 failed with error -22 [ 2303.080060][T17335] usb 3-1: USB disconnect, device number 24 19:21:32 executing program 1: openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000500), 0x1, 0x0) 19:21:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x54, 0x0, 0x4, 0x70bd26, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x401}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}]}, 0x54}, 0x1, 0x0, 0x0, 0x14}, 0x4040090) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) r3 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000), 0x40100, 0x0) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r3, &(0x7f0000000600)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x74, r1, 0x20, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x4d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x22}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x76}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6f}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x1c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x70}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x41}]}, 0x74}, 0x1, 0x0, 0x0, 0x8054}, 0x20040000) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x54, 0x0, 0x4, 0x70bd26, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x401}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}]}, 0x54}, 0x1, 0x0, 0x0, 0x14}, 0x4040090) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000), 0x40100, 0x0) (async) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r3, &(0x7f0000000600)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x74, r1, 0x20, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x4d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x22}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x76}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6f}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x1c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x70}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x41}]}, 0x74}, 0x1, 0x0, 0x0, 0x8054}, 0x20040000) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (async) 19:21:32 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000200000/0x4000)=nil, 0x1000) r1 = shmget(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(0x0, &(0x7f0000356000/0x4000)=nil, 0xffffffffffff6fff) shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x4000) shmat(0x0, &(0x7f0000156000/0x4000)=nil, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(r0, &(0x7f000020b000/0x2000)=nil, 0x5000) shmctl$SHM_LOCK(0x0, 0xb) shmctl$IPC_RMID(r1, 0x0) shmat(r1, &(0x7f0000092000/0x2000)=nil, 0x0) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00001d8000/0x3000)=nil, 0x7000) shmdt(0x0) shmat(0x0, &(0x7f0000402000/0x4000)=nil, 0xdf5f2043c18e98be) shmget$private(0x0, 0x400000, 0x400, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(0x0, 0xb) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x6800) shmctl$SHM_UNLOCK(r1, 0xc) 19:21:32 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (fail_nth: 10) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:21:32 executing program 2: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x29}}}, 0x1c) ioctl$TUNSETOWNER(0xffffffffffffffff, 0x400454c9, 0xffffffffffffffff) dup2(0xffffffffffffffff, 0xffffffffffffffff) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454df, &(0x7f0000000080)) ioctl$sock_rose_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8949, 0x0) 19:21:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x60, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2315.227540][T18219] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2315.256144][T18220] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x300, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2315.279198][T18219] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2315.310542][T18220] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x500, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:21:33 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x54, 0x0, 0x4, 0x70bd26, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x401}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}]}, 0x54}, 0x1, 0x0, 0x0, 0x14}, 0x4040090) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) r3 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000), 0x40100, 0x0) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r3, &(0x7f0000000600)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x74, r1, 0x20, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x4d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x22}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x76}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6f}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x1c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x70}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x41}]}, 0x74}, 0x1, 0x0, 0x0, 0x8054}, 0x20040000) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2315.330681][T18219] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x600, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2315.362203][T18220] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2315.363686][T18219] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x700, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2315.587372][T18244] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (fail_nth: 11) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2315.638524][T18243] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2315.639308][T18245] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x900, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2315.833097][T18251] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2315.903620][T18251] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2315.954850][T18251] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:43 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000200000/0x4000)=nil, 0x1000) r1 = shmget(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(0x0, &(0x7f0000356000/0x4000)=nil, 0xffffffffffff6fff) shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x4000) shmat(0x0, &(0x7f0000156000/0x4000)=nil, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(r0, &(0x7f000020b000/0x2000)=nil, 0x5000) shmctl$SHM_LOCK(0x0, 0xb) shmctl$IPC_RMID(r1, 0x0) shmat(r1, &(0x7f0000092000/0x2000)=nil, 0x0) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00001d8000/0x3000)=nil, 0x7000) shmdt(0x0) shmat(0x0, &(0x7f0000402000/0x4000)=nil, 0xdf5f2043c18e98be) shmget$private(0x0, 0x400000, 0x400, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(0x0, 0xb) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x6800) shmctl$SHM_UNLOCK(r1, 0xc) 19:21:43 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0xc00, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:21:43 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r3, &(0x7f00000028c0)=[{{&(0x7f0000000080)={0x2, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=[@tclass={{0x12, 0x11, 0x67}}], 0x18}}], 0x1, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r4, 0x89f6, &(0x7f0000000e00)={'ip6tnl0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f00000000c0)={'sit0\x00', r5, 0x2f, 0x5, 0x5, 0x100, 0x9, @mcast2, @remote, 0x8000, 0x40, 0x49c7, 0x8000}}) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0xd8, 0x0, 0x400, 0x70bd26, 0x25dfdbff, {}, [@HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24004805}, 0x4) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:21:43 executing program 2: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x29}}}, 0x1c) ioctl$TUNSETOWNER(0xffffffffffffffff, 0x400454c9, 0xffffffffffffffff) dup2(0xffffffffffffffff, 0xffffffffffffffff) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454df, &(0x7f0000000080)) ioctl$sock_rose_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8949, 0x0) 19:21:43 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000200000/0x4000)=nil, 0x1000) r1 = shmget(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(0x0, &(0x7f0000356000/0x4000)=nil, 0xffffffffffff6fff) shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x4000) shmat(0x0, &(0x7f0000156000/0x4000)=nil, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(r0, &(0x7f000020b000/0x2000)=nil, 0x5000) shmctl$SHM_LOCK(0x0, 0xb) shmctl$IPC_RMID(r1, 0x0) shmat(r1, &(0x7f0000092000/0x2000)=nil, 0x0) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00001d8000/0x3000)=nil, 0x7000) shmdt(0x0) shmat(0x0, &(0x7f0000402000/0x4000)=nil, 0xdf5f2043c18e98be) shmget$private(0x0, 0x400000, 0x400, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(0x0, 0xb) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x6800) shmctl$SHM_UNLOCK(r1, 0xc) 19:21:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (fail_nth: 12) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:21:43 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0xe00, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:21:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2325.765589][T18263] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2325.776449][T18266] FAULT_INJECTION: forcing a failure. [ 2325.776449][T18266] name fail_usercopy, interval 1, probability 0, space 0, times 0 19:21:43 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0xf00, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2325.776480][T18266] CPU: 0 PID: 18266 Comm: syz-executor.0 Not tainted 5.19.0-rc1-syzkaller-00303-g7a68065eb9cd #0 [ 2325.776508][T18266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2325.776521][T18266] Call Trace: [ 2325.776528][T18266] [ 2325.776535][T18266] dump_stack_lvl+0xcd/0x134 19:21:43 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x3f00, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2325.776567][T18266] should_fail.cold+0x5/0xa 19:21:43 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r3, &(0x7f00000028c0)=[{{&(0x7f0000000080)={0x2, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=[@tclass={{0x12, 0x11, 0x67}}], 0x18}}], 0x1, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r4, 0x89f6, &(0x7f0000000e00)={'ip6tnl0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f00000000c0)={'sit0\x00', r5, 0x2f, 0x5, 0x5, 0x100, 0x9, @mcast2, @remote, 0x8000, 0x40, 0x49c7, 0x8000}}) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0xd8, 0x0, 0x400, 0x70bd26, 0x25dfdbff, {}, [@HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24004805}, 0x4) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) socket$inet6_udplite(0xa, 0x2, 0x88) (async) sendmmsg$inet6(r3, &(0x7f00000028c0)=[{{&(0x7f0000000080)={0x2, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=[@tclass={{0x12, 0x11, 0x67}}], 0x18}}], 0x1, 0x0) (async) socket$inet6_udplite(0xa, 0x2, 0x88) (async) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r4, 0x89f6, &(0x7f0000000e00)={'ip6tnl0\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) (async) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f00000000c0)={'sit0\x00', r5, 0x2f, 0x5, 0x5, 0x100, 0x9, @mcast2, @remote, 0x8000, 0x40, 0x49c7, 0x8000}}) (async) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0xd8, 0x0, 0x400, 0x70bd26, 0x25dfdbff, {}, [@HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24004805}, 0x4) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (async) [ 2325.776591][T18266] _copy_from_user+0x2a/0x170 [ 2325.776621][T18266] kstrtouint_from_user+0xa8/0x190 [ 2325.776649][T18266] ? kstrtouint+0x120/0x120 [ 2325.776678][T18266] ? lock_release+0x780/0x780 [ 2325.776706][T18266] proc_fail_nth_write+0x79/0x220 19:21:44 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x6000, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2325.776734][T18266] ? proc_task_getattr+0x1f0/0x1f0 [ 2325.776762][T18266] ? proc_task_getattr+0x1f0/0x1f0 [ 2325.776788][T18266] vfs_write+0x269/0xac0 [ 2325.776813][T18266] ksys_write+0x127/0x250 [ 2325.776838][T18266] ? __ia32_sys_read+0xb0/0xb0 [ 2325.776862][T18266] ? syscall_enter_from_user_mode+0x21/0x70 [ 2325.776891][T18266] ? syscall_enter_from_user_mode+0x21/0x70 [ 2325.776918][T18266] do_syscall_64+0x35/0xb0 [ 2325.776947][T18266] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 2325.776977][T18266] RIP: 0033:0x7fe68f63bc1f [ 2325.776999][T18266] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 2325.777035][T18266] RSP: 002b:00007fe690892160 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 2325.777060][T18266] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe68f63bc1f [ 2325.777078][T18266] RDX: 0000000000000001 RSI: 00007fe6908921e0 RDI: 0000000000000004 [ 2325.777094][T18266] RBP: 00007fe6908921d0 R08: 0000000000000000 R09: 0000000000000000 [ 2325.777110][T18266] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 2325.777126][T18266] R13: 00007ffd9dcfd5bf R14: 00007fe690892300 R15: 0000000000022000 [ 2325.777146][T18266] [ 2325.817435][T18263] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2325.871327][T18269] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2325.919898][T18274] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2325.973025][T18274] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2326.026546][T18276] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2326.353568][T18284] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2326.409160][T18286] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2326.461374][T18284] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2326.465422][T18289] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:59 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000200000/0x4000)=nil, 0x1000) r1 = shmget(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(0x0, &(0x7f0000356000/0x4000)=nil, 0xffffffffffff6fff) shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x4000) shmat(0x0, &(0x7f0000156000/0x4000)=nil, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(r0, &(0x7f000020b000/0x2000)=nil, 0x5000) shmctl$SHM_LOCK(0x0, 0xb) shmctl$IPC_RMID(r1, 0x0) shmat(r1, &(0x7f0000092000/0x2000)=nil, 0x0) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00001d8000/0x3000)=nil, 0x7000) shmdt(0x0) shmat(0x0, &(0x7f0000402000/0x4000)=nil, 0xdf5f2043c18e98be) shmget$private(0x0, 0x400000, 0x400, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(0x0, 0xb) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x6800) shmctl$SHM_UNLOCK(r1, 0xc) 19:21:59 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x30000, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:21:59 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) (rerun: 64) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async, rerun: 64) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (rerun: 64) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async, rerun: 32) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) (rerun: 32) sendmmsg$inet6(r3, &(0x7f00000028c0)=[{{&(0x7f0000000080)={0x2, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=[@tclass={{0x12, 0x11, 0x67}}], 0x18}}], 0x1, 0x0) (async) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r4, 0x89f6, &(0x7f0000000e00)={'ip6tnl0\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f00000000c0)={'sit0\x00', r5, 0x2f, 0x5, 0x5, 0x100, 0x9, @mcast2, @remote, 0x8000, 0x40, 0x49c7, 0x8000}}) (async) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0xd8, 0x0, 0x400, 0x70bd26, 0x25dfdbff, {}, [@HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24004805}, 0x4) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async, rerun: 32) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (rerun: 32) 19:21:59 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000200000/0x4000)=nil, 0x1000) r1 = shmget(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(0x0, &(0x7f0000356000/0x4000)=nil, 0xffffffffffff6fff) shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x4000) shmat(0x0, &(0x7f0000156000/0x4000)=nil, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(r0, &(0x7f000020b000/0x2000)=nil, 0x5000) shmctl$SHM_LOCK(0x0, 0xb) shmctl$IPC_RMID(r1, 0x0) shmat(r1, &(0x7f0000092000/0x2000)=nil, 0x0) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00001d8000/0x3000)=nil, 0x7000) shmdt(0x0) shmat(0x0, &(0x7f0000402000/0x4000)=nil, 0xdf5f2043c18e98be) shmget$private(0x0, 0x400000, 0x400, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(0x0, 0xb) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x6800) shmctl$SHM_UNLOCK(r1, 0xc) 19:21:59 executing program 2: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x29}}}, 0x1c) ioctl$TUNSETOWNER(0xffffffffffffffff, 0x400454c9, 0xffffffffffffffff) dup2(0xffffffffffffffff, 0xffffffffffffffff) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454df, &(0x7f0000000080)) ioctl$sock_rose_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8949, 0x0) 19:21:59 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:21:59 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x1000000, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:21:59 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) futex(&(0x7f0000000000)=0x2, 0xb, 0x0, &(0x7f0000000040)={0x77359400}, &(0x7f0000000540)=0x2, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2341.338298][T18305] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2341.358711][T18306] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:59 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x2000000, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2341.390452][T18309] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2341.415832][T18303] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2341.445610][T18309] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:59 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x3000000, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2341.567198][T18317] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2341.622381][T18317] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:59 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x2, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2341.674130][T18320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:21:59 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x4000000, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2341.899266][T18325] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2341.951356][T18325] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2342.002600][T18325] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2344.406199][ T1225] ieee802154 phy0 wpan0: encryption failed: -22 [ 2344.406249][ T1225] ieee802154 phy1 wpan1: encryption failed: -22 19:22:12 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000200000/0x4000)=nil, 0x1000) r1 = shmget(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(0x0, &(0x7f0000356000/0x4000)=nil, 0xffffffffffff6fff) shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x4000) shmat(0x0, &(0x7f0000156000/0x4000)=nil, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(r0, &(0x7f000020b000/0x2000)=nil, 0x5000) shmctl$SHM_LOCK(0x0, 0xb) shmctl$IPC_RMID(r1, 0x0) shmat(r1, &(0x7f0000092000/0x2000)=nil, 0x0) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00001d8000/0x3000)=nil, 0x7000) shmdt(0x0) shmat(0x0, &(0x7f0000402000/0x4000)=nil, 0xdf5f2043c18e98be) shmget$private(0x0, 0x400000, 0x400, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(0x0, 0xb) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x6800) shmctl$SHM_UNLOCK(r1, 0xc) 19:22:12 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) futex(&(0x7f0000000000)=0x2, 0xb, 0x0, &(0x7f0000000040)={0x77359400}, &(0x7f0000000540)=0x2, 0x0) (async, rerun: 32) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async, rerun: 32) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:22:12 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x5000000, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:22:12 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000200000/0x4000)=nil, 0x1000) r1 = shmget(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(0x0, &(0x7f0000356000/0x4000)=nil, 0xffffffffffff6fff) shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x4000) shmat(0x0, &(0x7f0000156000/0x4000)=nil, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(r0, &(0x7f000020b000/0x2000)=nil, 0x5000) shmctl$SHM_LOCK(0x0, 0xb) shmctl$IPC_RMID(r1, 0x0) shmat(r1, &(0x7f0000092000/0x2000)=nil, 0x0) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00001d8000/0x3000)=nil, 0x7000) shmdt(0x0) shmat(0x0, &(0x7f0000402000/0x4000)=nil, 0xdf5f2043c18e98be) shmget$private(0x0, 0x400000, 0x400, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(0x0, 0xb) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x6800) shmctl$SHM_UNLOCK(r1, 0xc) 19:22:12 executing program 2: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x29}}}, 0x1c) ioctl$TUNSETOWNER(0xffffffffffffffff, 0x400454c9, 0xffffffffffffffff) dup2(0xffffffffffffffff, 0xffffffffffffffff) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454df, &(0x7f0000000080)) ioctl$sock_rose_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8949, 0x0) 19:22:12 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x3, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2354.812774][T18339] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:22:12 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x6000000, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2354.843829][T18342] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.865152][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:22:12 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x7000000, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2354.866672][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.883772][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.885434][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:22:12 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x8000000, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2354.886099][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:22:13 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x4, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2354.890282][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.891605][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:22:13 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) futex(&(0x7f0000000000)=0x2, 0xb, 0x0, &(0x7f0000000040)={0x77359400}, &(0x7f0000000540)=0x2, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) futex(&(0x7f0000000000)=0x2, 0xb, 0x0, &(0x7f0000000040)={0x77359400}, &(0x7f0000000540)=0x2, 0x0) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (async) [ 2354.894962][T18342] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:22:13 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x9000000, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2354.895408][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.902332][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.911252][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.912326][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.913876][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.915819][T18339] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.918309][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.921018][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.928057][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.934469][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.937152][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.942268][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.947808][T18342] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.967250][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.973011][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.981489][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.985534][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.988337][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.992194][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2354.999588][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2355.014478][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2355.018400][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2355.022911][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2355.028686][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2355.037471][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2355.054639][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2355.056804][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2355.061362][T18336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2355.436015][T18354] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2355.495609][T18355] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2355.548606][T18355] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2355.610806][T18358] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2355.664877][T18358] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2355.716835][T18358] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:22:23 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000200000/0x4000)=nil, 0x1000) r1 = shmget(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(0x0, &(0x7f0000356000/0x4000)=nil, 0xffffffffffff6fff) shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x4000) shmat(0x0, &(0x7f0000156000/0x4000)=nil, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(r0, &(0x7f000020b000/0x2000)=nil, 0x5000) shmctl$SHM_LOCK(0x0, 0xb) shmctl$IPC_RMID(r1, 0x0) shmat(r1, &(0x7f0000092000/0x2000)=nil, 0x0) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00001d8000/0x3000)=nil, 0x7000) shmdt(0x0) shmat(0x0, &(0x7f0000402000/0x4000)=nil, 0xdf5f2043c18e98be) shmget$private(0x0, 0x400000, 0x400, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(0x0, 0xb) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x6800) shmctl$SHM_UNLOCK(r1, 0xc) 19:22:23 executing program 5: setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(0xffffffffffffffff, 0x84, 0x19, &(0x7f0000000180)={0x0, 0x6}, 0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="240007004793600a96387503916be8ebcbb77d00003654189eb81e3fa100", @ANYRES16=r1, @ANYBLOB="052053230747000000000000000000060000", @ANYRES32=r2, @ANYBLOB="0800050002000000"], 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@broadcast, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) syz_80211_inject_frame(&(0x7f0000000040), &(0x7f0000000540)=@mgmt_frame=@beacon={@with_ht={{{}, {0x1f}, @broadcast, @broadcast, @initial, {0x1, 0x40}}, @ver_80211n={0x0, 0x9, 0x3, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0x8000000000000001, @random=0xff, 0x4006, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x5, [{0x1}, {0xb, 0x1}, {0x16}, {0x36, 0x1}, {0xc}]}, @void, @void, @val={0x6, 0x2, 0x156}, @void, @void, @val={0x2a, 0x1}, @val={0x3c, 0x4, {0x0, 0xf8, 0x2, 0x1}}, @val={0x2d, 0x1a, {0x800, 0x0, 0x6, 0x0, {0x1, 0x5, 0x0, 0x2, 0x0, 0x1, 0x1, 0x2, 0x1}, 0x8, 0x80000000, 0x5}}, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfc, 0x69}}, @val={0x76, 0x6, {0x8, 0x6, 0x25, 0x38}}, [{0xdd, 0x19, "4458548d11df7c141cdc9ef9a0540c5c48af6833385d4ec865"}, {0xdd, 0x43, "a1baee4c1b0b073f5331caa04e898c85ef2ebe6260e207f55612e4439fffee85b56dc74cfc0b2c981a7129b322fc04e76fcf55eae06d0782a56f1ffe0757a805817ab6"}, {0xdd, 0xd2, "ee862ecb7bb9df0b78f9e217ac3fe51d51d6343ca23a676e1f590cb93579d47f57054567be4135de01382d07a13a5a37f2c98a8b2c079c2a4da930dc02a326d45c984f195645ee8c0b5127ef542ac42736a2d2cd5708f4b804abb88cc9e1237b711eda118fc10e3d35b4397655fa29eeb413eb6e0ed4e011f0ec6545d38eb15bb918a8d8068876d15866fe6904117c1ced546845c3dd9941555259ced854cce4a5b255caa30e4595fbdd5c1ee250dd06dc953f15d964632def67112609793a3e1d225af7878a3f796fe39a37cf8375114bfc"}, {0xdd, 0xec, "32e57b12b03c9aaf176a4baf6cee8bb7ca5578258ec62b14a82d32330537985570ff3e05c030bd77f997565ffae042b0bc4f36076a0d60e078b652c43892e5c925d658cccd04efb4e22ae85f64d3580bb04e694563380b91ae20650e66a554bf69647c46e8fea2fd9790ea2a2cd00732aed760af6f1ebde0ea406e403f9c38cd3b88f3a12c421916f1931b33e021eec349e7eac22a21cbd165eb5e6e3383234efb13ea458a3420ad86a523923ad5398c5b34472e53a5e85d809b1356b9d034a853f330a592fd1dadaa9d8849f38074dfef0015f99987dae7bd8d75ba25d62fee158c7c3bd1739ffb8ea5730b"}, {0xdd, 0x96, "ff272311c2ddc5d270bcafa0846beee3762dfc3c455c1fcbd5a5f69a830cfc5ed7ffebbfa226985df1badfbe1d85a27a2219da17456c848e34590081bf44e5b4ac724d9e38a5153c1ac0a9ff8997582f0b166e7841a825fcacfb84bd91176a5c8517af63ddbbfcc35215c532deb577b89caab03deefad1ff578eba4cfd28d8cf08e2666863b6b7548ddd05976cd09cef053a057f6630"}]}, 0x32b) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:22:23 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x5, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:22:23 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000200000/0x4000)=nil, 0x1000) r1 = shmget(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(0x0, &(0x7f0000356000/0x4000)=nil, 0xffffffffffff6fff) shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x4000) shmat(0x0, &(0x7f0000156000/0x4000)=nil, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(r0, &(0x7f000020b000/0x2000)=nil, 0x5000) shmctl$SHM_LOCK(0x0, 0xb) shmctl$IPC_RMID(r1, 0x0) shmat(r1, &(0x7f0000092000/0x2000)=nil, 0x0) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00001d8000/0x3000)=nil, 0x7000) shmdt(0x0) shmat(0x0, &(0x7f0000402000/0x4000)=nil, 0xdf5f2043c18e98be) shmget$private(0x0, 0x400000, 0x400, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(0x0, 0xb) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x6800) shmctl$SHM_UNLOCK(r1, 0xc) 19:22:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0xc000000, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:22:23 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000200000/0x4000)=nil, 0x1000) r1 = shmget(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(0x0, &(0x7f0000356000/0x4000)=nil, 0xffffffffffff6fff) shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x4000) shmat(0x0, &(0x7f0000156000/0x4000)=nil, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(r0, &(0x7f000020b000/0x2000)=nil, 0x5000) shmctl$SHM_LOCK(0x0, 0xb) shmctl$IPC_RMID(r1, 0x0) shmat(r1, &(0x7f0000092000/0x2000)=nil, 0x0) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00001d8000/0x3000)=nil, 0x7000) shmdt(0x0) shmat(0x0, &(0x7f0000402000/0x4000)=nil, 0xdf5f2043c18e98be) shmget$private(0x0, 0x400000, 0x400, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(0x0, 0xb) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x6800) shmctl$SHM_UNLOCK(r1, 0xc) 19:22:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0xe000000, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2366.194460][T18377] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2366.195019][T18376] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:22:24 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0xf000000, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2366.246306][T18377] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2366.249187][T18379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2366.250237][T18377] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:22:24 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x3f000000, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2366.301144][T18379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2366.311193][T18382] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:22:24 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x60000000, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:22:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x6, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:22:24 executing program 5: setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(0xffffffffffffffff, 0x84, 0x19, &(0x7f0000000180)={0x0, 0x6}, 0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="240007004793600a96387503916be8ebcbb77d00003654189eb81e3fa100", @ANYRES16=r1, @ANYBLOB="052053230747000000000000000000060000", @ANYRES32=r2, @ANYBLOB="0800050002000000"], 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@broadcast, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) syz_80211_inject_frame(&(0x7f0000000040), &(0x7f0000000540)=@mgmt_frame=@beacon={@with_ht={{{}, {0x1f}, @broadcast, @broadcast, @initial, {0x1, 0x40}}, @ver_80211n={0x0, 0x9, 0x3, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0x8000000000000001, @random=0xff, 0x4006, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x5, [{0x1}, {0xb, 0x1}, {0x16}, {0x36, 0x1}, {0xc}]}, @void, @void, @val={0x6, 0x2, 0x156}, @void, @void, @val={0x2a, 0x1}, @val={0x3c, 0x4, {0x0, 0xf8, 0x2, 0x1}}, @val={0x2d, 0x1a, {0x800, 0x0, 0x6, 0x0, {0x1, 0x5, 0x0, 0x2, 0x0, 0x1, 0x1, 0x2, 0x1}, 0x8, 0x80000000, 0x5}}, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfc, 0x69}}, @val={0x76, 0x6, {0x8, 0x6, 0x25, 0x38}}, [{0xdd, 0x19, "4458548d11df7c141cdc9ef9a0540c5c48af6833385d4ec865"}, {0xdd, 0x43, "a1baee4c1b0b073f5331caa04e898c85ef2ebe6260e207f55612e4439fffee85b56dc74cfc0b2c981a7129b322fc04e76fcf55eae06d0782a56f1ffe0757a805817ab6"}, {0xdd, 0xd2, "ee862ecb7bb9df0b78f9e217ac3fe51d51d6343ca23a676e1f590cb93579d47f57054567be4135de01382d07a13a5a37f2c98a8b2c079c2a4da930dc02a326d45c984f195645ee8c0b5127ef542ac42736a2d2cd5708f4b804abb88cc9e1237b711eda118fc10e3d35b4397655fa29eeb413eb6e0ed4e011f0ec6545d38eb15bb918a8d8068876d15866fe6904117c1ced546845c3dd9941555259ced854cce4a5b255caa30e4595fbdd5c1ee250dd06dc953f15d964632def67112609793a3e1d225af7878a3f796fe39a37cf8375114bfc"}, {0xdd, 0xec, "32e57b12b03c9aaf176a4baf6cee8bb7ca5578258ec62b14a82d32330537985570ff3e05c030bd77f997565ffae042b0bc4f36076a0d60e078b652c43892e5c925d658cccd04efb4e22ae85f64d3580bb04e694563380b91ae20650e66a554bf69647c46e8fea2fd9790ea2a2cd00732aed760af6f1ebde0ea406e403f9c38cd3b88f3a12c421916f1931b33e021eec349e7eac22a21cbd165eb5e6e3383234efb13ea458a3420ad86a523923ad5398c5b34472e53a5e85d809b1356b9d034a853f330a592fd1dadaa9d8849f38074dfef0015f99987dae7bd8d75ba25d62fee158c7c3bd1739ffb8ea5730b"}, {0xdd, 0x96, "ff272311c2ddc5d270bcafa0846beee3762dfc3c455c1fcbd5a5f69a830cfc5ed7ffebbfa226985df1badfbe1d85a27a2219da17456c848e34590081bf44e5b4ac724d9e38a5153c1ac0a9ff8997582f0b166e7841a825fcacfb84bd91176a5c8517af63ddbbfcc35215c532deb577b89caab03deefad1ff578eba4cfd28d8cf08e2666863b6b7548ddd05976cd09cef053a057f6630"}]}, 0x32b) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:22:24 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0xffffff7f, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2366.753528][T18395] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2366.793947][T18397] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2366.806926][T18399] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2366.845714][T18397] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2366.846986][T18397] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2366.860081][T18395] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2366.897953][T18397] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2382.323541][T17291] Bluetooth: hci2: command 0x0406 tx timeout 19:22:43 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000200000/0x4000)=nil, 0x1000) r1 = shmget(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(0x0, &(0x7f0000356000/0x4000)=nil, 0xffffffffffff6fff) shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x4000) shmat(0x0, &(0x7f0000156000/0x4000)=nil, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(r0, &(0x7f000020b000/0x2000)=nil, 0x5000) shmctl$SHM_LOCK(0x0, 0xb) shmctl$IPC_RMID(r1, 0x0) shmat(r1, &(0x7f0000092000/0x2000)=nil, 0x0) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00001d8000/0x3000)=nil, 0x7000) shmdt(0x0) shmat(0x0, &(0x7f0000402000/0x4000)=nil, 0xdf5f2043c18e98be) shmget$private(0x0, 0x400000, 0x400, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(0x0, 0xb) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x6800) shmctl$SHM_UNLOCK(r1, 0xc) 19:22:43 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000200000/0x4000)=nil, 0x1000) r1 = shmget(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(0x0, &(0x7f0000356000/0x4000)=nil, 0xffffffffffff6fff) shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x4000) shmat(0x0, &(0x7f0000156000/0x4000)=nil, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(r0, &(0x7f000020b000/0x2000)=nil, 0x5000) shmctl$SHM_LOCK(0x0, 0xb) shmctl$IPC_RMID(r1, 0x0) shmat(r1, &(0x7f0000092000/0x2000)=nil, 0x0) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00001d8000/0x3000)=nil, 0x7000) shmdt(0x0) shmat(0x0, &(0x7f0000402000/0x4000)=nil, 0xdf5f2043c18e98be) shmget$private(0x0, 0x400000, 0x400, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(0x0, 0xb) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x6800) shmctl$SHM_UNLOCK(r1, 0xc) 19:22:43 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000200000/0x4000)=nil, 0x1000) r1 = shmget(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(0x0, &(0x7f0000356000/0x4000)=nil, 0xffffffffffff6fff) shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x4000) shmat(0x0, &(0x7f0000156000/0x4000)=nil, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(r0, &(0x7f000020b000/0x2000)=nil, 0x5000) shmctl$SHM_LOCK(0x0, 0xb) shmctl$IPC_RMID(r1, 0x0) shmat(r1, &(0x7f0000092000/0x2000)=nil, 0x0) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00001d8000/0x3000)=nil, 0x7000) shmdt(0x0) shmat(0x0, &(0x7f0000402000/0x4000)=nil, 0xdf5f2043c18e98be) shmget$private(0x0, 0x400000, 0x400, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(0x0, 0xb) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x6800) shmctl$SHM_UNLOCK(r1, 0xc) 19:22:43 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0xf, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:22:43 executing program 5: setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(0xffffffffffffffff, 0x84, 0x19, &(0x7f0000000180)={0x0, 0x6}, 0x8) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="240007004793600a96387503916be8ebcbb77d00003654189eb81e3fa100", @ANYRES16=r1, @ANYBLOB="052053230747000000000000000000060000", @ANYRES32=r2, @ANYBLOB="0800050002000000"], 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@broadcast, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) syz_80211_inject_frame(&(0x7f0000000040), &(0x7f0000000540)=@mgmt_frame=@beacon={@with_ht={{{}, {0x1f}, @broadcast, @broadcast, @initial, {0x1, 0x40}}, @ver_80211n={0x0, 0x9, 0x3, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0x8000000000000001, @random=0xff, 0x4006, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x5, [{0x1}, {0xb, 0x1}, {0x16}, {0x36, 0x1}, {0xc}]}, @void, @void, @val={0x6, 0x2, 0x156}, @void, @void, @val={0x2a, 0x1}, @val={0x3c, 0x4, {0x0, 0xf8, 0x2, 0x1}}, @val={0x2d, 0x1a, {0x800, 0x0, 0x6, 0x0, {0x1, 0x5, 0x0, 0x2, 0x0, 0x1, 0x1, 0x2, 0x1}, 0x8, 0x80000000, 0x5}}, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfc, 0x69}}, @val={0x76, 0x6, {0x8, 0x6, 0x25, 0x38}}, [{0xdd, 0x19, "4458548d11df7c141cdc9ef9a0540c5c48af6833385d4ec865"}, {0xdd, 0x43, "a1baee4c1b0b073f5331caa04e898c85ef2ebe6260e207f55612e4439fffee85b56dc74cfc0b2c981a7129b322fc04e76fcf55eae06d0782a56f1ffe0757a805817ab6"}, {0xdd, 0xd2, "ee862ecb7bb9df0b78f9e217ac3fe51d51d6343ca23a676e1f590cb93579d47f57054567be4135de01382d07a13a5a37f2c98a8b2c079c2a4da930dc02a326d45c984f195645ee8c0b5127ef542ac42736a2d2cd5708f4b804abb88cc9e1237b711eda118fc10e3d35b4397655fa29eeb413eb6e0ed4e011f0ec6545d38eb15bb918a8d8068876d15866fe6904117c1ced546845c3dd9941555259ced854cce4a5b255caa30e4595fbdd5c1ee250dd06dc953f15d964632def67112609793a3e1d225af7878a3f796fe39a37cf8375114bfc"}, {0xdd, 0xec, "32e57b12b03c9aaf176a4baf6cee8bb7ca5578258ec62b14a82d32330537985570ff3e05c030bd77f997565ffae042b0bc4f36076a0d60e078b652c43892e5c925d658cccd04efb4e22ae85f64d3580bb04e694563380b91ae20650e66a554bf69647c46e8fea2fd9790ea2a2cd00732aed760af6f1ebde0ea406e403f9c38cd3b88f3a12c421916f1931b33e021eec349e7eac22a21cbd165eb5e6e3383234efb13ea458a3420ad86a523923ad5398c5b34472e53a5e85d809b1356b9d034a853f330a592fd1dadaa9d8849f38074dfef0015f99987dae7bd8d75ba25d62fee158c7c3bd1739ffb8ea5730b"}, {0xdd, 0x96, "ff272311c2ddc5d270bcafa0846beee3762dfc3c455c1fcbd5a5f69a830cfc5ed7ffebbfa226985df1badfbe1d85a27a2219da17456c848e34590081bf44e5b4ac724d9e38a5153c1ac0a9ff8997582f0b166e7841a825fcacfb84bd91176a5c8517af63ddbbfcc35215c532deb577b89caab03deefad1ff578eba4cfd28d8cf08e2666863b6b7548ddd05976cd09cef053a057f6630"}]}, 0x32b) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:22:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x7, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:22:43 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r0) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r3, &(0x7f0000000600)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x30, r4, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x1}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x4000088) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="50007c180000ffffff7f0000000004c0b12551bb0a3830aa8b8444f708021100"/54], 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:22:43 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x14, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2385.862601][T18411] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2385.917641][T18411] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2385.969992][T18411] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:22:43 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0xc0, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2386.089432][T18420] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2386.141231][T18420] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:22:43 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0xec0, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2386.193832][T18424] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:22:44 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x8, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:22:44 executing program 2: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000200000/0x4000)=nil, 0x1000) r1 = shmget(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(0x0, &(0x7f0000356000/0x4000)=nil, 0xffffffffffff6fff) shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x4000) shmat(0x0, &(0x7f0000156000/0x4000)=nil, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(r0, &(0x7f000020b000/0x2000)=nil, 0x5000) shmctl$SHM_LOCK(0x0, 0xb) shmctl$IPC_RMID(r1, 0x0) shmat(r1, &(0x7f0000092000/0x2000)=nil, 0x0) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00001d8000/0x3000)=nil, 0x7000) shmdt(0x0) shmat(0x0, &(0x7f0000402000/0x4000)=nil, 0xdf5f2043c18e98be) shmget$private(0x0, 0x400000, 0x400, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(0x0, 0xb) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x6800) shmctl$SHM_UNLOCK(r1, 0xc) [ 2386.395850][T18429] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2386.447775][T18429] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2386.505392][T18432] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2390.483571][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! 19:22:54 executing program 1: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000200000/0x4000)=nil, 0x1000) r1 = shmget(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(0x0, &(0x7f0000356000/0x4000)=nil, 0xffffffffffff6fff) shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x4000) shmat(0x0, &(0x7f0000156000/0x4000)=nil, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(r0, &(0x7f000020b000/0x2000)=nil, 0x5000) shmctl$SHM_LOCK(0x0, 0xb) shmctl$IPC_RMID(r1, 0x0) shmat(r1, &(0x7f0000092000/0x2000)=nil, 0x0) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00001d8000/0x3000)=nil, 0x7000) shmdt(0x0) shmat(0x0, &(0x7f0000402000/0x4000)=nil, 0xdf5f2043c18e98be) shmget$private(0x0, 0x400000, 0x400, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(0x0, 0xb) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x6800) shmctl$SHM_UNLOCK(r1, 0xc) 19:22:54 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x33fe0, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:22:54 executing program 3: mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(0x0, &(0x7f0000200000/0x4000)=nil, 0x1000) r1 = shmget(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(0x0, &(0x7f0000356000/0x4000)=nil, 0xffffffffffff6fff) shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x4000) shmat(0x0, &(0x7f0000156000/0x4000)=nil, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(r0, &(0x7f000020b000/0x2000)=nil, 0x5000) shmctl$SHM_LOCK(0x0, 0xb) shmctl$IPC_RMID(r1, 0x0) shmat(r1, &(0x7f0000092000/0x2000)=nil, 0x0) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmat(r0, &(0x7f00001d8000/0x3000)=nil, 0x7000) shmdt(0x0) shmat(0x0, &(0x7f0000402000/0x4000)=nil, 0xdf5f2043c18e98be) shmget$private(0x0, 0x400000, 0x400, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(0x0, 0xb) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x6800) shmctl$SHM_UNLOCK(r1, 0xc) 19:22:54 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) (rerun: 32) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r0) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r3, &(0x7f0000000600)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x30, r4, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x1}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x4000088) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="50007c180000ffffff7f0000000004c0b12551bb0a3830aa8b8444f708021100"/54], 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:22:54 executing program 2: unshare(0xe060600) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xf, 0x4, 0x8, 0x101}, 0x48) bpf$BPF_GET_MAP_INFO(0x10, &(0x7f0000000140)={r0, 0x7, 0x0}, 0x10) 19:22:54 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x9, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:22:55 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x7ffff000, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:22:55 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1, 0x5, 0x81, 0x7fff, 0x4, 0xffffffffffffffff, 0x0, '\x00', r2}, 0x48) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1, 0x5, 0x0, 0x7fff, 0x4, 0xffffffffffffffff, 0x0, '\x00', r4}, 0x48) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff}) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r5, &(0x7f00000003c0)="0ff7a507ef2c050b7e701b9dabb8d07b8f31e335f15aea61a90f39cd2caeb63e0071cc0c091cb22a57441ee95e7cac97e01609d8d048cabdf565a11884bb706d55c358683c4fb864bd1a455c657c00685324d5bdfb2850e3c42835cfd594ba87a73e09e060a748b900aa62ee57a0c9b41132b190453d2452a509fb93aea330b152b67fe1b2e3438bbf6861de54c070e409ed2b3577421a5b0d60354c0c3144f7a9bab688cb3706741b8a48dd41e009f94d99dacce35598b023e0e4731e440e7c6c1da1e198e0fc9c199a8f484415ecc8813bb25f7b28d89166abdfba1f47c8d4c44ef10338d697f9daad6123b9c11ad5aad214cfd5234dcab749e365", &(0x7f00000116c0)=""/4096}, 0x20) socket(0x0, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="2800000010000108000000000054000000000000", @ANYRES32=0x0, @ANYBLOB="0000f69fd5faf00008001b"], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0xc, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) [ 2397.231887][T18448] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:22:55 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r0) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r3, &(0x7f0000000600)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x30, r4, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x1}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x4000088) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="50007c180000ffffff7f0000000004c0b12551bb0a3830aa8b8444f708021100"/54], 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r0) (async) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r3, &(0x7f0000000600)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x30, r4, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x1}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x4000088) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="50007c180000ffffff7f0000000004c0b12551bb0a3830aa8b8444f708021100"/54], 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (async) [ 2397.283970][T18448] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2397.336896][T18455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:22:55 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0xfffffdef, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2397.453415][T18463] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2397.505515][T18466] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2397.557210][T18463] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:22:55 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="50000000080211000001080211000000080211400000000000000000000000006400010000060202020202020108821824"], 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:22:55 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0xe, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2397.835715][T18481] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2397.856062][T18482] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2397.891403][T18483] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2397.910939][T18484] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2397.943360][T18481] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2397.962713][T18482] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2398.128932][T18465] bridge0: port 2(bridge_slave_1) entered disabled state [ 2398.129028][T18465] bridge0: port 1(bridge_slave_0) entered disabled state [ 2398.662571][T18465] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2398.715971][T18465] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2399.146553][T18465] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2399.146598][T18465] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2399.146635][T18465] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2399.146672][T18465] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2399.829226][T18470] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 2399.867952][T18470] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2399.869640][T18470] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2399.871077][T18470] 8021q: adding VLAN 0 to HW filter on device team0 [ 2399.880793][T18470] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2399.924011][ T23] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2400.033505][ T23] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2400.103860][ T23] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2401.123875][T13310] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2401.124044][T13310] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2401.423533][ T23] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2405.283307][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2405.845789][ T1225] ieee802154 phy0 wpan0: encryption failed: -22 [ 2405.845842][ T1225] ieee802154 phy1 wpan1: encryption failed: -22 19:23:06 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000dc0)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001140), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000000800)={0x6c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x38, 0x33, @deauth={@wo_ht={{}, {}, @broadcast, @broadcast}, 0x0, @val={0x8c, 0x18, {0x0, '\x00', @long="00a200"}}}}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x6c}}, 0x0) 19:23:06 executing program 3: r0 = fsopen(&(0x7f0000000000)='cpuset\x00', 0x0) setresuid(0xee01, 0xffffffffffffffff, 0x0) r1 = getuid() setresuid(0x0, r1, 0xee01) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) 19:23:06 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0xf, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:23:06 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="50000000080211000001080211000000080211400000000000000000000000006400010000060202020202020108821824"], 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:23:06 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0xa, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:23:06 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002780)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1f}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xc0}}, 0x0) 19:23:06 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0xf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:23:06 executing program 3: syz_mount_image$affs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='^']) 19:23:06 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="50000000080211000001080211000000080211400000000000000000000000006400010000060202020202020108821824"], 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:23:06 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000080)="580000001400192340838705fe8a8c560a067fbc45ff81054e220080030058000b480400945f64009400050038925a01000000000000008000f0fffeffe809000000fff5dd000000100001000b080800418e00000004fcff", 0x58}], 0x1) [ 2408.580510][T18509] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2408.599475][T18511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2408.651064][T18511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2408.702717][T18511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:23:06 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x25, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:23:06 executing program 3: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x6000}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) [ 2408.767821][T18519] affs: Unrecognized mount option "^" or missing value [ 2408.767837][T18519] affs: Error parsing options [ 2408.791858][T18522] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2414.163377][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! 19:23:25 executing program 2: r0 = socket$inet(0x2, 0x4000000805, 0x0) sendmsg$inet_sctp(r0, &(0x7f00000006c0)={&(0x7f0000000180)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000000)=[{&(0x7f00000001c0)="e2", 0x1}], 0x1, &(0x7f0000000680)=[@dstaddrv4={0x18, 0x84, 0x7, @loopback}], 0x18}, 0x0) 19:23:25 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000000)=@mgmt_frame=@auth={@wo_ht={{}, {}, @broadcast, @broadcast, @initial, {0x0, 0x1}}, 0x0, 0x2, 0x0, @val={0x10, 0x1, 0x6}, [{0xdd, 0x50, "1c1092ccf3953649dea0620289822bc4e59843db8d06b54c0a842264be6a2ee27df7b6a769a73218b9856104e7994c6596f54f3f490e945b300204dd276667a3108119fc366f228960ec495e1da4e79f"}]}, 0x73) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:23:25 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x6000}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) 19:23:25 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x6b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:23:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x60, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:23:25 executing program 3: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x6000}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) 19:23:26 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2428.268190][T18550] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2428.269237][T18552] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:23:26 executing program 2: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000300)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)}], 0x10010, &(0x7f00000004c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0) io_setup(0x202, &(0x7f00000003c0)=0x0) io_submit(r1, 0x1853, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x3a5, 0x2, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}]) [ 2428.324279][T18555] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2428.331146][T18550] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2428.376792][T18552] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2428.382977][T18550] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:23:26 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x2, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2428.477465][T18561] FAT-fs (loop2): bogus number of reserved sectors [ 2428.477487][T18561] FAT-fs (loop2): Can't find a valid FAT filesystem 19:23:26 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x3, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:23:26 executing program 2: r0 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x200, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000000)) 19:23:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x300, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:23:26 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) (rerun: 64) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async, rerun: 64) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async, rerun: 64) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000000)=@mgmt_frame=@auth={@wo_ht={{}, {}, @broadcast, @broadcast, @initial, {0x0, 0x1}}, 0x0, 0x2, 0x0, @val={0x10, 0x1, 0x6}, [{0xdd, 0x50, "1c1092ccf3953649dea0620289822bc4e59843db8d06b54c0a842264be6a2ee27df7b6a769a73218b9856104e7994c6596f54f3f490e945b300204dd276667a3108119fc366f228960ec495e1da4e79f"}]}, 0x73) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:23:26 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x4, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2428.850472][T18573] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2428.882984][T18575] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2428.907316][T18581] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2428.961349][T18573] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2431.444325][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! 19:23:34 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x6000}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) 19:23:34 executing program 2: r0 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x200, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000000)) 19:23:34 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x5, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:23:34 executing program 3: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x6000}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) 19:23:34 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async, rerun: 32) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async, rerun: 32) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000000)=@mgmt_frame=@auth={@wo_ht={{}, {}, @broadcast, @broadcast, @initial, {0x0, 0x1}}, 0x0, 0x2, 0x0, @val={0x10, 0x1, 0x6}, [{0xdd, 0x50, "1c1092ccf3953649dea0620289822bc4e59843db8d06b54c0a842264be6a2ee27df7b6a769a73218b9856104e7994c6596f54f3f490e945b300204dd276667a3108119fc366f228960ec495e1da4e79f"}]}, 0x73) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:23:34 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x500, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:23:34 executing program 2: r0 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x200, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000000)) [ 2436.967587][T18592] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:23:34 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x6, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:23:34 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) setpgid(0x0, 0x0) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2437.020981][T18592] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2437.072522][T18592] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:23:34 executing program 2: r0 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x200, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000000)) 19:23:35 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x7, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2437.274276][T18608] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:23:35 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x600, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2437.328013][T18611] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2437.379177][T18608] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2437.493849][T18615] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2437.547663][T18615] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2437.599494][T18615] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:23:46 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x6000}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) 19:23:46 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x8, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:23:46 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000004c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_PROBE_CLIENT(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) 19:23:46 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async, rerun: 64) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async, rerun: 64) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async, rerun: 64) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async, rerun: 64) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async, rerun: 64) setpgid(0x0, 0x0) (rerun: 64) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:23:46 executing program 3: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x6000}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) 19:23:46 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x700, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:23:46 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x9, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:23:46 executing program 2: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) getsockopt$rose(r0, 0x104, 0x4, 0x0, &(0x7f00000001c0)) 19:23:46 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async, rerun: 64) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (rerun: 64) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async, rerun: 32) setpgid(0x0, 0x0) (async, rerun: 32) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2448.365640][T18625] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2448.418419][T18635] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2448.474592][T18635] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:23:46 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0xc, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:23:46 executing program 2: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) getsockopt$rose(r0, 0x104, 0x4, 0x0, &(0x7f00000001c0)) [ 2448.534184][ T28] audit: type=1400 audit(1655061826.291:885): avc: denied { getopt } for pid=18637 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 19:23:46 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0xe, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2464.083382][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2467.285290][ T1225] ieee802154 phy0 wpan0: encryption failed: -22 [ 2467.285322][ T1225] ieee802154 phy1 wpan1: encryption failed: -22 19:24:05 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x900, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:24:05 executing program 2: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) getsockopt$rose(r0, 0x104, 0x4, 0x0, &(0x7f00000001c0)) 19:24:05 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, &(0x7f0000000180)=[{0x0}], 0x1) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, @mcast2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x20, 0x5218af3e5c9494b0, 0x3f}}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r5) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r4, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x80, r6, 0x100, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x65}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x16}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x19}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x51}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x54}]}, 0x80}, 0x1, 0x0, 0x0, 0x8011}, 0x4040000) sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000800)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000940)={0x680, r6, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9c1, 0x79}}}}, [@NL80211_ATTR_BEACON_TAIL={0x33b, 0xf, [@dsss={0x3, 0x1, 0xa}, @peer_mgmt={0x75, 0x14, {0x1, 0x7, @void, @void, @val="425397a56ed0fc8846bdf15a059f9bf7"}}, @gcr_ga={0xbd, 0x6, @broadcast}, @fast_bss_trans={0x37, 0x77, {0x9, 0x2, "c7421d6a31f0d3e80ed2182e941928c6", "ee20ba33479f399675c864fc94b40619e8a3aaa485d565e3ee40bfa98e07c46b", "120bf4750865ef2ff64f3a575db2fd58031f736eb91b6e7b18701b4c2a31f1e7", [{0x3, 0x1a, "9e89a114dfb18d7bea8f7e1ffb3c6b3418612fd769a6c58c9437"}, {0x2, 0x7, "5c0cf5f1d46bc4"}]}}, @perr={0x84, 0xe8, {0x3f, 0xe, [@not_ext={{}, @device_b, 0xe9, "", 0x8}, @not_ext={{}, @device_b, 0x0, "", 0x16}, @not_ext={{}, @device_b, 0x7, "", 0x26}, @not_ext={{}, @broadcast, 0x4a02, "", 0x1}, @ext={{}, @device_a, 0x3, @broadcast, 0x32}, @ext={{}, @device_b, 0x10000, @device_b, 0x36}, @ext={{}, @device_b, 0x1, @device_b, 0x12}, @ext={{}, @device_a, 0x6, @device_a, 0x4}, @ext={{}, @device_a, 0x100, @device_a, 0x2c}, @ext={{}, @device_a, 0x2, @device_b, 0x11}, @ext={{}, @device_a, 0xff, @device_a, 0x29}, @not_ext={{}, @broadcast, 0x0, "", 0x2d}, @ext={{}, @broadcast, 0xeb, @broadcast, 0x2c}, @not_ext={{}, @broadcast, 0x2, "", 0x21}]}}, @random_vendor={0xdd, 0xcb, "b824b29c966f7d78c40cf0f1ba400a2c2737fead014eea7e326d94d7fa738ca866b013ee88baeeb0205581ed396317a8033eb81e12f7ae261af3566fedfcfd2cad050ee70ba64cd77c8d3662d80a6d8551390cedb8d275aa4d567dcdbb362089ccf99401579251284b94e7e1673a5da47266702fa36e844c74d795383a3208c9e19a0cf19167b38bf901118fcb5a403579c5bd0a71c011a22ddd77f283ee6882d359603df9ba290c0a5b2d0be024ac64a37108b1431463f9c41da4cc1e765845b660ee6fcd51f264d23528"}, @mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0xa, 0x20}}, @tim={0x5, 0xd0, {0x40, 0x7b, 0xb9, "760a49f4d9b379e642a679c5716937a8635f7cbdae879fc1da44deca6b5878513435327ab44da727223af589470f0f56f25dfc347a90348e5adb576e9d59688ad9992b54ac7532ddc7f74a90933dcd044bd7ecb7cc5b29bc9a81f57f41ab82ca1db9d29c9215a0da2d8984279d1703804bfb391e88689690895b761b1df14d65e20aabe48b22789b82da95c6addf022d04327e9bd2a98e523a0788f819b1270434c18f7d3abb9c1e8e4d30cec0d23bcda5a861f5ed7e67f0e1ac26dc2fba211fcf369f05d18d4edfe4c1c523f9"}}, @sec_chan_ofs={0x3e, 0x1}, @gcr_ga={0xbd, 0x6}]}, @NL80211_ATTR_IE={0x23a, 0x2a, [@tim={0x5, 0xdd, {0x1, 0x5f, 0x8f, "f03505deab38e5dd71b9134b8562111caaea49da8e01da61663e2a04114b901575ab3fe32479d90b1bef465d496133b4f2fdc3f0254498b3988a4b57b4e5efcfd75ae034e440d38c9f1b484250fb16109e1aa1485941f671c7eb161d757aca536c5ed99d6adc74f8987b116f3b9822d15f4374c2dad0890ab06df1cbd84b0af336b33a18df924c9b7cd5c431f7d7bae9351bb4169b9e71671d67f56eda9c44e2b5521173b2a87093673b582c58aad1eeb4bc5c7587e73c5e1b4942fdbbeb1528c9dadf2e038ebef09e520c461362dee294fdb66001fdd23e8d90"}}, @mesh_id={0x72, 0x6}, @mic={0x8c, 0x10, {0x27, "85359bbf0068", @short="8b3b59d03b184c8d"}}, @tim={0x5, 0x5a, {0x6, 0x58, 0x4, "9f574fd134487abb3f99a7b32f631de681adba64e7c3b756c6962f76a4b12b8bc87fb17e0ab034bd4265249937de35c1417cd5365108776fcd742b52b6064f443e93224dee52a1ef0961192d6d5170b4edf0944cce3375"}}, @sec_chan_ofs={0x3e, 0x1, 0x1}, @peer_mgmt={0x75, 0x16, {0x1, 0xc0c, @val=0xffff, @void, @val="e643000d7e85a8845b613a1a88d6e28c"}}, @supported_rates={0x1, 0x3, [{0x4, 0x1}, {0x6c, 0x1}, {0x1b, 0x1}]}, @random_vendor={0xdd, 0xbf, "085c772f9789ba10e5181009ddbba0c6cc0d1a75beb1bade7bb95b8c13e58eb6568d910f9cfd6bfc9447e95c73ed5b7edd1f952ddc448d1bbea289ee32b5e06537c9c333e793833a95de7660593332feb4c8cd456adf16e4415a0a629447bfa30784fd47b944bfb3af6a9debbf84e2ea853cb6b74dbf357411963b875b536f36d51d91f6214f8872b0a4bb61f68951c606e3173c7fce0d29acd2378931940f4a8902c7f1511282f4304c27ee3f8ae6809cf616fe0c3f37170d03d340cf8ac8"}]}, @NL80211_ATTR_IE_PROBE_RESP={0xaa, 0x7f, [@tim={0x5, 0xa4, {0x3f, 0xc9, 0xa1, "7b35d246dec05f9a28efdd55e088b840a20ea627f12ace35163a657109060ea98567e8becb1b9445fa11c733f867c7efcbb0a28b7c381444f59a00f6cc2fd3c0e899148d299191a5582569f565f5f75a4ca82890bb53e84d644cf8d11820132fe55bc4915551ecb7bbda0f91979e8f704bfa819af139918f7495219c50dfb01dc5b2bf747d74fb70b4e36e34baf51245e8c853339accea1be7db2a4e427513b167"}}]}, @NL80211_ATTR_BEACON_TAIL={0x34, 0xf, [@ht={0x2d, 0x1a, {0x300, 0x2, 0x3, 0x0, {0x10001, 0x7, 0x0, 0x4, 0x0, 0x1, 0x1, 0x2}, 0x800, 0x101, 0x6}}, @link_id={0x65, 0x12, {@initial, @device_b, @broadcast}}]}]}, 0x680}, 0x1, 0x0, 0x0, 0x40000c0}, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x50, r6, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$NL80211_CMD_GET_WIPHY(r3, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000040)={0x28, r6, 0xe1b5d4f54e9aad05, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x31}, @void, @val={0xc, 0x99, {0x10001, 0x76}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x40001) socket(0x1d, 0x4, 0xff) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="44000000bdfbeb7c1e621accb2b5106f3ec5d1a949dcd1e4daebec2be3cfcbb4c50e96b6c324c07e5cd324b583f83c7c3103c0b2081b82d9113d113265d7b475a36c72835eb960ad2832b697ef65dae5507593fbe8054161d04da903760670b33f9552c0806dd31033afda1239c39d9aebcd5cce5a1e093b190a0cde3cf1fc0dd7362b5a5d722b895f19c5974b9c066ef3e215f5b0da82295da07069f1a8e5a14f06289847dd05574047ec00ea92e6673ec7eee0ae933bafd7155ff0393c3e4cde0b625a5a7d391d4f", @ANYRES16=r1, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r2, @ANYBLOB="0a00340002020202020200000a00060008021100000000000800350000000000080026006c090000"], 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:24:05 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0xf, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:24:05 executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x91, &(0x7f0000000000)=""/145, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200001b00000000000000b296ffff850000004100000095000000000000003af1f53778422dccc1c3e37fb12b70db936e68baa62f65a7762b5ed9fef666387df316ddb9043b838619eb042c01005e94778ec365075dd75aaaa969f99760a84a18cb0534ba5f8ac021babe00f7e9d8af4c5b4692af9e5e983e8f8ff0d856"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r1, 0xffff1f00, 0x0, 0xd, 0x0, 0x0, 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 19:24:05 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xd, 0x28011, r0, 0x0) ftruncate(r0, 0x2f00) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x16) 19:24:05 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x60, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:24:05 executing program 2: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) getsockopt$rose(r0, 0x104, 0x4, 0x0, &(0x7f00000001c0)) 19:24:05 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000580)={0x0, 0x20c7}) [ 2467.469807][T18666] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18666 comm=syz-executor.5 [ 2467.485104][T18667] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2467.489667][T18666] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2467.493804][T18666] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2467.496999][T18664] Driver unsupported XDP return value 0 on prog (id 244) dev N/A, expect packet loss! [ 2467.536813][T18667] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2467.545627][T18666] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:24:05 executing program 2: openat$tun(0xffffffffffffff9c, &(0x7f0000001f80), 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) pipe2$9p(&(0x7f0000000180), 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) unshare(0x40400) pselect6(0x40, &(0x7f0000000240), 0x0, &(0x7f0000000040)={0x1ff}, &(0x7f00000001c0), 0x0) 19:24:05 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x300, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2467.598617][T18669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:24:05 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000580)={0x0, 0x20c7}) 19:24:05 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000580)={0x0, 0x20c7}) 19:24:05 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0xe00, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:24:05 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, &(0x7f0000000180)=[{0x0}], 0x1) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, @mcast2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x20, 0x5218af3e5c9494b0, 0x3f}}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r5) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r4, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x80, r6, 0x100, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x65}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x16}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x19}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x51}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x54}]}, 0x80}, 0x1, 0x0, 0x0, 0x8011}, 0x4040000) sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000800)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000940)={0x680, r6, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9c1, 0x79}}}}, [@NL80211_ATTR_BEACON_TAIL={0x33b, 0xf, [@dsss={0x3, 0x1, 0xa}, @peer_mgmt={0x75, 0x14, {0x1, 0x7, @void, @void, @val="425397a56ed0fc8846bdf15a059f9bf7"}}, @gcr_ga={0xbd, 0x6, @broadcast}, @fast_bss_trans={0x37, 0x77, {0x9, 0x2, "c7421d6a31f0d3e80ed2182e941928c6", "ee20ba33479f399675c864fc94b40619e8a3aaa485d565e3ee40bfa98e07c46b", "120bf4750865ef2ff64f3a575db2fd58031f736eb91b6e7b18701b4c2a31f1e7", [{0x3, 0x1a, "9e89a114dfb18d7bea8f7e1ffb3c6b3418612fd769a6c58c9437"}, {0x2, 0x7, "5c0cf5f1d46bc4"}]}}, @perr={0x84, 0xe8, {0x3f, 0xe, [@not_ext={{}, @device_b, 0xe9, "", 0x8}, @not_ext={{}, @device_b, 0x0, "", 0x16}, @not_ext={{}, @device_b, 0x7, "", 0x26}, @not_ext={{}, @broadcast, 0x4a02, "", 0x1}, @ext={{}, @device_a, 0x3, @broadcast, 0x32}, @ext={{}, @device_b, 0x10000, @device_b, 0x36}, @ext={{}, @device_b, 0x1, @device_b, 0x12}, @ext={{}, @device_a, 0x6, @device_a, 0x4}, @ext={{}, @device_a, 0x100, @device_a, 0x2c}, @ext={{}, @device_a, 0x2, @device_b, 0x11}, @ext={{}, @device_a, 0xff, @device_a, 0x29}, @not_ext={{}, @broadcast, 0x0, "", 0x2d}, @ext={{}, @broadcast, 0xeb, @broadcast, 0x2c}, @not_ext={{}, @broadcast, 0x2, "", 0x21}]}}, @random_vendor={0xdd, 0xcb, "b824b29c966f7d78c40cf0f1ba400a2c2737fead014eea7e326d94d7fa738ca866b013ee88baeeb0205581ed396317a8033eb81e12f7ae261af3566fedfcfd2cad050ee70ba64cd77c8d3662d80a6d8551390cedb8d275aa4d567dcdbb362089ccf99401579251284b94e7e1673a5da47266702fa36e844c74d795383a3208c9e19a0cf19167b38bf901118fcb5a403579c5bd0a71c011a22ddd77f283ee6882d359603df9ba290c0a5b2d0be024ac64a37108b1431463f9c41da4cc1e765845b660ee6fcd51f264d23528"}, @mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0xa, 0x20}}, @tim={0x5, 0xd0, {0x40, 0x7b, 0xb9, "760a49f4d9b379e642a679c5716937a8635f7cbdae879fc1da44deca6b5878513435327ab44da727223af589470f0f56f25dfc347a90348e5adb576e9d59688ad9992b54ac7532ddc7f74a90933dcd044bd7ecb7cc5b29bc9a81f57f41ab82ca1db9d29c9215a0da2d8984279d1703804bfb391e88689690895b761b1df14d65e20aabe48b22789b82da95c6addf022d04327e9bd2a98e523a0788f819b1270434c18f7d3abb9c1e8e4d30cec0d23bcda5a861f5ed7e67f0e1ac26dc2fba211fcf369f05d18d4edfe4c1c523f9"}}, @sec_chan_ofs={0x3e, 0x1}, @gcr_ga={0xbd, 0x6}]}, @NL80211_ATTR_IE={0x23a, 0x2a, [@tim={0x5, 0xdd, {0x1, 0x5f, 0x8f, "f03505deab38e5dd71b9134b8562111caaea49da8e01da61663e2a04114b901575ab3fe32479d90b1bef465d496133b4f2fdc3f0254498b3988a4b57b4e5efcfd75ae034e440d38c9f1b484250fb16109e1aa1485941f671c7eb161d757aca536c5ed99d6adc74f8987b116f3b9822d15f4374c2dad0890ab06df1cbd84b0af336b33a18df924c9b7cd5c431f7d7bae9351bb4169b9e71671d67f56eda9c44e2b5521173b2a87093673b582c58aad1eeb4bc5c7587e73c5e1b4942fdbbeb1528c9dadf2e038ebef09e520c461362dee294fdb66001fdd23e8d90"}}, @mesh_id={0x72, 0x6}, @mic={0x8c, 0x10, {0x27, "85359bbf0068", @short="8b3b59d03b184c8d"}}, @tim={0x5, 0x5a, {0x6, 0x58, 0x4, "9f574fd134487abb3f99a7b32f631de681adba64e7c3b756c6962f76a4b12b8bc87fb17e0ab034bd4265249937de35c1417cd5365108776fcd742b52b6064f443e93224dee52a1ef0961192d6d5170b4edf0944cce3375"}}, @sec_chan_ofs={0x3e, 0x1, 0x1}, @peer_mgmt={0x75, 0x16, {0x1, 0xc0c, @val=0xffff, @void, @val="e643000d7e85a8845b613a1a88d6e28c"}}, @supported_rates={0x1, 0x3, [{0x4, 0x1}, {0x6c, 0x1}, {0x1b, 0x1}]}, @random_vendor={0xdd, 0xbf, "085c772f9789ba10e5181009ddbba0c6cc0d1a75beb1bade7bb95b8c13e58eb6568d910f9cfd6bfc9447e95c73ed5b7edd1f952ddc448d1bbea289ee32b5e06537c9c333e793833a95de7660593332feb4c8cd456adf16e4415a0a629447bfa30784fd47b944bfb3af6a9debbf84e2ea853cb6b74dbf357411963b875b536f36d51d91f6214f8872b0a4bb61f68951c606e3173c7fce0d29acd2378931940f4a8902c7f1511282f4304c27ee3f8ae6809cf616fe0c3f37170d03d340cf8ac8"}]}, @NL80211_ATTR_IE_PROBE_RESP={0xaa, 0x7f, [@tim={0x5, 0xa4, {0x3f, 0xc9, 0xa1, "7b35d246dec05f9a28efdd55e088b840a20ea627f12ace35163a657109060ea98567e8becb1b9445fa11c733f867c7efcbb0a28b7c381444f59a00f6cc2fd3c0e899148d299191a5582569f565f5f75a4ca82890bb53e84d644cf8d11820132fe55bc4915551ecb7bbda0f91979e8f704bfa819af139918f7495219c50dfb01dc5b2bf747d74fb70b4e36e34baf51245e8c853339accea1be7db2a4e427513b167"}}]}, @NL80211_ATTR_BEACON_TAIL={0x34, 0xf, [@ht={0x2d, 0x1a, {0x300, 0x2, 0x3, 0x0, {0x10001, 0x7, 0x0, 0x4, 0x0, 0x1, 0x1, 0x2}, 0x800, 0x101, 0x6}}, @link_id={0x65, 0x12, {@initial, @device_b, @broadcast}}]}]}, 0x680}, 0x1, 0x0, 0x0, 0x40000c0}, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x50, r6, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$NL80211_CMD_GET_WIPHY(r3, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000040)={0x28, r6, 0xe1b5d4f54e9aad05, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x31}, @void, @val={0xc, 0x99, {0x10001, 0x76}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x40001) socket(0x1d, 0x4, 0xff) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="44000000bdfbeb7c1e621accb2b5106f3ec5d1a949dcd1e4daebec2be3cfcbb4c50e96b6c324c07e5cd324b583f83c7c3103c0b2081b82d9113d113265d7b475a36c72835eb960ad2832b697ef65dae5507593fbe8054161d04da903760670b33f9552c0806dd31033afda1239c39d9aebcd5cce5a1e093b190a0cde3cf1fc0dd7362b5a5d722b895f19c5974b9c066ef3e215f5b0da82295da07069f1a8e5a14f06289847dd05574047ec00ea92e6673ec7eee0ae933bafd7155ff0393c3e4cde0b625a5a7d391d4f", @ANYRES16=r1, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r2, @ANYBLOB="0a00340002020202020200000a00060008021100000000000800350000000000080026006c090000"], 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) socket$netlink(0x10, 0x3, 0x0) (async) writev(r3, &(0x7f0000000180)=[{0x0}], 0x1) (async) pipe(&(0x7f0000000440)) (async) socket(0x10, 0x3, 0x0) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, @mcast2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x20, 0x5218af3e5c9494b0, 0x3f}}) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r5) (async) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r4, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x80, r6, 0x100, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x65}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x16}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x19}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x51}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x54}]}, 0x80}, 0x1, 0x0, 0x0, 0x8011}, 0x4040000) (async) sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000800)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000940)={0x680, r6, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9c1, 0x79}}}}, [@NL80211_ATTR_BEACON_TAIL={0x33b, 0xf, [@dsss={0x3, 0x1, 0xa}, @peer_mgmt={0x75, 0x14, {0x1, 0x7, @void, @void, @val="425397a56ed0fc8846bdf15a059f9bf7"}}, @gcr_ga={0xbd, 0x6, @broadcast}, @fast_bss_trans={0x37, 0x77, {0x9, 0x2, "c7421d6a31f0d3e80ed2182e941928c6", "ee20ba33479f399675c864fc94b40619e8a3aaa485d565e3ee40bfa98e07c46b", "120bf4750865ef2ff64f3a575db2fd58031f736eb91b6e7b18701b4c2a31f1e7", [{0x3, 0x1a, "9e89a114dfb18d7bea8f7e1ffb3c6b3418612fd769a6c58c9437"}, {0x2, 0x7, "5c0cf5f1d46bc4"}]}}, @perr={0x84, 0xe8, {0x3f, 0xe, [@not_ext={{}, @device_b, 0xe9, "", 0x8}, @not_ext={{}, @device_b, 0x0, "", 0x16}, @not_ext={{}, @device_b, 0x7, "", 0x26}, @not_ext={{}, @broadcast, 0x4a02, "", 0x1}, @ext={{}, @device_a, 0x3, @broadcast, 0x32}, @ext={{}, @device_b, 0x10000, @device_b, 0x36}, @ext={{}, @device_b, 0x1, @device_b, 0x12}, @ext={{}, @device_a, 0x6, @device_a, 0x4}, @ext={{}, @device_a, 0x100, @device_a, 0x2c}, @ext={{}, @device_a, 0x2, @device_b, 0x11}, @ext={{}, @device_a, 0xff, @device_a, 0x29}, @not_ext={{}, @broadcast, 0x0, "", 0x2d}, @ext={{}, @broadcast, 0xeb, @broadcast, 0x2c}, @not_ext={{}, @broadcast, 0x2, "", 0x21}]}}, @random_vendor={0xdd, 0xcb, "b824b29c966f7d78c40cf0f1ba400a2c2737fead014eea7e326d94d7fa738ca866b013ee88baeeb0205581ed396317a8033eb81e12f7ae261af3566fedfcfd2cad050ee70ba64cd77c8d3662d80a6d8551390cedb8d275aa4d567dcdbb362089ccf99401579251284b94e7e1673a5da47266702fa36e844c74d795383a3208c9e19a0cf19167b38bf901118fcb5a403579c5bd0a71c011a22ddd77f283ee6882d359603df9ba290c0a5b2d0be024ac64a37108b1431463f9c41da4cc1e765845b660ee6fcd51f264d23528"}, @mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0xa, 0x20}}, @tim={0x5, 0xd0, {0x40, 0x7b, 0xb9, "760a49f4d9b379e642a679c5716937a8635f7cbdae879fc1da44deca6b5878513435327ab44da727223af589470f0f56f25dfc347a90348e5adb576e9d59688ad9992b54ac7532ddc7f74a90933dcd044bd7ecb7cc5b29bc9a81f57f41ab82ca1db9d29c9215a0da2d8984279d1703804bfb391e88689690895b761b1df14d65e20aabe48b22789b82da95c6addf022d04327e9bd2a98e523a0788f819b1270434c18f7d3abb9c1e8e4d30cec0d23bcda5a861f5ed7e67f0e1ac26dc2fba211fcf369f05d18d4edfe4c1c523f9"}}, @sec_chan_ofs={0x3e, 0x1}, @gcr_ga={0xbd, 0x6}]}, @NL80211_ATTR_IE={0x23a, 0x2a, [@tim={0x5, 0xdd, {0x1, 0x5f, 0x8f, "f03505deab38e5dd71b9134b8562111caaea49da8e01da61663e2a04114b901575ab3fe32479d90b1bef465d496133b4f2fdc3f0254498b3988a4b57b4e5efcfd75ae034e440d38c9f1b484250fb16109e1aa1485941f671c7eb161d757aca536c5ed99d6adc74f8987b116f3b9822d15f4374c2dad0890ab06df1cbd84b0af336b33a18df924c9b7cd5c431f7d7bae9351bb4169b9e71671d67f56eda9c44e2b5521173b2a87093673b582c58aad1eeb4bc5c7587e73c5e1b4942fdbbeb1528c9dadf2e038ebef09e520c461362dee294fdb66001fdd23e8d90"}}, @mesh_id={0x72, 0x6}, @mic={0x8c, 0x10, {0x27, "85359bbf0068", @short="8b3b59d03b184c8d"}}, @tim={0x5, 0x5a, {0x6, 0x58, 0x4, "9f574fd134487abb3f99a7b32f631de681adba64e7c3b756c6962f76a4b12b8bc87fb17e0ab034bd4265249937de35c1417cd5365108776fcd742b52b6064f443e93224dee52a1ef0961192d6d5170b4edf0944cce3375"}}, @sec_chan_ofs={0x3e, 0x1, 0x1}, @peer_mgmt={0x75, 0x16, {0x1, 0xc0c, @val=0xffff, @void, @val="e643000d7e85a8845b613a1a88d6e28c"}}, @supported_rates={0x1, 0x3, [{0x4, 0x1}, {0x6c, 0x1}, {0x1b, 0x1}]}, @random_vendor={0xdd, 0xbf, "085c772f9789ba10e5181009ddbba0c6cc0d1a75beb1bade7bb95b8c13e58eb6568d910f9cfd6bfc9447e95c73ed5b7edd1f952ddc448d1bbea289ee32b5e06537c9c333e793833a95de7660593332feb4c8cd456adf16e4415a0a629447bfa30784fd47b944bfb3af6a9debbf84e2ea853cb6b74dbf357411963b875b536f36d51d91f6214f8872b0a4bb61f68951c606e3173c7fce0d29acd2378931940f4a8902c7f1511282f4304c27ee3f8ae6809cf616fe0c3f37170d03d340cf8ac8"}]}, @NL80211_ATTR_IE_PROBE_RESP={0xaa, 0x7f, [@tim={0x5, 0xa4, {0x3f, 0xc9, 0xa1, "7b35d246dec05f9a28efdd55e088b840a20ea627f12ace35163a657109060ea98567e8becb1b9445fa11c733f867c7efcbb0a28b7c381444f59a00f6cc2fd3c0e899148d299191a5582569f565f5f75a4ca82890bb53e84d644cf8d11820132fe55bc4915551ecb7bbda0f91979e8f704bfa819af139918f7495219c50dfb01dc5b2bf747d74fb70b4e36e34baf51245e8c853339accea1be7db2a4e427513b167"}}]}, @NL80211_ATTR_BEACON_TAIL={0x34, 0xf, [@ht={0x2d, 0x1a, {0x300, 0x2, 0x3, 0x0, {0x10001, 0x7, 0x0, 0x4, 0x0, 0x1, 0x1, 0x2}, 0x800, 0x101, 0x6}}, @link_id={0x65, 0x12, {@initial, @device_b, @broadcast}}]}]}, 0x680}, 0x1, 0x0, 0x0, 0x40000c0}, 0x0) (async) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x50, r6, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) (async) sendmsg$NL80211_CMD_GET_WIPHY(r3, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000040)={0x28, r6, 0xe1b5d4f54e9aad05, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x31}, @void, @val={0xc, 0x99, {0x10001, 0x76}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x40001) (async) socket(0x1d, 0x4, 0xff) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="44000000bdfbeb7c1e621accb2b5106f3ec5d1a949dcd1e4daebec2be3cfcbb4c50e96b6c324c07e5cd324b583f83c7c3103c0b2081b82d9113d113265d7b475a36c72835eb960ad2832b697ef65dae5507593fbe8054161d04da903760670b33f9552c0806dd31033afda1239c39d9aebcd5cce5a1e093b190a0cde3cf1fc0dd7362b5a5d722b895f19c5974b9c066ef3e215f5b0da82295da07069f1a8e5a14f06289847dd05574047ec00ea92e6673ec7eee0ae933bafd7155ff0393c3e4cde0b625a5a7d391d4f", @ANYRES16=r1, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r2, @ANYBLOB="0a00340002020202020200000a00060008021100000000000800350000000000080026006c090000"], 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (async) 19:24:05 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x500, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:24:05 executing program 2: openat$tun(0xffffffffffffff9c, &(0x7f0000001f80), 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) pipe2$9p(&(0x7f0000000180), 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) unshare(0x40400) pselect6(0x40, &(0x7f0000000240), 0x0, &(0x7f0000000040)={0x1ff}, &(0x7f00000001c0), 0x0) [ 2468.037955][T18688] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18688 comm=syz-executor.5 [ 2468.040351][T18688] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2468.042216][T18688] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2468.093894][T18688] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2468.139615][T18706] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2468.191143][T18706] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2468.242904][T18706] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:24:13 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xd, 0x28011, r0, 0x0) ftruncate(r0, 0x2f00) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x16) 19:24:13 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000580)={0x0, 0x20c7}) 19:24:13 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x600, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:24:13 executing program 2: openat$tun(0xffffffffffffff9c, &(0x7f0000001f80), 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) pipe2$9p(&(0x7f0000000180), 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) unshare(0x40400) pselect6(0x40, &(0x7f0000000240), 0x0, &(0x7f0000000040)={0x1ff}, &(0x7f00000001c0), 0x0) 19:24:13 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, &(0x7f0000000180)=[{0x0}], 0x1) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, @mcast2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x20, 0x5218af3e5c9494b0, 0x3f}}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r5) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r4, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x80, r6, 0x100, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x65}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x16}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x19}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x51}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x54}]}, 0x80}, 0x1, 0x0, 0x0, 0x8011}, 0x4040000) sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000800)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000940)={0x680, r6, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9c1, 0x79}}}}, [@NL80211_ATTR_BEACON_TAIL={0x33b, 0xf, [@dsss={0x3, 0x1, 0xa}, @peer_mgmt={0x75, 0x14, {0x1, 0x7, @void, @void, @val="425397a56ed0fc8846bdf15a059f9bf7"}}, @gcr_ga={0xbd, 0x6, @broadcast}, @fast_bss_trans={0x37, 0x77, {0x9, 0x2, "c7421d6a31f0d3e80ed2182e941928c6", "ee20ba33479f399675c864fc94b40619e8a3aaa485d565e3ee40bfa98e07c46b", "120bf4750865ef2ff64f3a575db2fd58031f736eb91b6e7b18701b4c2a31f1e7", [{0x3, 0x1a, "9e89a114dfb18d7bea8f7e1ffb3c6b3418612fd769a6c58c9437"}, {0x2, 0x7, "5c0cf5f1d46bc4"}]}}, @perr={0x84, 0xe8, {0x3f, 0xe, [@not_ext={{}, @device_b, 0xe9, "", 0x8}, @not_ext={{}, @device_b, 0x0, "", 0x16}, @not_ext={{}, @device_b, 0x7, "", 0x26}, @not_ext={{}, @broadcast, 0x4a02, "", 0x1}, @ext={{}, @device_a, 0x3, @broadcast, 0x32}, @ext={{}, @device_b, 0x10000, @device_b, 0x36}, @ext={{}, @device_b, 0x1, @device_b, 0x12}, @ext={{}, @device_a, 0x6, @device_a, 0x4}, @ext={{}, @device_a, 0x100, @device_a, 0x2c}, @ext={{}, @device_a, 0x2, @device_b, 0x11}, @ext={{}, @device_a, 0xff, @device_a, 0x29}, @not_ext={{}, @broadcast, 0x0, "", 0x2d}, @ext={{}, @broadcast, 0xeb, @broadcast, 0x2c}, @not_ext={{}, @broadcast, 0x2, "", 0x21}]}}, @random_vendor={0xdd, 0xcb, "b824b29c966f7d78c40cf0f1ba400a2c2737fead014eea7e326d94d7fa738ca866b013ee88baeeb0205581ed396317a8033eb81e12f7ae261af3566fedfcfd2cad050ee70ba64cd77c8d3662d80a6d8551390cedb8d275aa4d567dcdbb362089ccf99401579251284b94e7e1673a5da47266702fa36e844c74d795383a3208c9e19a0cf19167b38bf901118fcb5a403579c5bd0a71c011a22ddd77f283ee6882d359603df9ba290c0a5b2d0be024ac64a37108b1431463f9c41da4cc1e765845b660ee6fcd51f264d23528"}, @mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0xa, 0x20}}, @tim={0x5, 0xd0, {0x40, 0x7b, 0xb9, "760a49f4d9b379e642a679c5716937a8635f7cbdae879fc1da44deca6b5878513435327ab44da727223af589470f0f56f25dfc347a90348e5adb576e9d59688ad9992b54ac7532ddc7f74a90933dcd044bd7ecb7cc5b29bc9a81f57f41ab82ca1db9d29c9215a0da2d8984279d1703804bfb391e88689690895b761b1df14d65e20aabe48b22789b82da95c6addf022d04327e9bd2a98e523a0788f819b1270434c18f7d3abb9c1e8e4d30cec0d23bcda5a861f5ed7e67f0e1ac26dc2fba211fcf369f05d18d4edfe4c1c523f9"}}, @sec_chan_ofs={0x3e, 0x1}, @gcr_ga={0xbd, 0x6}]}, @NL80211_ATTR_IE={0x23a, 0x2a, [@tim={0x5, 0xdd, {0x1, 0x5f, 0x8f, "f03505deab38e5dd71b9134b8562111caaea49da8e01da61663e2a04114b901575ab3fe32479d90b1bef465d496133b4f2fdc3f0254498b3988a4b57b4e5efcfd75ae034e440d38c9f1b484250fb16109e1aa1485941f671c7eb161d757aca536c5ed99d6adc74f8987b116f3b9822d15f4374c2dad0890ab06df1cbd84b0af336b33a18df924c9b7cd5c431f7d7bae9351bb4169b9e71671d67f56eda9c44e2b5521173b2a87093673b582c58aad1eeb4bc5c7587e73c5e1b4942fdbbeb1528c9dadf2e038ebef09e520c461362dee294fdb66001fdd23e8d90"}}, @mesh_id={0x72, 0x6}, @mic={0x8c, 0x10, {0x27, "85359bbf0068", @short="8b3b59d03b184c8d"}}, @tim={0x5, 0x5a, {0x6, 0x58, 0x4, "9f574fd134487abb3f99a7b32f631de681adba64e7c3b756c6962f76a4b12b8bc87fb17e0ab034bd4265249937de35c1417cd5365108776fcd742b52b6064f443e93224dee52a1ef0961192d6d5170b4edf0944cce3375"}}, @sec_chan_ofs={0x3e, 0x1, 0x1}, @peer_mgmt={0x75, 0x16, {0x1, 0xc0c, @val=0xffff, @void, @val="e643000d7e85a8845b613a1a88d6e28c"}}, @supported_rates={0x1, 0x3, [{0x4, 0x1}, {0x6c, 0x1}, {0x1b, 0x1}]}, @random_vendor={0xdd, 0xbf, "085c772f9789ba10e5181009ddbba0c6cc0d1a75beb1bade7bb95b8c13e58eb6568d910f9cfd6bfc9447e95c73ed5b7edd1f952ddc448d1bbea289ee32b5e06537c9c333e793833a95de7660593332feb4c8cd456adf16e4415a0a629447bfa30784fd47b944bfb3af6a9debbf84e2ea853cb6b74dbf357411963b875b536f36d51d91f6214f8872b0a4bb61f68951c606e3173c7fce0d29acd2378931940f4a8902c7f1511282f4304c27ee3f8ae6809cf616fe0c3f37170d03d340cf8ac8"}]}, @NL80211_ATTR_IE_PROBE_RESP={0xaa, 0x7f, [@tim={0x5, 0xa4, {0x3f, 0xc9, 0xa1, "7b35d246dec05f9a28efdd55e088b840a20ea627f12ace35163a657109060ea98567e8becb1b9445fa11c733f867c7efcbb0a28b7c381444f59a00f6cc2fd3c0e899148d299191a5582569f565f5f75a4ca82890bb53e84d644cf8d11820132fe55bc4915551ecb7bbda0f91979e8f704bfa819af139918f7495219c50dfb01dc5b2bf747d74fb70b4e36e34baf51245e8c853339accea1be7db2a4e427513b167"}}]}, @NL80211_ATTR_BEACON_TAIL={0x34, 0xf, [@ht={0x2d, 0x1a, {0x300, 0x2, 0x3, 0x0, {0x10001, 0x7, 0x0, 0x4, 0x0, 0x1, 0x1, 0x2}, 0x800, 0x101, 0x6}}, @link_id={0x65, 0x12, {@initial, @device_b, @broadcast}}]}]}, 0x680}, 0x1, 0x0, 0x0, 0x40000c0}, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x50, r6, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$NL80211_CMD_GET_WIPHY(r3, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000040)={0x28, r6, 0xe1b5d4f54e9aad05, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x31}, @void, @val={0xc, 0x99, {0x10001, 0x76}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x40001) socket(0x1d, 0x4, 0xff) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="44000000bdfbeb7c1e621accb2b5106f3ec5d1a949dcd1e4daebec2be3cfcbb4c50e96b6c324c07e5cd324b583f83c7c3103c0b2081b82d9113d113265d7b475a36c72835eb960ad2832b697ef65dae5507593fbe8054161d04da903760670b33f9552c0806dd31033afda1239c39d9aebcd5cce5a1e093b190a0cde3cf1fc0dd7362b5a5d722b895f19c5974b9c066ef3e215f5b0da82295da07069f1a8e5a14f06289847dd05574047ec00ea92e6673ec7eee0ae933bafd7155ff0393c3e4cde0b625a5a7d391d4f", @ANYRES16=r1, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r2, @ANYBLOB="0a00340002020202020200000a00060008021100000000000800350000000000080026006c090000"], 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) socket$netlink(0x10, 0x3, 0x0) (async) writev(r3, &(0x7f0000000180)=[{0x0}], 0x1) (async) pipe(&(0x7f0000000440)) (async) socket(0x10, 0x3, 0x0) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, @mcast2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x20, 0x5218af3e5c9494b0, 0x3f}}) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r5) (async) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r4, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x80, r6, 0x100, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x65}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x16}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x19}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x51}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x54}]}, 0x80}, 0x1, 0x0, 0x0, 0x8011}, 0x4040000) (async) sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000800)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000940)={0x680, r6, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9c1, 0x79}}}}, [@NL80211_ATTR_BEACON_TAIL={0x33b, 0xf, [@dsss={0x3, 0x1, 0xa}, @peer_mgmt={0x75, 0x14, {0x1, 0x7, @void, @void, @val="425397a56ed0fc8846bdf15a059f9bf7"}}, @gcr_ga={0xbd, 0x6, @broadcast}, @fast_bss_trans={0x37, 0x77, {0x9, 0x2, "c7421d6a31f0d3e80ed2182e941928c6", "ee20ba33479f399675c864fc94b40619e8a3aaa485d565e3ee40bfa98e07c46b", "120bf4750865ef2ff64f3a575db2fd58031f736eb91b6e7b18701b4c2a31f1e7", [{0x3, 0x1a, "9e89a114dfb18d7bea8f7e1ffb3c6b3418612fd769a6c58c9437"}, {0x2, 0x7, "5c0cf5f1d46bc4"}]}}, @perr={0x84, 0xe8, {0x3f, 0xe, [@not_ext={{}, @device_b, 0xe9, "", 0x8}, @not_ext={{}, @device_b, 0x0, "", 0x16}, @not_ext={{}, @device_b, 0x7, "", 0x26}, @not_ext={{}, @broadcast, 0x4a02, "", 0x1}, @ext={{}, @device_a, 0x3, @broadcast, 0x32}, @ext={{}, @device_b, 0x10000, @device_b, 0x36}, @ext={{}, @device_b, 0x1, @device_b, 0x12}, @ext={{}, @device_a, 0x6, @device_a, 0x4}, @ext={{}, @device_a, 0x100, @device_a, 0x2c}, @ext={{}, @device_a, 0x2, @device_b, 0x11}, @ext={{}, @device_a, 0xff, @device_a, 0x29}, @not_ext={{}, @broadcast, 0x0, "", 0x2d}, @ext={{}, @broadcast, 0xeb, @broadcast, 0x2c}, @not_ext={{}, @broadcast, 0x2, "", 0x21}]}}, @random_vendor={0xdd, 0xcb, "b824b29c966f7d78c40cf0f1ba400a2c2737fead014eea7e326d94d7fa738ca866b013ee88baeeb0205581ed396317a8033eb81e12f7ae261af3566fedfcfd2cad050ee70ba64cd77c8d3662d80a6d8551390cedb8d275aa4d567dcdbb362089ccf99401579251284b94e7e1673a5da47266702fa36e844c74d795383a3208c9e19a0cf19167b38bf901118fcb5a403579c5bd0a71c011a22ddd77f283ee6882d359603df9ba290c0a5b2d0be024ac64a37108b1431463f9c41da4cc1e765845b660ee6fcd51f264d23528"}, @mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0xa, 0x20}}, @tim={0x5, 0xd0, {0x40, 0x7b, 0xb9, "760a49f4d9b379e642a679c5716937a8635f7cbdae879fc1da44deca6b5878513435327ab44da727223af589470f0f56f25dfc347a90348e5adb576e9d59688ad9992b54ac7532ddc7f74a90933dcd044bd7ecb7cc5b29bc9a81f57f41ab82ca1db9d29c9215a0da2d8984279d1703804bfb391e88689690895b761b1df14d65e20aabe48b22789b82da95c6addf022d04327e9bd2a98e523a0788f819b1270434c18f7d3abb9c1e8e4d30cec0d23bcda5a861f5ed7e67f0e1ac26dc2fba211fcf369f05d18d4edfe4c1c523f9"}}, @sec_chan_ofs={0x3e, 0x1}, @gcr_ga={0xbd, 0x6}]}, @NL80211_ATTR_IE={0x23a, 0x2a, [@tim={0x5, 0xdd, {0x1, 0x5f, 0x8f, "f03505deab38e5dd71b9134b8562111caaea49da8e01da61663e2a04114b901575ab3fe32479d90b1bef465d496133b4f2fdc3f0254498b3988a4b57b4e5efcfd75ae034e440d38c9f1b484250fb16109e1aa1485941f671c7eb161d757aca536c5ed99d6adc74f8987b116f3b9822d15f4374c2dad0890ab06df1cbd84b0af336b33a18df924c9b7cd5c431f7d7bae9351bb4169b9e71671d67f56eda9c44e2b5521173b2a87093673b582c58aad1eeb4bc5c7587e73c5e1b4942fdbbeb1528c9dadf2e038ebef09e520c461362dee294fdb66001fdd23e8d90"}}, @mesh_id={0x72, 0x6}, @mic={0x8c, 0x10, {0x27, "85359bbf0068", @short="8b3b59d03b184c8d"}}, @tim={0x5, 0x5a, {0x6, 0x58, 0x4, "9f574fd134487abb3f99a7b32f631de681adba64e7c3b756c6962f76a4b12b8bc87fb17e0ab034bd4265249937de35c1417cd5365108776fcd742b52b6064f443e93224dee52a1ef0961192d6d5170b4edf0944cce3375"}}, @sec_chan_ofs={0x3e, 0x1, 0x1}, @peer_mgmt={0x75, 0x16, {0x1, 0xc0c, @val=0xffff, @void, @val="e643000d7e85a8845b613a1a88d6e28c"}}, @supported_rates={0x1, 0x3, [{0x4, 0x1}, {0x6c, 0x1}, {0x1b, 0x1}]}, @random_vendor={0xdd, 0xbf, "085c772f9789ba10e5181009ddbba0c6cc0d1a75beb1bade7bb95b8c13e58eb6568d910f9cfd6bfc9447e95c73ed5b7edd1f952ddc448d1bbea289ee32b5e06537c9c333e793833a95de7660593332feb4c8cd456adf16e4415a0a629447bfa30784fd47b944bfb3af6a9debbf84e2ea853cb6b74dbf357411963b875b536f36d51d91f6214f8872b0a4bb61f68951c606e3173c7fce0d29acd2378931940f4a8902c7f1511282f4304c27ee3f8ae6809cf616fe0c3f37170d03d340cf8ac8"}]}, @NL80211_ATTR_IE_PROBE_RESP={0xaa, 0x7f, [@tim={0x5, 0xa4, {0x3f, 0xc9, 0xa1, "7b35d246dec05f9a28efdd55e088b840a20ea627f12ace35163a657109060ea98567e8becb1b9445fa11c733f867c7efcbb0a28b7c381444f59a00f6cc2fd3c0e899148d299191a5582569f565f5f75a4ca82890bb53e84d644cf8d11820132fe55bc4915551ecb7bbda0f91979e8f704bfa819af139918f7495219c50dfb01dc5b2bf747d74fb70b4e36e34baf51245e8c853339accea1be7db2a4e427513b167"}}]}, @NL80211_ATTR_BEACON_TAIL={0x34, 0xf, [@ht={0x2d, 0x1a, {0x300, 0x2, 0x3, 0x0, {0x10001, 0x7, 0x0, 0x4, 0x0, 0x1, 0x1, 0x2}, 0x800, 0x101, 0x6}}, @link_id={0x65, 0x12, {@initial, @device_b, @broadcast}}]}]}, 0x680}, 0x1, 0x0, 0x0, 0x40000c0}, 0x0) (async) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x50, r6, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) (async) sendmsg$NL80211_CMD_GET_WIPHY(r3, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000040)={0x28, r6, 0xe1b5d4f54e9aad05, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x31}, @void, @val={0xc, 0x99, {0x10001, 0x76}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x40001) (async) socket(0x1d, 0x4, 0xff) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="44000000bdfbeb7c1e621accb2b5106f3ec5d1a949dcd1e4daebec2be3cfcbb4c50e96b6c324c07e5cd324b583f83c7c3103c0b2081b82d9113d113265d7b475a36c72835eb960ad2832b697ef65dae5507593fbe8054161d04da903760670b33f9552c0806dd31033afda1239c39d9aebcd5cce5a1e093b190a0cde3cf1fc0dd7362b5a5d722b895f19c5974b9c066ef3e215f5b0da82295da07069f1a8e5a14f06289847dd05574047ec00ea92e6673ec7eee0ae933bafd7155ff0393c3e4cde0b625a5a7d391d4f", @ANYRES16=r1, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r2, @ANYBLOB="0a00340002020202020200000a00060008021100000000000800350000000000080026006c090000"], 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (async) 19:24:13 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0xf00, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:24:13 executing program 3: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000006ff67"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000008, 0xfb, 0x1, 0x0, 0x20]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:24:13 executing program 2: openat$tun(0xffffffffffffff9c, &(0x7f0000001f80), 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) pipe2$9p(&(0x7f0000000180), 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) unshare(0x40400) pselect6(0x40, &(0x7f0000000240), 0x0, &(0x7f0000000040)={0x1ff}, &(0x7f00000001c0), 0x0) 19:24:13 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x700, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2476.017572][T18717] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2476.039411][T18720] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18720 comm=syz-executor.5 [ 2476.046342][T18720] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2476.060552][T18720] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2476.075585][T18721] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2476.112224][T18720] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:24:13 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x4b0040, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000680)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xf8, 0x0, 0x8, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MESH_SETUP={0xe0, 0x70, [@NL80211_MESH_SETUP_AUTH_PROTOCOL={0x5, 0x8, 0x80}, @NL80211_MESH_SETUP_USERSPACE_AMPE={0x4}, @NL80211_MESH_SETUP_IE={0xce, 0x3, "9281b250d6ef6497070e0a9055937d57b781abb7cd928f2428c5e667ac423030be564715304590e4e235b9af7e5ad5a9d7348a635e70bcd73b2d0e1b8fdfc0e588fb839b92b94502b92901fe2128ef7f5620a45e487ad20e2b742e8c53b1bda7211713dec4b5b7606fdeb43411c16340ee081776baef193dd9825a6b120ec6c1fdb83054fd7fb28224aaf7189c0dc70fef6181a04016f89d95d0e79d1f4d8aede4ea30e6c4ea68c01b8fdc23afdf03b8dd7773749da8f1bb0eacd58e102348b4956290f7d9dfd412b31b"}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0xf8}, 0x1, 0x0, 0x0, 0x8000}, 0x20040887) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000880), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000001d00)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001cc0)={&(0x7f00000008c0)={0x1400, r3, 0x400, 0x70bd2b, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x10001, 0xb}}}}, [@NL80211_ATTR_CSA_IES={0x13b8, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0xe, 0xba, [0xff, 0x5, 0x8, 0x7, 0x6]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x10, 0xbb, [0x6672, 0x8, 0xe57, 0xff, 0x4, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xc, 0xba, [0x7c, 0xfe00, 0xfffc, 0x0]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x9, 0x8000]}, @beacon_params=[@NL80211_ATTR_PROBE_RESP={0x816, 0x91, "1432e53d4d89f053b378baa9eef404341907ce9bff1cfc34dc285b5db0b8b27f1c96d48d5db42decdb6476c9bd3258041d728d50f1b0dec84ffdb9934058161d9a26382c9eccfcdff15ea4b0d2383ec9e1a3e383e09b25a6dde33ce5c122d324908c552e133bed7591c135e9166e1a77eb07e535bc674e77bcdd1b2ffe2a78a28587bf14c75331f3986bfe5e0b24b54c16865b93f18ae0e51b10136989117b6d1222b9d6864eaa6924e8ddf79bd87380b3201c07d35fcb013d0ecb35cee7528264656866e407f6d32fa289d9cea8af767bfec909df6536ccbf9d99d2854f14aa560d1d68685fef620a1056f239fa6a31d0bb4a434c16a269fc43a1442828783698628687fff9cc08d4e8f148fc4b5ac83c65fb798d15b6cdb68063bb6a785f714b94802e71d766701163d4e897f6001427e4cd3c6a3d72e37da6c4e6e0bf0967c16924b2dd5af83985849f4ec5e6b071c7aa65a68d11bf90109fc9fc214c0c44dd54a1015eeb88cfab1aef964fc66b5acca9bb7c084d5aaaca426c887c65d42c965d446002c3530b424606fc8c2caa610130ca20fe987fce99900de29f5454d60bef6fde1c8aa0b4339f4f95fc97a96a2d704e57a4ae557fba23ce654c295cba4a59ff60a76b18f03ff5988210c87c1f32cb582e87b358ac3c2c1db6b53beb231ff3ff8922e931d4ee46b2197724a6296972419913f39225043c82e6c072021c4793ebce4e8176c2336b98615a45376f1a7534c961a0e678a22fd2d8aa61874cab08d03c14f2f45f74accf010d02f12f766a1d03209d422e3ca56b2a2c9ecdd99bf771eb0cf35f61c9ccc66b6b2807705a60ec8f86e91d163d1aeecb4656fcc4a4ace8b3307e657209ca49b7f02581254cabf0a11e5a1f64f80678a04e024587f0a13619313639360f410b2abbd569f19e24ad3611e18ba209fcda4655a24a4487395c69ecfb78712d3d40df1bde1d367aee72507942317e98708410b7d0bb3af6829e61939124e741ef0ce4d467a147c22f8ebcc8f5e3d4cd5a2597ad896b02a6f2df1f82b8a6f0183b8a28db6b8701aa7a87f01302ce4ce401af3c2bf292b84c2248c8e8bd5cb70ee1341dbe34f3b53c639abe2e1982b4d0ffa16648acc79bd582db19d05874161b2c09a18159d8024a7412b0a24bbfb4fc0d7f555021ac483d93d3866210ff4d3e9397a52597d09e95e63abd02af5d5ca46b10ef94e45f9fd2e1e7eb8852f2f1fe2f62ea16a11f392a9f2675c9e74b1bf36d86b32f5096cdbaccda617885cb30c7ccef0f964f176c6cbddda156a31ab6dcd427ece9c43d2a5bc2d68b900a1a1027a94aa02c051412efede0ea7bab8b8811f639612c2822fb8a1bf0d03b0111dd998706d4d6232b88e3b2ffa7aeed3cee2aad78894aa99337a50790917f1b01261bd457b2c457ea6c327112deb802874081251e2a7d2f4292f01a59a47bb4b701ec3496acd4d45cbf299a7aed763e3c16dbdc4680461aef3d0e3cc4412a460ac1aa6981b22fc5ccfa662db162cc2805b14238e3bfdc6c7cf7f64afe3499d31fadfaaf27f67af74b16ba7e2ce67af535038ac179581727b3173180b4883f787190c73ccc6a34cb54791407aa498c6ecb9521d1070c4c9dedca41fbdc3a68bd46c0c8c36f94b5217f0d37d8d0faffbbb307d533f71cae6429b263dda9ea95b605e382a2409315f135978b47515c74ad21572a157490f729cab8bed7a01068e01e95535aae2987ad4d6ea77abd0f2b5a660ae4122854d71caa1c291acb30dde7244c3036d7335fb39a315c523da1720abe0b23f51bac540e9c71a58edaffd93073b47dc10439089b66bc81636ad2e6ad334f7170454e7d900f5342c7fc0d7f9b257e06e8c11be8e762b16c9df88c370e1bd81ccf002e3b9ac772ec464d331b73191deccc61be2a646d27727d3a1237672004afaaec52e90cb09839034615a3d6ac43e4bede388c0bddf07bcc3fe3a2c12c428f68a31517fc6729fcf0207ba20184e6c12b72886524a0383f53ab7f85277243ce4718c0b6626abda00b5e320afe09f29b6dd81cb37e03be989e9bab9af212a94e9292d578749107797333daaf679f1f868dff8a321662f458e54c69f7b4fc1203da0ddd791d7a073b81dc3694f68b2ed6d321bea3ee8917da07bb22d4f79e00215722c1f89cdef6f433ddceac8c1be5b46d9548b269208c5e857955ab65b984aab72330612b96f0d77233a6d4f88acdd778451b71a819f305416eaafbbb894f2c7f720bc47b1f07b8fc2e77a7393436ac7481c4862507f9e4fe240535a2b49a420af6deee6cf75e42cb21b5c7ee690c384657c12746ccd932b3f0bd53e0ec88202b3f24537c48ec2c3f0d6a29ad83d6ac111bd3dae3f6ce57ad52eda4a7b2c71fa4ea4ff4e21b96823d884453a5d56df2f63d93b70279243bcdf1d828400294b314c5ef446796343f4d26da230b82dae61bfcc7a0cceea50f24bdbf487bfcc1f18e994b2820e0a4ef3520b5273e74c4d5726fc3fff92bb2df0b7cdbf248fe6061cdefd023cca1ecf483f250d9d9db20a361eb38b32d346a3e468f527ccde446fa28fe8c727c22df63ff96e236c9fa0dde59e0aadeaf9a3e6b94815e013b026edfffcc1c381cc4420ed1724c922008ba8504b2d1bf5fad7b5af69ea0816544572cc821d6d32397ad88bffefd35a957315c4744ff79552878c2ad9d0862fa3dda7d7e95d55137990ea02fc16f58795ff270e146270cb52db48924cc457844859fa6ac40566ea156e214a4e16e61bec49f94806315b3620a8d14bd50bfab73aa8518df49279f679ab22782e295afd584e753924c52fb225711007f30c99c4f4e1243893014c308f6ea952fa05fc0cd61bdec6316ff6fc8591ff89ab4a6dc9981430bee32252669b6cbbd3e3e87dafb3b99ce39eaa34f268b398b90"}], @beacon_params=[@NL80211_ATTR_BEACON_HEAD={0x121, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1}, {0xf7}, @device_a, @device_a, @initial, {0x0, 0xff}}, @ver_80211n={0x0, 0x8, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}}, 0x7ff, @random=0x40, 0x8100, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x4, [{0x1, 0x1}, {0x4, 0x1}, {0x9}, {0x24, 0x1}]}, @val={0x3, 0x1, 0x2c}, @void, @val={0x6, 0x2, 0x9}, @void, @void, @void, @val={0x3c, 0x4, {0x0, 0x0, 0x34, 0xff}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x31, 0x20}}, @void, [{0xdd, 0xc7, "45affdd7309be944d29b3069bab5dddef96d45db5183795fafe56590cc0bf6b17057b03654f30b96e03c24bd5d53edcaa632d1e13dacae28223d1ace201f51c38bfde179d8a30894e83e8a411811e34521c44f834f62d313f5c9e44b735efc0c5bc92a5655c54eb1956c5454ad035ca7131fded22242ad3871c25b6ddd339c4e8f24b4ad6a50a617dd50581ddac204a7fa35fe45ea142323fae036dfc06746b54eee8ad7a7ab2383faf63ed612ebeffc616145f1a8077ae1fc278798afd58ecd8659bac355fcf8"}]}}, @NL80211_ATTR_BEACON_TAIL={0x2b, 0xf, [@mesh_id={0x72, 0x6}, @mesh_chsw={0x76, 0x6, {0x1f, 0x7, 0x0, 0xffe0}}, @challenge={0x10, 0x1, 0x7}, @link_id={0x65, 0x12, {@random="52b5747c44c6", @broadcast}}]}, @NL80211_ATTR_FTM_RESPONDER={0x1e4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xfb, 0x3, "5c4ab77b07a1e6d809f375c3c0df27857f7472fbf1371c73ca41106cb5a3aaa372f9648b422a4d4e019fa37cd6a00abfc8d51fc3feb898ecbb0491d52108c9e539b850c95dbaa44a04f9c2618ebd0d51e606097e435e057cb73fd4f5f258bfdc98c35e587a7e4f5ce4f89224f2af0c9b0dfa6081a9e116dc9ea9d290e99356e1f8026509a09efd5caef755d0224bc0f3554fa29a85ba25bbca690b083e389a0a562510899acfed6a2f35c695b5e7edab0e794d683fc3da0042bffb67c35cd3a6caf1d6e4b27b786000b074645dee13e2a94f4392d20e192ed2f4192b314147887e239c8f67935cd3bdb45f186e102f3872a80cc4ee9ffa"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x3c, 0x2, "9ab5685fe6486a3311f126c7e1fc675080bb7ab5751d6891b60264cc9dd5a1f41c4e40028601f3d86bd7f431c1884a218da4762efc5877ec"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x9e, 0x3, "4f2dc0e10763946ceb23a26123800d8fb4f699922aa7522382377238f93ce3762484af4676d11f8c7d29ee25867400cc3ba9c978e6baa37c4a1e1ddffdcee183d07ab3cd95417e03351d342ac0f0c1e7acd9cea8c65354db93dae4b2969e6bdc8fb88e57a10cad001f095bfdf8cbfac5f8601cea7b359f417acda215431f8214629dcd8a05090c178d4c43c2e518c7ef256421ceae952bbffaa8"}]}, @NL80211_ATTR_IE_ASSOC_RESP={0x7, 0x80, [@dsss={0x3, 0x1, 0xab}]}, @NL80211_ATTR_PROBE_RESP={0x1ea, 0x91, "1221ac3f36c01934b23269e7e3d6d98ff73b65d4e59be408758bdf544d628ff166772f30fcefb160f78e66be95b0ede59388601c1c2d0817a06896be0fbace77f69d9b8d5a8a3a5a751fae3363e6cd2c50140abb42df67c8e471d5bbb3c0d79f2c099436521243febfdf24662b4348fb8a010578b779bab026c6957d28a9556c062587913953f11a4319f0086b1973d576a06fb87f6983a583789b0e1cd678ea89e514a69cbc967b7b3654fe7beece0af4bbaa0e688bb6173a5ae4111d42b81355aab184aae6177da4715f7884d94c54aff2571c52ccf7164399a1fc77832c1fbe2be6f28761e0e7020f7d96ece1bf42c6bf44f6876d8ea2ea7b62952e1a9250dd2a34103196b050bb9193e8f44b3d390948e841f41eaec5422c80d126a6b1dad2b736cc97416f8bd26662c406c8dbeff216eb948eea03940a47d1f890a3c91cb888a18b4e5e759196c4052526a216a135aafdb4fc6bb972cd1e2c732102e1a731e008fd98d073f680b12587761559c876a2422febba722a472a123558510b29f8f2528533322f30cd8e584c808d76f241a719a3e07a55771b36f15cdf604a345dc1c1fd5cf69880fefb652099f81f0084d913d587a31f2ae8665af6609f6fdc99a9b244a19232093abc92574a177e9b8a7a2f60cb21b8360a219a4d9d0a4e4d20ea9b209539"}, @NL80211_ATTR_IE={0xa, 0x2a, [@chsw_timing={0x68, 0x4, {0x1}}]}, @NL80211_ATTR_PROBE_RESP={0x4fd, 0x91, "b1c1acd1812a7398129e4dc0e37d7e554648c5b8fd2d6ce3c368d2a35d50da9befe6ec1737fe01a8052b70544d06bdf922e769c633ee345404579d4b7ba25fb2a586ece0a3df177b0c623d802e5304f0316425b68b45c07bffa194c3e014f51f8275f57c29c3e1e93374159f6ca536050f4afb92d9e296b4ed997dd8e8825f0573ea0506bf3fa6d23e1f9d1b69b8ade8a8e546369fb2580f6fb23c4ad099634d67064e056c90dd35732d1ad5cb97ca6a5442ad8d9b49677c04ddc4be7cf1d3b718e171984b0a190f66e8cba2df0a0ccc8539a99bf9dd9e226abd5b4259d0cf39ba019f8384c0110c69b4bc3bfc4ffa2a066710e0c4ed90a31b8a18de0a132e9cd495545fdbf3b836425656971e953f36a89f90b6c63dd482009d5564fb3e6290738800d80ea7dff18eaa7f5047cfaf531fc93240c72a561efbd1228798e7a8b971a51489855ed527dc6637844d8b20f69f87462ea762240e037af1df6ba9b6991e4bf77694b57ad0ac9652e47e72a8de14ceb32e8671ab22de5223dbe29825082cb6fbd5649018634c2f0908ab4ee4240c3bc5f5f9d62a3a6129223125b189a5794baf62ef2753e45dcd27cee1949f89730a1df03a178d9231dfe78da2e9c43d8b572454be7b526515d550ba3f2d175b2d2e3b3a0fed4c48fb215af5e9091d4225d744d293eb3024569ced8b10e8281cba487792c52cd9b4ece40934563341570a67b1453d85af8d00112399dd05794f36cdb455e4b5078dbde676817f85f03596480f6d5070ef182393d05f9fb7d0b9da8a079b6388d73fbdaf62b65a6969fdf12a178061b1c677b43457bd1a269e6795e7f7222c14046fe7f809957085b8d1b84c58c7581bfb36ad513ad55de9fffce1e304f4a401993e397f39af35590d97c501e5eb2d8719b04e4ea770e19f9248f0967d2fc499e51dbae97b84ab0b018aaaf81c68d51152379d9fa9508529a1ba0a9f023ba8afa25385f29108e3d7b421ff698646b31c00c106477e5332d8efd48887e9fe36552f40ff92ad383d9e338b453335fb79b6c08a67983cc4ae96f2c5276b0ee384ecfa9fd692e7be2573358f23094de422a2624de206b9d5cb209d969ab7f54c8fa402b46ac4d09f8bb0bc9231a866ff5ffdc46e768988558b8c52766f3fe3084bef925ad67ed5292f6ff18bba7a0d8c5c749440f479ea5f0555937064010adc6ef154e101cc1362d148c273fdea46d316e44a46c63d90282bafbb617149031f052c9dfbd402b63613bf797285e1bc129c83f227e8b8cf817fe5ad2c61f841ad1583a6158171d53f578a5903ed041f038d99c0c183f26ec90fcb02a111f026c3cbf91f55b18f7e15fa3bc3c006011696f122804ee9d8d7107a8bb6c8f0b2970cb75f3ede13292261eb57e01b8b845d4e8e4fb97b6f089b598621c33fc60b282ed2a4f022b389c96175373c6b10d7cefd0bd8d0586dfe61c853c4fda99940f988fbaf34932cc9935cbf905e29eebe0cb4c8e1091789ba7e0fcda30ce9c06ce275edab46c08fd07f715fa8ce774db41277f37b13e8f6c40ae511578babd3320cd2b936298024fdae409247ad9dd7164747621d7f55f32566f0674a97f841b13f2a881e72082d3cbe10ae1be551a980b6548ff545c08fa46155ede47954fd8c7d209a73c3afd64b6e2aeae8e39e577878a35edcfb5a49d92ef066f6f2eeebe5274c179209a7ba8d87de4ec89dbaed6ab87fdec62fcca7ec64dbfff937a5a40bf6ba978a60b9ce23880d6a87237bc9d69ec594d10f8c2dbb9a04007da0d1b209b321e7746c7365"}, @NL80211_ATTR_BEACON_TAIL={0x128, 0xf, [@prep={0x83, 0x1f, @not_ext={{}, 0x2, 0x5, @device_b, 0x2, "", 0x7, 0x2, @broadcast, 0x6}}, @random_vendor={0xdd, 0x6a, "86ada4fb703bdbab1cc534ae64e6b0d8bc4209f82209aa37f3bcae002e521df5685c2bad36ad58cb942d08516df6e35b989763ee1aea7bde822f5947e7aeb421172e751b830b86ded37a612fdd4755cc63d7ec64d2ea19c4c4f1a124dcc9a0a7b19e284c8ce892b5924a"}, @gcr_ga={0xbd, 0x6}, @supported_rates={0x1, 0x5, [{0x6c, 0x1}, {0x60}, {0x5f, 0x1}, {0xbdc2547c1a99e997, 0x1}, {0x1b}]}, @link_id={0x65, 0x12, {@from_mac=@broadcast, @broadcast, @device_b}}, @channel_switch={0x25, 0x3, {0x0, 0x99, 0xfb}}, @mesh_id={0x72, 0x6}, @measure_req={0x26, 0x61, {0x4d, 0x2, 0x5, "5ea63ff75e7a8e1d3f73d48a4fd8f94921aa039a2efc152e210f82cf55cfd6b0aa2d3e0ce3da8465fd0c081d15caef6a0e264b91c2749111459079dd7140f45d45243a001ccfea37222d0a6545bd7ecdb259a36f334687e8dca6d5f457f0"}}, @ibss={0x6, 0x2, 0x7f}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0xfffb, 0x8001, 0x6, 0x81]}]}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1b0}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1608}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x19}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x8}]]}, 0x1400}, 0x1, 0x0, 0x0, 0x4090}, 0x40801) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)={0x50, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x9, 0x12}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x7}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000800)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000740)={0x90, 0x0, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_SCAN_SSIDS={0x64, 0x2d, 0x0, 0x1, [{0x20, 0x0, @random="8d39454861a7c73768dcdfbeb590ca5f6f1702d60ebd4cb1248d6848"}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}, {0x4}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ibss_ssid}]}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0x2}]}, 0x90}, 0x1, 0x0, 0x0, 0x4004044}, 0x40040) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2476.127328][T18717] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:24:14 executing program 2: syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setregset(0x4205, 0x0, 0x0, &(0x7f00000000c0)={0x0}) r0 = syz_clone(0xa4000000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) tkill(r0, 0x0) 19:24:14 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x900, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2476.303559][T18747] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2476.355581][T18747] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2476.407956][T18747] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:24:22 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xd, 0x28011, r0, 0x0) ftruncate(r0, 0x2f00) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x16) 19:24:22 executing program 3: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000006ff67"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000008, 0xfb, 0x1, 0x0, 0x20]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:24:22 executing program 2: syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setregset(0x4205, 0x0, 0x0, &(0x7f00000000c0)={0x0}) r0 = syz_clone(0xa4000000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) tkill(r0, 0x0) 19:24:22 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0xc00, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:24:22 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x3f00, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:24:22 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x4b0040, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000680)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xf8, 0x0, 0x8, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MESH_SETUP={0xe0, 0x70, [@NL80211_MESH_SETUP_AUTH_PROTOCOL={0x5, 0x8, 0x80}, @NL80211_MESH_SETUP_USERSPACE_AMPE={0x4}, @NL80211_MESH_SETUP_IE={0xce, 0x3, "9281b250d6ef6497070e0a9055937d57b781abb7cd928f2428c5e667ac423030be564715304590e4e235b9af7e5ad5a9d7348a635e70bcd73b2d0e1b8fdfc0e588fb839b92b94502b92901fe2128ef7f5620a45e487ad20e2b742e8c53b1bda7211713dec4b5b7606fdeb43411c16340ee081776baef193dd9825a6b120ec6c1fdb83054fd7fb28224aaf7189c0dc70fef6181a04016f89d95d0e79d1f4d8aede4ea30e6c4ea68c01b8fdc23afdf03b8dd7773749da8f1bb0eacd58e102348b4956290f7d9dfd412b31b"}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0xf8}, 0x1, 0x0, 0x0, 0x8000}, 0x20040887) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000880), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000001d00)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001cc0)={&(0x7f00000008c0)={0x1400, r3, 0x400, 0x70bd2b, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x10001, 0xb}}}}, [@NL80211_ATTR_CSA_IES={0x13b8, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0xe, 0xba, [0xff, 0x5, 0x8, 0x7, 0x6]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x10, 0xbb, [0x6672, 0x8, 0xe57, 0xff, 0x4, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xc, 0xba, [0x7c, 0xfe00, 0xfffc, 0x0]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x9, 0x8000]}, @beacon_params=[@NL80211_ATTR_PROBE_RESP={0x816, 0x91, "1432e53d4d89f053b378baa9eef404341907ce9bff1cfc34dc285b5db0b8b27f1c96d48d5db42decdb6476c9bd3258041d728d50f1b0dec84ffdb9934058161d9a26382c9eccfcdff15ea4b0d2383ec9e1a3e383e09b25a6dde33ce5c122d324908c552e133bed7591c135e9166e1a77eb07e535bc674e77bcdd1b2ffe2a78a28587bf14c75331f3986bfe5e0b24b54c16865b93f18ae0e51b10136989117b6d1222b9d6864eaa6924e8ddf79bd87380b3201c07d35fcb013d0ecb35cee7528264656866e407f6d32fa289d9cea8af767bfec909df6536ccbf9d99d2854f14aa560d1d68685fef620a1056f239fa6a31d0bb4a434c16a269fc43a1442828783698628687fff9cc08d4e8f148fc4b5ac83c65fb798d15b6cdb68063bb6a785f714b94802e71d766701163d4e897f6001427e4cd3c6a3d72e37da6c4e6e0bf0967c16924b2dd5af83985849f4ec5e6b071c7aa65a68d11bf90109fc9fc214c0c44dd54a1015eeb88cfab1aef964fc66b5acca9bb7c084d5aaaca426c887c65d42c965d446002c3530b424606fc8c2caa610130ca20fe987fce99900de29f5454d60bef6fde1c8aa0b4339f4f95fc97a96a2d704e57a4ae557fba23ce654c295cba4a59ff60a76b18f03ff5988210c87c1f32cb582e87b358ac3c2c1db6b53beb231ff3ff8922e931d4ee46b2197724a6296972419913f39225043c82e6c072021c4793ebce4e8176c2336b98615a45376f1a7534c961a0e678a22fd2d8aa61874cab08d03c14f2f45f74accf010d02f12f766a1d03209d422e3ca56b2a2c9ecdd99bf771eb0cf35f61c9ccc66b6b2807705a60ec8f86e91d163d1aeecb4656fcc4a4ace8b3307e657209ca49b7f02581254cabf0a11e5a1f64f80678a04e024587f0a13619313639360f410b2abbd569f19e24ad3611e18ba209fcda4655a24a4487395c69ecfb78712d3d40df1bde1d367aee72507942317e98708410b7d0bb3af6829e61939124e741ef0ce4d467a147c22f8ebcc8f5e3d4cd5a2597ad896b02a6f2df1f82b8a6f0183b8a28db6b8701aa7a87f01302ce4ce401af3c2bf292b84c2248c8e8bd5cb70ee1341dbe34f3b53c639abe2e1982b4d0ffa16648acc79bd582db19d05874161b2c09a18159d8024a7412b0a24bbfb4fc0d7f555021ac483d93d3866210ff4d3e9397a52597d09e95e63abd02af5d5ca46b10ef94e45f9fd2e1e7eb8852f2f1fe2f62ea16a11f392a9f2675c9e74b1bf36d86b32f5096cdbaccda617885cb30c7ccef0f964f176c6cbddda156a31ab6dcd427ece9c43d2a5bc2d68b900a1a1027a94aa02c051412efede0ea7bab8b8811f639612c2822fb8a1bf0d03b0111dd998706d4d6232b88e3b2ffa7aeed3cee2aad78894aa99337a50790917f1b01261bd457b2c457ea6c327112deb802874081251e2a7d2f4292f01a59a47bb4b701ec3496acd4d45cbf299a7aed763e3c16dbdc4680461aef3d0e3cc4412a460ac1aa6981b22fc5ccfa662db162cc2805b14238e3bfdc6c7cf7f64afe3499d31fadfaaf27f67af74b16ba7e2ce67af535038ac179581727b3173180b4883f787190c73ccc6a34cb54791407aa498c6ecb9521d1070c4c9dedca41fbdc3a68bd46c0c8c36f94b5217f0d37d8d0faffbbb307d533f71cae6429b263dda9ea95b605e382a2409315f135978b47515c74ad21572a157490f729cab8bed7a01068e01e95535aae2987ad4d6ea77abd0f2b5a660ae4122854d71caa1c291acb30dde7244c3036d7335fb39a315c523da1720abe0b23f51bac540e9c71a58edaffd93073b47dc10439089b66bc81636ad2e6ad334f7170454e7d900f5342c7fc0d7f9b257e06e8c11be8e762b16c9df88c370e1bd81ccf002e3b9ac772ec464d331b73191deccc61be2a646d27727d3a1237672004afaaec52e90cb09839034615a3d6ac43e4bede388c0bddf07bcc3fe3a2c12c428f68a31517fc6729fcf0207ba20184e6c12b72886524a0383f53ab7f85277243ce4718c0b6626abda00b5e320afe09f29b6dd81cb37e03be989e9bab9af212a94e9292d578749107797333daaf679f1f868dff8a321662f458e54c69f7b4fc1203da0ddd791d7a073b81dc3694f68b2ed6d321bea3ee8917da07bb22d4f79e00215722c1f89cdef6f433ddceac8c1be5b46d9548b269208c5e857955ab65b984aab72330612b96f0d77233a6d4f88acdd778451b71a819f305416eaafbbb894f2c7f720bc47b1f07b8fc2e77a7393436ac7481c4862507f9e4fe240535a2b49a420af6deee6cf75e42cb21b5c7ee690c384657c12746ccd932b3f0bd53e0ec88202b3f24537c48ec2c3f0d6a29ad83d6ac111bd3dae3f6ce57ad52eda4a7b2c71fa4ea4ff4e21b96823d884453a5d56df2f63d93b70279243bcdf1d828400294b314c5ef446796343f4d26da230b82dae61bfcc7a0cceea50f24bdbf487bfcc1f18e994b2820e0a4ef3520b5273e74c4d5726fc3fff92bb2df0b7cdbf248fe6061cdefd023cca1ecf483f250d9d9db20a361eb38b32d346a3e468f527ccde446fa28fe8c727c22df63ff96e236c9fa0dde59e0aadeaf9a3e6b94815e013b026edfffcc1c381cc4420ed1724c922008ba8504b2d1bf5fad7b5af69ea0816544572cc821d6d32397ad88bffefd35a957315c4744ff79552878c2ad9d0862fa3dda7d7e95d55137990ea02fc16f58795ff270e146270cb52db48924cc457844859fa6ac40566ea156e214a4e16e61bec49f94806315b3620a8d14bd50bfab73aa8518df49279f679ab22782e295afd584e753924c52fb225711007f30c99c4f4e1243893014c308f6ea952fa05fc0cd61bdec6316ff6fc8591ff89ab4a6dc9981430bee32252669b6cbbd3e3e87dafb3b99ce39eaa34f268b398b90"}], @beacon_params=[@NL80211_ATTR_BEACON_HEAD={0x121, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1}, {0xf7}, @device_a, @device_a, @initial, {0x0, 0xff}}, @ver_80211n={0x0, 0x8, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}}, 0x7ff, @random=0x40, 0x8100, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x4, [{0x1, 0x1}, {0x4, 0x1}, {0x9}, {0x24, 0x1}]}, @val={0x3, 0x1, 0x2c}, @void, @val={0x6, 0x2, 0x9}, @void, @void, @void, @val={0x3c, 0x4, {0x0, 0x0, 0x34, 0xff}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x31, 0x20}}, @void, [{0xdd, 0xc7, "45affdd7309be944d29b3069bab5dddef96d45db5183795fafe56590cc0bf6b17057b03654f30b96e03c24bd5d53edcaa632d1e13dacae28223d1ace201f51c38bfde179d8a30894e83e8a411811e34521c44f834f62d313f5c9e44b735efc0c5bc92a5655c54eb1956c5454ad035ca7131fded22242ad3871c25b6ddd339c4e8f24b4ad6a50a617dd50581ddac204a7fa35fe45ea142323fae036dfc06746b54eee8ad7a7ab2383faf63ed612ebeffc616145f1a8077ae1fc278798afd58ecd8659bac355fcf8"}]}}, @NL80211_ATTR_BEACON_TAIL={0x2b, 0xf, [@mesh_id={0x72, 0x6}, @mesh_chsw={0x76, 0x6, {0x1f, 0x7, 0x0, 0xffe0}}, @challenge={0x10, 0x1, 0x7}, @link_id={0x65, 0x12, {@random="52b5747c44c6", @broadcast}}]}, @NL80211_ATTR_FTM_RESPONDER={0x1e4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xfb, 0x3, "5c4ab77b07a1e6d809f375c3c0df27857f7472fbf1371c73ca41106cb5a3aaa372f9648b422a4d4e019fa37cd6a00abfc8d51fc3feb898ecbb0491d52108c9e539b850c95dbaa44a04f9c2618ebd0d51e606097e435e057cb73fd4f5f258bfdc98c35e587a7e4f5ce4f89224f2af0c9b0dfa6081a9e116dc9ea9d290e99356e1f8026509a09efd5caef755d0224bc0f3554fa29a85ba25bbca690b083e389a0a562510899acfed6a2f35c695b5e7edab0e794d683fc3da0042bffb67c35cd3a6caf1d6e4b27b786000b074645dee13e2a94f4392d20e192ed2f4192b314147887e239c8f67935cd3bdb45f186e102f3872a80cc4ee9ffa"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x3c, 0x2, "9ab5685fe6486a3311f126c7e1fc675080bb7ab5751d6891b60264cc9dd5a1f41c4e40028601f3d86bd7f431c1884a218da4762efc5877ec"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x9e, 0x3, "4f2dc0e10763946ceb23a26123800d8fb4f699922aa7522382377238f93ce3762484af4676d11f8c7d29ee25867400cc3ba9c978e6baa37c4a1e1ddffdcee183d07ab3cd95417e03351d342ac0f0c1e7acd9cea8c65354db93dae4b2969e6bdc8fb88e57a10cad001f095bfdf8cbfac5f8601cea7b359f417acda215431f8214629dcd8a05090c178d4c43c2e518c7ef256421ceae952bbffaa8"}]}, @NL80211_ATTR_IE_ASSOC_RESP={0x7, 0x80, [@dsss={0x3, 0x1, 0xab}]}, @NL80211_ATTR_PROBE_RESP={0x1ea, 0x91, "1221ac3f36c01934b23269e7e3d6d98ff73b65d4e59be408758bdf544d628ff166772f30fcefb160f78e66be95b0ede59388601c1c2d0817a06896be0fbace77f69d9b8d5a8a3a5a751fae3363e6cd2c50140abb42df67c8e471d5bbb3c0d79f2c099436521243febfdf24662b4348fb8a010578b779bab026c6957d28a9556c062587913953f11a4319f0086b1973d576a06fb87f6983a583789b0e1cd678ea89e514a69cbc967b7b3654fe7beece0af4bbaa0e688bb6173a5ae4111d42b81355aab184aae6177da4715f7884d94c54aff2571c52ccf7164399a1fc77832c1fbe2be6f28761e0e7020f7d96ece1bf42c6bf44f6876d8ea2ea7b62952e1a9250dd2a34103196b050bb9193e8f44b3d390948e841f41eaec5422c80d126a6b1dad2b736cc97416f8bd26662c406c8dbeff216eb948eea03940a47d1f890a3c91cb888a18b4e5e759196c4052526a216a135aafdb4fc6bb972cd1e2c732102e1a731e008fd98d073f680b12587761559c876a2422febba722a472a123558510b29f8f2528533322f30cd8e584c808d76f241a719a3e07a55771b36f15cdf604a345dc1c1fd5cf69880fefb652099f81f0084d913d587a31f2ae8665af6609f6fdc99a9b244a19232093abc92574a177e9b8a7a2f60cb21b8360a219a4d9d0a4e4d20ea9b209539"}, @NL80211_ATTR_IE={0xa, 0x2a, [@chsw_timing={0x68, 0x4, {0x1}}]}, @NL80211_ATTR_PROBE_RESP={0x4fd, 0x91, "b1c1acd1812a7398129e4dc0e37d7e554648c5b8fd2d6ce3c368d2a35d50da9befe6ec1737fe01a8052b70544d06bdf922e769c633ee345404579d4b7ba25fb2a586ece0a3df177b0c623d802e5304f0316425b68b45c07bffa194c3e014f51f8275f57c29c3e1e93374159f6ca536050f4afb92d9e296b4ed997dd8e8825f0573ea0506bf3fa6d23e1f9d1b69b8ade8a8e546369fb2580f6fb23c4ad099634d67064e056c90dd35732d1ad5cb97ca6a5442ad8d9b49677c04ddc4be7cf1d3b718e171984b0a190f66e8cba2df0a0ccc8539a99bf9dd9e226abd5b4259d0cf39ba019f8384c0110c69b4bc3bfc4ffa2a066710e0c4ed90a31b8a18de0a132e9cd495545fdbf3b836425656971e953f36a89f90b6c63dd482009d5564fb3e6290738800d80ea7dff18eaa7f5047cfaf531fc93240c72a561efbd1228798e7a8b971a51489855ed527dc6637844d8b20f69f87462ea762240e037af1df6ba9b6991e4bf77694b57ad0ac9652e47e72a8de14ceb32e8671ab22de5223dbe29825082cb6fbd5649018634c2f0908ab4ee4240c3bc5f5f9d62a3a6129223125b189a5794baf62ef2753e45dcd27cee1949f89730a1df03a178d9231dfe78da2e9c43d8b572454be7b526515d550ba3f2d175b2d2e3b3a0fed4c48fb215af5e9091d4225d744d293eb3024569ced8b10e8281cba487792c52cd9b4ece40934563341570a67b1453d85af8d00112399dd05794f36cdb455e4b5078dbde676817f85f03596480f6d5070ef182393d05f9fb7d0b9da8a079b6388d73fbdaf62b65a6969fdf12a178061b1c677b43457bd1a269e6795e7f7222c14046fe7f809957085b8d1b84c58c7581bfb36ad513ad55de9fffce1e304f4a401993e397f39af35590d97c501e5eb2d8719b04e4ea770e19f9248f0967d2fc499e51dbae97b84ab0b018aaaf81c68d51152379d9fa9508529a1ba0a9f023ba8afa25385f29108e3d7b421ff698646b31c00c106477e5332d8efd48887e9fe36552f40ff92ad383d9e338b453335fb79b6c08a67983cc4ae96f2c5276b0ee384ecfa9fd692e7be2573358f23094de422a2624de206b9d5cb209d969ab7f54c8fa402b46ac4d09f8bb0bc9231a866ff5ffdc46e768988558b8c52766f3fe3084bef925ad67ed5292f6ff18bba7a0d8c5c749440f479ea5f0555937064010adc6ef154e101cc1362d148c273fdea46d316e44a46c63d90282bafbb617149031f052c9dfbd402b63613bf797285e1bc129c83f227e8b8cf817fe5ad2c61f841ad1583a6158171d53f578a5903ed041f038d99c0c183f26ec90fcb02a111f026c3cbf91f55b18f7e15fa3bc3c006011696f122804ee9d8d7107a8bb6c8f0b2970cb75f3ede13292261eb57e01b8b845d4e8e4fb97b6f089b598621c33fc60b282ed2a4f022b389c96175373c6b10d7cefd0bd8d0586dfe61c853c4fda99940f988fbaf34932cc9935cbf905e29eebe0cb4c8e1091789ba7e0fcda30ce9c06ce275edab46c08fd07f715fa8ce774db41277f37b13e8f6c40ae511578babd3320cd2b936298024fdae409247ad9dd7164747621d7f55f32566f0674a97f841b13f2a881e72082d3cbe10ae1be551a980b6548ff545c08fa46155ede47954fd8c7d209a73c3afd64b6e2aeae8e39e577878a35edcfb5a49d92ef066f6f2eeebe5274c179209a7ba8d87de4ec89dbaed6ab87fdec62fcca7ec64dbfff937a5a40bf6ba978a60b9ce23880d6a87237bc9d69ec594d10f8c2dbb9a04007da0d1b209b321e7746c7365"}, @NL80211_ATTR_BEACON_TAIL={0x128, 0xf, [@prep={0x83, 0x1f, @not_ext={{}, 0x2, 0x5, @device_b, 0x2, "", 0x7, 0x2, @broadcast, 0x6}}, @random_vendor={0xdd, 0x6a, "86ada4fb703bdbab1cc534ae64e6b0d8bc4209f82209aa37f3bcae002e521df5685c2bad36ad58cb942d08516df6e35b989763ee1aea7bde822f5947e7aeb421172e751b830b86ded37a612fdd4755cc63d7ec64d2ea19c4c4f1a124dcc9a0a7b19e284c8ce892b5924a"}, @gcr_ga={0xbd, 0x6}, @supported_rates={0x1, 0x5, [{0x6c, 0x1}, {0x60}, {0x5f, 0x1}, {0xbdc2547c1a99e997, 0x1}, {0x1b}]}, @link_id={0x65, 0x12, {@from_mac=@broadcast, @broadcast, @device_b}}, @channel_switch={0x25, 0x3, {0x0, 0x99, 0xfb}}, @mesh_id={0x72, 0x6}, @measure_req={0x26, 0x61, {0x4d, 0x2, 0x5, "5ea63ff75e7a8e1d3f73d48a4fd8f94921aa039a2efc152e210f82cf55cfd6b0aa2d3e0ce3da8465fd0c081d15caef6a0e264b91c2749111459079dd7140f45d45243a001ccfea37222d0a6545bd7ecdb259a36f334687e8dca6d5f457f0"}}, @ibss={0x6, 0x2, 0x7f}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0xfffb, 0x8001, 0x6, 0x81]}]}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1b0}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1608}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x19}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x8}]]}, 0x1400}, 0x1, 0x0, 0x0, 0x4090}, 0x40801) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)={0x50, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x9, 0x12}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x7}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000800)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000740)={0x90, 0x0, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_SCAN_SSIDS={0x64, 0x2d, 0x0, 0x1, [{0x20, 0x0, @random="8d39454861a7c73768dcdfbeb590ca5f6f1702d60ebd4cb1248d6848"}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}, {0x4}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ibss_ssid}]}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0x2}]}, 0x90}, 0x1, 0x0, 0x0, 0x4004044}, 0x40040) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x4b0040, 0x0) (async) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000680)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xf8, 0x0, 0x8, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MESH_SETUP={0xe0, 0x70, [@NL80211_MESH_SETUP_AUTH_PROTOCOL={0x5, 0x8, 0x80}, @NL80211_MESH_SETUP_USERSPACE_AMPE={0x4}, @NL80211_MESH_SETUP_IE={0xce, 0x3, "9281b250d6ef6497070e0a9055937d57b781abb7cd928f2428c5e667ac423030be564715304590e4e235b9af7e5ad5a9d7348a635e70bcd73b2d0e1b8fdfc0e588fb839b92b94502b92901fe2128ef7f5620a45e487ad20e2b742e8c53b1bda7211713dec4b5b7606fdeb43411c16340ee081776baef193dd9825a6b120ec6c1fdb83054fd7fb28224aaf7189c0dc70fef6181a04016f89d95d0e79d1f4d8aede4ea30e6c4ea68c01b8fdc23afdf03b8dd7773749da8f1bb0eacd58e102348b4956290f7d9dfd412b31b"}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0xf8}, 0x1, 0x0, 0x0, 0x8000}, 0x20040887) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000880), 0xffffffffffffffff) (async) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000001d00)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001cc0)={&(0x7f00000008c0)={0x1400, r3, 0x400, 0x70bd2b, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x10001, 0xb}}}}, [@NL80211_ATTR_CSA_IES={0x13b8, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0xe, 0xba, [0xff, 0x5, 0x8, 0x7, 0x6]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x10, 0xbb, [0x6672, 0x8, 0xe57, 0xff, 0x4, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xc, 0xba, [0x7c, 0xfe00, 0xfffc, 0x0]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x9, 0x8000]}, @beacon_params=[@NL80211_ATTR_PROBE_RESP={0x816, 0x91, "1432e53d4d89f053b378baa9eef404341907ce9bff1cfc34dc285b5db0b8b27f1c96d48d5db42decdb6476c9bd3258041d728d50f1b0dec84ffdb9934058161d9a26382c9eccfcdff15ea4b0d2383ec9e1a3e383e09b25a6dde33ce5c122d324908c552e133bed7591c135e9166e1a77eb07e535bc674e77bcdd1b2ffe2a78a28587bf14c75331f3986bfe5e0b24b54c16865b93f18ae0e51b10136989117b6d1222b9d6864eaa6924e8ddf79bd87380b3201c07d35fcb013d0ecb35cee7528264656866e407f6d32fa289d9cea8af767bfec909df6536ccbf9d99d2854f14aa560d1d68685fef620a1056f239fa6a31d0bb4a434c16a269fc43a1442828783698628687fff9cc08d4e8f148fc4b5ac83c65fb798d15b6cdb68063bb6a785f714b94802e71d766701163d4e897f6001427e4cd3c6a3d72e37da6c4e6e0bf0967c16924b2dd5af83985849f4ec5e6b071c7aa65a68d11bf90109fc9fc214c0c44dd54a1015eeb88cfab1aef964fc66b5acca9bb7c084d5aaaca426c887c65d42c965d446002c3530b424606fc8c2caa610130ca20fe987fce99900de29f5454d60bef6fde1c8aa0b4339f4f95fc97a96a2d704e57a4ae557fba23ce654c295cba4a59ff60a76b18f03ff5988210c87c1f32cb582e87b358ac3c2c1db6b53beb231ff3ff8922e931d4ee46b2197724a6296972419913f39225043c82e6c072021c4793ebce4e8176c2336b98615a45376f1a7534c961a0e678a22fd2d8aa61874cab08d03c14f2f45f74accf010d02f12f766a1d03209d422e3ca56b2a2c9ecdd99bf771eb0cf35f61c9ccc66b6b2807705a60ec8f86e91d163d1aeecb4656fcc4a4ace8b3307e657209ca49b7f02581254cabf0a11e5a1f64f80678a04e024587f0a13619313639360f410b2abbd569f19e24ad3611e18ba209fcda4655a24a4487395c69ecfb78712d3d40df1bde1d367aee72507942317e98708410b7d0bb3af6829e61939124e741ef0ce4d467a147c22f8ebcc8f5e3d4cd5a2597ad896b02a6f2df1f82b8a6f0183b8a28db6b8701aa7a87f01302ce4ce401af3c2bf292b84c2248c8e8bd5cb70ee1341dbe34f3b53c639abe2e1982b4d0ffa16648acc79bd582db19d05874161b2c09a18159d8024a7412b0a24bbfb4fc0d7f555021ac483d93d3866210ff4d3e9397a52597d09e95e63abd02af5d5ca46b10ef94e45f9fd2e1e7eb8852f2f1fe2f62ea16a11f392a9f2675c9e74b1bf36d86b32f5096cdbaccda617885cb30c7ccef0f964f176c6cbddda156a31ab6dcd427ece9c43d2a5bc2d68b900a1a1027a94aa02c051412efede0ea7bab8b8811f639612c2822fb8a1bf0d03b0111dd998706d4d6232b88e3b2ffa7aeed3cee2aad78894aa99337a50790917f1b01261bd457b2c457ea6c327112deb802874081251e2a7d2f4292f01a59a47bb4b701ec3496acd4d45cbf299a7aed763e3c16dbdc4680461aef3d0e3cc4412a460ac1aa6981b22fc5ccfa662db162cc2805b14238e3bfdc6c7cf7f64afe3499d31fadfaaf27f67af74b16ba7e2ce67af535038ac179581727b3173180b4883f787190c73ccc6a34cb54791407aa498c6ecb9521d1070c4c9dedca41fbdc3a68bd46c0c8c36f94b5217f0d37d8d0faffbbb307d533f71cae6429b263dda9ea95b605e382a2409315f135978b47515c74ad21572a157490f729cab8bed7a01068e01e95535aae2987ad4d6ea77abd0f2b5a660ae4122854d71caa1c291acb30dde7244c3036d7335fb39a315c523da1720abe0b23f51bac540e9c71a58edaffd93073b47dc10439089b66bc81636ad2e6ad334f7170454e7d900f5342c7fc0d7f9b257e06e8c11be8e762b16c9df88c370e1bd81ccf002e3b9ac772ec464d331b73191deccc61be2a646d27727d3a1237672004afaaec52e90cb09839034615a3d6ac43e4bede388c0bddf07bcc3fe3a2c12c428f68a31517fc6729fcf0207ba20184e6c12b72886524a0383f53ab7f85277243ce4718c0b6626abda00b5e320afe09f29b6dd81cb37e03be989e9bab9af212a94e9292d578749107797333daaf679f1f868dff8a321662f458e54c69f7b4fc1203da0ddd791d7a073b81dc3694f68b2ed6d321bea3ee8917da07bb22d4f79e00215722c1f89cdef6f433ddceac8c1be5b46d9548b269208c5e857955ab65b984aab72330612b96f0d77233a6d4f88acdd778451b71a819f305416eaafbbb894f2c7f720bc47b1f07b8fc2e77a7393436ac7481c4862507f9e4fe240535a2b49a420af6deee6cf75e42cb21b5c7ee690c384657c12746ccd932b3f0bd53e0ec88202b3f24537c48ec2c3f0d6a29ad83d6ac111bd3dae3f6ce57ad52eda4a7b2c71fa4ea4ff4e21b96823d884453a5d56df2f63d93b70279243bcdf1d828400294b314c5ef446796343f4d26da230b82dae61bfcc7a0cceea50f24bdbf487bfcc1f18e994b2820e0a4ef3520b5273e74c4d5726fc3fff92bb2df0b7cdbf248fe6061cdefd023cca1ecf483f250d9d9db20a361eb38b32d346a3e468f527ccde446fa28fe8c727c22df63ff96e236c9fa0dde59e0aadeaf9a3e6b94815e013b026edfffcc1c381cc4420ed1724c922008ba8504b2d1bf5fad7b5af69ea0816544572cc821d6d32397ad88bffefd35a957315c4744ff79552878c2ad9d0862fa3dda7d7e95d55137990ea02fc16f58795ff270e146270cb52db48924cc457844859fa6ac40566ea156e214a4e16e61bec49f94806315b3620a8d14bd50bfab73aa8518df49279f679ab22782e295afd584e753924c52fb225711007f30c99c4f4e1243893014c308f6ea952fa05fc0cd61bdec6316ff6fc8591ff89ab4a6dc9981430bee32252669b6cbbd3e3e87dafb3b99ce39eaa34f268b398b90"}], @beacon_params=[@NL80211_ATTR_BEACON_HEAD={0x121, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1}, {0xf7}, @device_a, @device_a, @initial, {0x0, 0xff}}, @ver_80211n={0x0, 0x8, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}}, 0x7ff, @random=0x40, 0x8100, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x4, [{0x1, 0x1}, {0x4, 0x1}, {0x9}, {0x24, 0x1}]}, @val={0x3, 0x1, 0x2c}, @void, @val={0x6, 0x2, 0x9}, @void, @void, @void, @val={0x3c, 0x4, {0x0, 0x0, 0x34, 0xff}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x31, 0x20}}, @void, [{0xdd, 0xc7, "45affdd7309be944d29b3069bab5dddef96d45db5183795fafe56590cc0bf6b17057b03654f30b96e03c24bd5d53edcaa632d1e13dacae28223d1ace201f51c38bfde179d8a30894e83e8a411811e34521c44f834f62d313f5c9e44b735efc0c5bc92a5655c54eb1956c5454ad035ca7131fded22242ad3871c25b6ddd339c4e8f24b4ad6a50a617dd50581ddac204a7fa35fe45ea142323fae036dfc06746b54eee8ad7a7ab2383faf63ed612ebeffc616145f1a8077ae1fc278798afd58ecd8659bac355fcf8"}]}}, @NL80211_ATTR_BEACON_TAIL={0x2b, 0xf, [@mesh_id={0x72, 0x6}, @mesh_chsw={0x76, 0x6, {0x1f, 0x7, 0x0, 0xffe0}}, @challenge={0x10, 0x1, 0x7}, @link_id={0x65, 0x12, {@random="52b5747c44c6", @broadcast}}]}, @NL80211_ATTR_FTM_RESPONDER={0x1e4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xfb, 0x3, "5c4ab77b07a1e6d809f375c3c0df27857f7472fbf1371c73ca41106cb5a3aaa372f9648b422a4d4e019fa37cd6a00abfc8d51fc3feb898ecbb0491d52108c9e539b850c95dbaa44a04f9c2618ebd0d51e606097e435e057cb73fd4f5f258bfdc98c35e587a7e4f5ce4f89224f2af0c9b0dfa6081a9e116dc9ea9d290e99356e1f8026509a09efd5caef755d0224bc0f3554fa29a85ba25bbca690b083e389a0a562510899acfed6a2f35c695b5e7edab0e794d683fc3da0042bffb67c35cd3a6caf1d6e4b27b786000b074645dee13e2a94f4392d20e192ed2f4192b314147887e239c8f67935cd3bdb45f186e102f3872a80cc4ee9ffa"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x3c, 0x2, "9ab5685fe6486a3311f126c7e1fc675080bb7ab5751d6891b60264cc9dd5a1f41c4e40028601f3d86bd7f431c1884a218da4762efc5877ec"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x9e, 0x3, "4f2dc0e10763946ceb23a26123800d8fb4f699922aa7522382377238f93ce3762484af4676d11f8c7d29ee25867400cc3ba9c978e6baa37c4a1e1ddffdcee183d07ab3cd95417e03351d342ac0f0c1e7acd9cea8c65354db93dae4b2969e6bdc8fb88e57a10cad001f095bfdf8cbfac5f8601cea7b359f417acda215431f8214629dcd8a05090c178d4c43c2e518c7ef256421ceae952bbffaa8"}]}, @NL80211_ATTR_IE_ASSOC_RESP={0x7, 0x80, [@dsss={0x3, 0x1, 0xab}]}, @NL80211_ATTR_PROBE_RESP={0x1ea, 0x91, "1221ac3f36c01934b23269e7e3d6d98ff73b65d4e59be408758bdf544d628ff166772f30fcefb160f78e66be95b0ede59388601c1c2d0817a06896be0fbace77f69d9b8d5a8a3a5a751fae3363e6cd2c50140abb42df67c8e471d5bbb3c0d79f2c099436521243febfdf24662b4348fb8a010578b779bab026c6957d28a9556c062587913953f11a4319f0086b1973d576a06fb87f6983a583789b0e1cd678ea89e514a69cbc967b7b3654fe7beece0af4bbaa0e688bb6173a5ae4111d42b81355aab184aae6177da4715f7884d94c54aff2571c52ccf7164399a1fc77832c1fbe2be6f28761e0e7020f7d96ece1bf42c6bf44f6876d8ea2ea7b62952e1a9250dd2a34103196b050bb9193e8f44b3d390948e841f41eaec5422c80d126a6b1dad2b736cc97416f8bd26662c406c8dbeff216eb948eea03940a47d1f890a3c91cb888a18b4e5e759196c4052526a216a135aafdb4fc6bb972cd1e2c732102e1a731e008fd98d073f680b12587761559c876a2422febba722a472a123558510b29f8f2528533322f30cd8e584c808d76f241a719a3e07a55771b36f15cdf604a345dc1c1fd5cf69880fefb652099f81f0084d913d587a31f2ae8665af6609f6fdc99a9b244a19232093abc92574a177e9b8a7a2f60cb21b8360a219a4d9d0a4e4d20ea9b209539"}, @NL80211_ATTR_IE={0xa, 0x2a, [@chsw_timing={0x68, 0x4, {0x1}}]}, @NL80211_ATTR_PROBE_RESP={0x4fd, 0x91, "b1c1acd1812a7398129e4dc0e37d7e554648c5b8fd2d6ce3c368d2a35d50da9befe6ec1737fe01a8052b70544d06bdf922e769c633ee345404579d4b7ba25fb2a586ece0a3df177b0c623d802e5304f0316425b68b45c07bffa194c3e014f51f8275f57c29c3e1e93374159f6ca536050f4afb92d9e296b4ed997dd8e8825f0573ea0506bf3fa6d23e1f9d1b69b8ade8a8e546369fb2580f6fb23c4ad099634d67064e056c90dd35732d1ad5cb97ca6a5442ad8d9b49677c04ddc4be7cf1d3b718e171984b0a190f66e8cba2df0a0ccc8539a99bf9dd9e226abd5b4259d0cf39ba019f8384c0110c69b4bc3bfc4ffa2a066710e0c4ed90a31b8a18de0a132e9cd495545fdbf3b836425656971e953f36a89f90b6c63dd482009d5564fb3e6290738800d80ea7dff18eaa7f5047cfaf531fc93240c72a561efbd1228798e7a8b971a51489855ed527dc6637844d8b20f69f87462ea762240e037af1df6ba9b6991e4bf77694b57ad0ac9652e47e72a8de14ceb32e8671ab22de5223dbe29825082cb6fbd5649018634c2f0908ab4ee4240c3bc5f5f9d62a3a6129223125b189a5794baf62ef2753e45dcd27cee1949f89730a1df03a178d9231dfe78da2e9c43d8b572454be7b526515d550ba3f2d175b2d2e3b3a0fed4c48fb215af5e9091d4225d744d293eb3024569ced8b10e8281cba487792c52cd9b4ece40934563341570a67b1453d85af8d00112399dd05794f36cdb455e4b5078dbde676817f85f03596480f6d5070ef182393d05f9fb7d0b9da8a079b6388d73fbdaf62b65a6969fdf12a178061b1c677b43457bd1a269e6795e7f7222c14046fe7f809957085b8d1b84c58c7581bfb36ad513ad55de9fffce1e304f4a401993e397f39af35590d97c501e5eb2d8719b04e4ea770e19f9248f0967d2fc499e51dbae97b84ab0b018aaaf81c68d51152379d9fa9508529a1ba0a9f023ba8afa25385f29108e3d7b421ff698646b31c00c106477e5332d8efd48887e9fe36552f40ff92ad383d9e338b453335fb79b6c08a67983cc4ae96f2c5276b0ee384ecfa9fd692e7be2573358f23094de422a2624de206b9d5cb209d969ab7f54c8fa402b46ac4d09f8bb0bc9231a866ff5ffdc46e768988558b8c52766f3fe3084bef925ad67ed5292f6ff18bba7a0d8c5c749440f479ea5f0555937064010adc6ef154e101cc1362d148c273fdea46d316e44a46c63d90282bafbb617149031f052c9dfbd402b63613bf797285e1bc129c83f227e8b8cf817fe5ad2c61f841ad1583a6158171d53f578a5903ed041f038d99c0c183f26ec90fcb02a111f026c3cbf91f55b18f7e15fa3bc3c006011696f122804ee9d8d7107a8bb6c8f0b2970cb75f3ede13292261eb57e01b8b845d4e8e4fb97b6f089b598621c33fc60b282ed2a4f022b389c96175373c6b10d7cefd0bd8d0586dfe61c853c4fda99940f988fbaf34932cc9935cbf905e29eebe0cb4c8e1091789ba7e0fcda30ce9c06ce275edab46c08fd07f715fa8ce774db41277f37b13e8f6c40ae511578babd3320cd2b936298024fdae409247ad9dd7164747621d7f55f32566f0674a97f841b13f2a881e72082d3cbe10ae1be551a980b6548ff545c08fa46155ede47954fd8c7d209a73c3afd64b6e2aeae8e39e577878a35edcfb5a49d92ef066f6f2eeebe5274c179209a7ba8d87de4ec89dbaed6ab87fdec62fcca7ec64dbfff937a5a40bf6ba978a60b9ce23880d6a87237bc9d69ec594d10f8c2dbb9a04007da0d1b209b321e7746c7365"}, @NL80211_ATTR_BEACON_TAIL={0x128, 0xf, [@prep={0x83, 0x1f, @not_ext={{}, 0x2, 0x5, @device_b, 0x2, "", 0x7, 0x2, @broadcast, 0x6}}, @random_vendor={0xdd, 0x6a, "86ada4fb703bdbab1cc534ae64e6b0d8bc4209f82209aa37f3bcae002e521df5685c2bad36ad58cb942d08516df6e35b989763ee1aea7bde822f5947e7aeb421172e751b830b86ded37a612fdd4755cc63d7ec64d2ea19c4c4f1a124dcc9a0a7b19e284c8ce892b5924a"}, @gcr_ga={0xbd, 0x6}, @supported_rates={0x1, 0x5, [{0x6c, 0x1}, {0x60}, {0x5f, 0x1}, {0xbdc2547c1a99e997, 0x1}, {0x1b}]}, @link_id={0x65, 0x12, {@from_mac=@broadcast, @broadcast, @device_b}}, @channel_switch={0x25, 0x3, {0x0, 0x99, 0xfb}}, @mesh_id={0x72, 0x6}, @measure_req={0x26, 0x61, {0x4d, 0x2, 0x5, "5ea63ff75e7a8e1d3f73d48a4fd8f94921aa039a2efc152e210f82cf55cfd6b0aa2d3e0ce3da8465fd0c081d15caef6a0e264b91c2749111459079dd7140f45d45243a001ccfea37222d0a6545bd7ecdb259a36f334687e8dca6d5f457f0"}}, @ibss={0x6, 0x2, 0x7f}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0xfffb, 0x8001, 0x6, 0x81]}]}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1b0}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1608}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x19}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x8}]]}, 0x1400}, 0x1, 0x0, 0x0, 0x4090}, 0x40801) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)={0x50, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x9, 0x12}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x7}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x50}}, 0x0) (async) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000800)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000740)={0x90, 0x0, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_SCAN_SSIDS={0x64, 0x2d, 0x0, 0x1, [{0x20, 0x0, @random="8d39454861a7c73768dcdfbeb590ca5f6f1702d60ebd4cb1248d6848"}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}, {0x4}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ibss_ssid}]}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0x2}]}, 0x90}, 0x1, 0x0, 0x0, 0x4004044}, 0x40040) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (async) 19:24:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0xe00, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2485.229796][T18765] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2485.232867][T18764] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2485.281848][T18765] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2485.284666][T18764] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:24:23 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x4b0040, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000680)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xf8, 0x0, 0x8, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MESH_SETUP={0xe0, 0x70, [@NL80211_MESH_SETUP_AUTH_PROTOCOL={0x5, 0x8, 0x80}, @NL80211_MESH_SETUP_USERSPACE_AMPE={0x4}, @NL80211_MESH_SETUP_IE={0xce, 0x3, "9281b250d6ef6497070e0a9055937d57b781abb7cd928f2428c5e667ac423030be564715304590e4e235b9af7e5ad5a9d7348a635e70bcd73b2d0e1b8fdfc0e588fb839b92b94502b92901fe2128ef7f5620a45e487ad20e2b742e8c53b1bda7211713dec4b5b7606fdeb43411c16340ee081776baef193dd9825a6b120ec6c1fdb83054fd7fb28224aaf7189c0dc70fef6181a04016f89d95d0e79d1f4d8aede4ea30e6c4ea68c01b8fdc23afdf03b8dd7773749da8f1bb0eacd58e102348b4956290f7d9dfd412b31b"}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0xf8}, 0x1, 0x0, 0x0, 0x8000}, 0x20040887) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000880), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000001d00)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001cc0)={&(0x7f00000008c0)={0x1400, r3, 0x400, 0x70bd2b, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x10001, 0xb}}}}, [@NL80211_ATTR_CSA_IES={0x13b8, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0xe, 0xba, [0xff, 0x5, 0x8, 0x7, 0x6]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x10, 0xbb, [0x6672, 0x8, 0xe57, 0xff, 0x4, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xc, 0xba, [0x7c, 0xfe00, 0xfffc, 0x0]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x9, 0x8000]}, @beacon_params=[@NL80211_ATTR_PROBE_RESP={0x816, 0x91, "1432e53d4d89f053b378baa9eef404341907ce9bff1cfc34dc285b5db0b8b27f1c96d48d5db42decdb6476c9bd3258041d728d50f1b0dec84ffdb9934058161d9a26382c9eccfcdff15ea4b0d2383ec9e1a3e383e09b25a6dde33ce5c122d324908c552e133bed7591c135e9166e1a77eb07e535bc674e77bcdd1b2ffe2a78a28587bf14c75331f3986bfe5e0b24b54c16865b93f18ae0e51b10136989117b6d1222b9d6864eaa6924e8ddf79bd87380b3201c07d35fcb013d0ecb35cee7528264656866e407f6d32fa289d9cea8af767bfec909df6536ccbf9d99d2854f14aa560d1d68685fef620a1056f239fa6a31d0bb4a434c16a269fc43a1442828783698628687fff9cc08d4e8f148fc4b5ac83c65fb798d15b6cdb68063bb6a785f714b94802e71d766701163d4e897f6001427e4cd3c6a3d72e37da6c4e6e0bf0967c16924b2dd5af83985849f4ec5e6b071c7aa65a68d11bf90109fc9fc214c0c44dd54a1015eeb88cfab1aef964fc66b5acca9bb7c084d5aaaca426c887c65d42c965d446002c3530b424606fc8c2caa610130ca20fe987fce99900de29f5454d60bef6fde1c8aa0b4339f4f95fc97a96a2d704e57a4ae557fba23ce654c295cba4a59ff60a76b18f03ff5988210c87c1f32cb582e87b358ac3c2c1db6b53beb231ff3ff8922e931d4ee46b2197724a6296972419913f39225043c82e6c072021c4793ebce4e8176c2336b98615a45376f1a7534c961a0e678a22fd2d8aa61874cab08d03c14f2f45f74accf010d02f12f766a1d03209d422e3ca56b2a2c9ecdd99bf771eb0cf35f61c9ccc66b6b2807705a60ec8f86e91d163d1aeecb4656fcc4a4ace8b3307e657209ca49b7f02581254cabf0a11e5a1f64f80678a04e024587f0a13619313639360f410b2abbd569f19e24ad3611e18ba209fcda4655a24a4487395c69ecfb78712d3d40df1bde1d367aee72507942317e98708410b7d0bb3af6829e61939124e741ef0ce4d467a147c22f8ebcc8f5e3d4cd5a2597ad896b02a6f2df1f82b8a6f0183b8a28db6b8701aa7a87f01302ce4ce401af3c2bf292b84c2248c8e8bd5cb70ee1341dbe34f3b53c639abe2e1982b4d0ffa16648acc79bd582db19d05874161b2c09a18159d8024a7412b0a24bbfb4fc0d7f555021ac483d93d3866210ff4d3e9397a52597d09e95e63abd02af5d5ca46b10ef94e45f9fd2e1e7eb8852f2f1fe2f62ea16a11f392a9f2675c9e74b1bf36d86b32f5096cdbaccda617885cb30c7ccef0f964f176c6cbddda156a31ab6dcd427ece9c43d2a5bc2d68b900a1a1027a94aa02c051412efede0ea7bab8b8811f639612c2822fb8a1bf0d03b0111dd998706d4d6232b88e3b2ffa7aeed3cee2aad78894aa99337a50790917f1b01261bd457b2c457ea6c327112deb802874081251e2a7d2f4292f01a59a47bb4b701ec3496acd4d45cbf299a7aed763e3c16dbdc4680461aef3d0e3cc4412a460ac1aa6981b22fc5ccfa662db162cc2805b14238e3bfdc6c7cf7f64afe3499d31fadfaaf27f67af74b16ba7e2ce67af535038ac179581727b3173180b4883f787190c73ccc6a34cb54791407aa498c6ecb9521d1070c4c9dedca41fbdc3a68bd46c0c8c36f94b5217f0d37d8d0faffbbb307d533f71cae6429b263dda9ea95b605e382a2409315f135978b47515c74ad21572a157490f729cab8bed7a01068e01e95535aae2987ad4d6ea77abd0f2b5a660ae4122854d71caa1c291acb30dde7244c3036d7335fb39a315c523da1720abe0b23f51bac540e9c71a58edaffd93073b47dc10439089b66bc81636ad2e6ad334f7170454e7d900f5342c7fc0d7f9b257e06e8c11be8e762b16c9df88c370e1bd81ccf002e3b9ac772ec464d331b73191deccc61be2a646d27727d3a1237672004afaaec52e90cb09839034615a3d6ac43e4bede388c0bddf07bcc3fe3a2c12c428f68a31517fc6729fcf0207ba20184e6c12b72886524a0383f53ab7f85277243ce4718c0b6626abda00b5e320afe09f29b6dd81cb37e03be989e9bab9af212a94e9292d578749107797333daaf679f1f868dff8a321662f458e54c69f7b4fc1203da0ddd791d7a073b81dc3694f68b2ed6d321bea3ee8917da07bb22d4f79e00215722c1f89cdef6f433ddceac8c1be5b46d9548b269208c5e857955ab65b984aab72330612b96f0d77233a6d4f88acdd778451b71a819f305416eaafbbb894f2c7f720bc47b1f07b8fc2e77a7393436ac7481c4862507f9e4fe240535a2b49a420af6deee6cf75e42cb21b5c7ee690c384657c12746ccd932b3f0bd53e0ec88202b3f24537c48ec2c3f0d6a29ad83d6ac111bd3dae3f6ce57ad52eda4a7b2c71fa4ea4ff4e21b96823d884453a5d56df2f63d93b70279243bcdf1d828400294b314c5ef446796343f4d26da230b82dae61bfcc7a0cceea50f24bdbf487bfcc1f18e994b2820e0a4ef3520b5273e74c4d5726fc3fff92bb2df0b7cdbf248fe6061cdefd023cca1ecf483f250d9d9db20a361eb38b32d346a3e468f527ccde446fa28fe8c727c22df63ff96e236c9fa0dde59e0aadeaf9a3e6b94815e013b026edfffcc1c381cc4420ed1724c922008ba8504b2d1bf5fad7b5af69ea0816544572cc821d6d32397ad88bffefd35a957315c4744ff79552878c2ad9d0862fa3dda7d7e95d55137990ea02fc16f58795ff270e146270cb52db48924cc457844859fa6ac40566ea156e214a4e16e61bec49f94806315b3620a8d14bd50bfab73aa8518df49279f679ab22782e295afd584e753924c52fb225711007f30c99c4f4e1243893014c308f6ea952fa05fc0cd61bdec6316ff6fc8591ff89ab4a6dc9981430bee32252669b6cbbd3e3e87dafb3b99ce39eaa34f268b398b90"}], @beacon_params=[@NL80211_ATTR_BEACON_HEAD={0x121, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1}, {0xf7}, @device_a, @device_a, @initial, {0x0, 0xff}}, @ver_80211n={0x0, 0x8, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}}, 0x7ff, @random=0x40, 0x8100, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x4, [{0x1, 0x1}, {0x4, 0x1}, {0x9}, {0x24, 0x1}]}, @val={0x3, 0x1, 0x2c}, @void, @val={0x6, 0x2, 0x9}, @void, @void, @void, @val={0x3c, 0x4, {0x0, 0x0, 0x34, 0xff}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x31, 0x20}}, @void, [{0xdd, 0xc7, "45affdd7309be944d29b3069bab5dddef96d45db5183795fafe56590cc0bf6b17057b03654f30b96e03c24bd5d53edcaa632d1e13dacae28223d1ace201f51c38bfde179d8a30894e83e8a411811e34521c44f834f62d313f5c9e44b735efc0c5bc92a5655c54eb1956c5454ad035ca7131fded22242ad3871c25b6ddd339c4e8f24b4ad6a50a617dd50581ddac204a7fa35fe45ea142323fae036dfc06746b54eee8ad7a7ab2383faf63ed612ebeffc616145f1a8077ae1fc278798afd58ecd8659bac355fcf8"}]}}, @NL80211_ATTR_BEACON_TAIL={0x2b, 0xf, [@mesh_id={0x72, 0x6}, @mesh_chsw={0x76, 0x6, {0x1f, 0x7, 0x0, 0xffe0}}, @challenge={0x10, 0x1, 0x7}, @link_id={0x65, 0x12, {@random="52b5747c44c6", @broadcast}}]}, @NL80211_ATTR_FTM_RESPONDER={0x1e4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xfb, 0x3, "5c4ab77b07a1e6d809f375c3c0df27857f7472fbf1371c73ca41106cb5a3aaa372f9648b422a4d4e019fa37cd6a00abfc8d51fc3feb898ecbb0491d52108c9e539b850c95dbaa44a04f9c2618ebd0d51e606097e435e057cb73fd4f5f258bfdc98c35e587a7e4f5ce4f89224f2af0c9b0dfa6081a9e116dc9ea9d290e99356e1f8026509a09efd5caef755d0224bc0f3554fa29a85ba25bbca690b083e389a0a562510899acfed6a2f35c695b5e7edab0e794d683fc3da0042bffb67c35cd3a6caf1d6e4b27b786000b074645dee13e2a94f4392d20e192ed2f4192b314147887e239c8f67935cd3bdb45f186e102f3872a80cc4ee9ffa"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x3c, 0x2, "9ab5685fe6486a3311f126c7e1fc675080bb7ab5751d6891b60264cc9dd5a1f41c4e40028601f3d86bd7f431c1884a218da4762efc5877ec"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x9e, 0x3, "4f2dc0e10763946ceb23a26123800d8fb4f699922aa7522382377238f93ce3762484af4676d11f8c7d29ee25867400cc3ba9c978e6baa37c4a1e1ddffdcee183d07ab3cd95417e03351d342ac0f0c1e7acd9cea8c65354db93dae4b2969e6bdc8fb88e57a10cad001f095bfdf8cbfac5f8601cea7b359f417acda215431f8214629dcd8a05090c178d4c43c2e518c7ef256421ceae952bbffaa8"}]}, @NL80211_ATTR_IE_ASSOC_RESP={0x7, 0x80, [@dsss={0x3, 0x1, 0xab}]}, @NL80211_ATTR_PROBE_RESP={0x1ea, 0x91, "1221ac3f36c01934b23269e7e3d6d98ff73b65d4e59be408758bdf544d628ff166772f30fcefb160f78e66be95b0ede59388601c1c2d0817a06896be0fbace77f69d9b8d5a8a3a5a751fae3363e6cd2c50140abb42df67c8e471d5bbb3c0d79f2c099436521243febfdf24662b4348fb8a010578b779bab026c6957d28a9556c062587913953f11a4319f0086b1973d576a06fb87f6983a583789b0e1cd678ea89e514a69cbc967b7b3654fe7beece0af4bbaa0e688bb6173a5ae4111d42b81355aab184aae6177da4715f7884d94c54aff2571c52ccf7164399a1fc77832c1fbe2be6f28761e0e7020f7d96ece1bf42c6bf44f6876d8ea2ea7b62952e1a9250dd2a34103196b050bb9193e8f44b3d390948e841f41eaec5422c80d126a6b1dad2b736cc97416f8bd26662c406c8dbeff216eb948eea03940a47d1f890a3c91cb888a18b4e5e759196c4052526a216a135aafdb4fc6bb972cd1e2c732102e1a731e008fd98d073f680b12587761559c876a2422febba722a472a123558510b29f8f2528533322f30cd8e584c808d76f241a719a3e07a55771b36f15cdf604a345dc1c1fd5cf69880fefb652099f81f0084d913d587a31f2ae8665af6609f6fdc99a9b244a19232093abc92574a177e9b8a7a2f60cb21b8360a219a4d9d0a4e4d20ea9b209539"}, @NL80211_ATTR_IE={0xa, 0x2a, [@chsw_timing={0x68, 0x4, {0x1}}]}, @NL80211_ATTR_PROBE_RESP={0x4fd, 0x91, "b1c1acd1812a7398129e4dc0e37d7e554648c5b8fd2d6ce3c368d2a35d50da9befe6ec1737fe01a8052b70544d06bdf922e769c633ee345404579d4b7ba25fb2a586ece0a3df177b0c623d802e5304f0316425b68b45c07bffa194c3e014f51f8275f57c29c3e1e93374159f6ca536050f4afb92d9e296b4ed997dd8e8825f0573ea0506bf3fa6d23e1f9d1b69b8ade8a8e546369fb2580f6fb23c4ad099634d67064e056c90dd35732d1ad5cb97ca6a5442ad8d9b49677c04ddc4be7cf1d3b718e171984b0a190f66e8cba2df0a0ccc8539a99bf9dd9e226abd5b4259d0cf39ba019f8384c0110c69b4bc3bfc4ffa2a066710e0c4ed90a31b8a18de0a132e9cd495545fdbf3b836425656971e953f36a89f90b6c63dd482009d5564fb3e6290738800d80ea7dff18eaa7f5047cfaf531fc93240c72a561efbd1228798e7a8b971a51489855ed527dc6637844d8b20f69f87462ea762240e037af1df6ba9b6991e4bf77694b57ad0ac9652e47e72a8de14ceb32e8671ab22de5223dbe29825082cb6fbd5649018634c2f0908ab4ee4240c3bc5f5f9d62a3a6129223125b189a5794baf62ef2753e45dcd27cee1949f89730a1df03a178d9231dfe78da2e9c43d8b572454be7b526515d550ba3f2d175b2d2e3b3a0fed4c48fb215af5e9091d4225d744d293eb3024569ced8b10e8281cba487792c52cd9b4ece40934563341570a67b1453d85af8d00112399dd05794f36cdb455e4b5078dbde676817f85f03596480f6d5070ef182393d05f9fb7d0b9da8a079b6388d73fbdaf62b65a6969fdf12a178061b1c677b43457bd1a269e6795e7f7222c14046fe7f809957085b8d1b84c58c7581bfb36ad513ad55de9fffce1e304f4a401993e397f39af35590d97c501e5eb2d8719b04e4ea770e19f9248f0967d2fc499e51dbae97b84ab0b018aaaf81c68d51152379d9fa9508529a1ba0a9f023ba8afa25385f29108e3d7b421ff698646b31c00c106477e5332d8efd48887e9fe36552f40ff92ad383d9e338b453335fb79b6c08a67983cc4ae96f2c5276b0ee384ecfa9fd692e7be2573358f23094de422a2624de206b9d5cb209d969ab7f54c8fa402b46ac4d09f8bb0bc9231a866ff5ffdc46e768988558b8c52766f3fe3084bef925ad67ed5292f6ff18bba7a0d8c5c749440f479ea5f0555937064010adc6ef154e101cc1362d148c273fdea46d316e44a46c63d90282bafbb617149031f052c9dfbd402b63613bf797285e1bc129c83f227e8b8cf817fe5ad2c61f841ad1583a6158171d53f578a5903ed041f038d99c0c183f26ec90fcb02a111f026c3cbf91f55b18f7e15fa3bc3c006011696f122804ee9d8d7107a8bb6c8f0b2970cb75f3ede13292261eb57e01b8b845d4e8e4fb97b6f089b598621c33fc60b282ed2a4f022b389c96175373c6b10d7cefd0bd8d0586dfe61c853c4fda99940f988fbaf34932cc9935cbf905e29eebe0cb4c8e1091789ba7e0fcda30ce9c06ce275edab46c08fd07f715fa8ce774db41277f37b13e8f6c40ae511578babd3320cd2b936298024fdae409247ad9dd7164747621d7f55f32566f0674a97f841b13f2a881e72082d3cbe10ae1be551a980b6548ff545c08fa46155ede47954fd8c7d209a73c3afd64b6e2aeae8e39e577878a35edcfb5a49d92ef066f6f2eeebe5274c179209a7ba8d87de4ec89dbaed6ab87fdec62fcca7ec64dbfff937a5a40bf6ba978a60b9ce23880d6a87237bc9d69ec594d10f8c2dbb9a04007da0d1b209b321e7746c7365"}, @NL80211_ATTR_BEACON_TAIL={0x128, 0xf, [@prep={0x83, 0x1f, @not_ext={{}, 0x2, 0x5, @device_b, 0x2, "", 0x7, 0x2, @broadcast, 0x6}}, @random_vendor={0xdd, 0x6a, "86ada4fb703bdbab1cc534ae64e6b0d8bc4209f82209aa37f3bcae002e521df5685c2bad36ad58cb942d08516df6e35b989763ee1aea7bde822f5947e7aeb421172e751b830b86ded37a612fdd4755cc63d7ec64d2ea19c4c4f1a124dcc9a0a7b19e284c8ce892b5924a"}, @gcr_ga={0xbd, 0x6}, @supported_rates={0x1, 0x5, [{0x6c, 0x1}, {0x60}, {0x5f, 0x1}, {0xbdc2547c1a99e997, 0x1}, {0x1b}]}, @link_id={0x65, 0x12, {@from_mac=@broadcast, @broadcast, @device_b}}, @channel_switch={0x25, 0x3, {0x0, 0x99, 0xfb}}, @mesh_id={0x72, 0x6}, @measure_req={0x26, 0x61, {0x4d, 0x2, 0x5, "5ea63ff75e7a8e1d3f73d48a4fd8f94921aa039a2efc152e210f82cf55cfd6b0aa2d3e0ce3da8465fd0c081d15caef6a0e264b91c2749111459079dd7140f45d45243a001ccfea37222d0a6545bd7ecdb259a36f334687e8dca6d5f457f0"}}, @ibss={0x6, 0x2, 0x7f}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0xfffb, 0x8001, 0x6, 0x81]}]}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1b0}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1608}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x19}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x8}]]}, 0x1400}, 0x1, 0x0, 0x0, 0x4090}, 0x40801) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)={0x50, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x9, 0x12}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x7}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000800)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000740)={0x90, 0x0, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_SCAN_SSIDS={0x64, 0x2d, 0x0, 0x1, [{0x20, 0x0, @random="8d39454861a7c73768dcdfbeb590ca5f6f1702d60ebd4cb1248d6848"}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}, {0x4}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ibss_ssid}]}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0x2}]}, 0x90}, 0x1, 0x0, 0x0, 0x4004044}, 0x40040) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:24:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0xf00, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2485.333672][T18765] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2485.336116][T18764] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:24:23 executing program 3: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000006ff67"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000008, 0xfb, 0x1, 0x0, 0x20]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2485.510688][T18790] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2485.529536][T18791] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:24:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x3f00, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:24:23 executing program 2: syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setregset(0x4205, 0x0, 0x0, &(0x7f00000000c0)={0x0}) r0 = syz_clone(0xa4000000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) tkill(r0, 0x0) [ 2485.563434][T18790] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:24:42 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xd, 0x28011, r0, 0x0) ftruncate(r0, 0x2f00) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x16) 19:24:42 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x6000, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:24:42 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x6000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:24:42 executing program 3: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000006ff67"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000008, 0xfb, 0x1, 0x0, 0x20]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:24:42 executing program 5: ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000100000000f7ffffdfc5c868b1f99f6e87747e8d6c791cc223c81b73000000000000000010e3ffffff0100"]) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000200)=ANY=[], 0xfffffecc) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x303000, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000140)={&(0x7f0000000280), 0xc, 0x0, 0x1, 0x0, 0x0, 0x6afddd45d02b215a}, 0x40094) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f00000006c0)={0x9b0000, 0x100, 0x200, r0, 0x0, &(0x7f0000000680)={0x990a72, 0x0, '\x00', @value=0xff}}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r5, @ANYBLOB="01edff00e200000004003b1c210008000300", @ANYRES32=r4, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000640)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0xd0, r2, 0x200, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x7, 0x6e}}}}, [@NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x80}, @NL80211_ATTR_STA_VLAN={0x8}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x6e, 0xbe, "f88898c910dd3a6272424c6a51ba9c6bb39bad12c6727458667b65cb3ba091f8c63e132caa323070d743549b1afb20511ae6577e9e2db50df224c9f81d0acce703382930359a2064ca10a95d1a6684031ce458d657e753f2d4d4365832f6fba4e3d9ea540de073c803de"}, @NL80211_ATTR_STA_CAPABILITY={0x6}, @NL80211_ATTR_STA_FLAGS={0x20, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_SHORT_PREAMBLE={0x4}, @NL80211_STA_FLAG_MFP={0x4}, @NL80211_STA_FLAG_MFP={0x4}, @NL80211_STA_FLAG_ASSOCIATED={0x4}, @NL80211_STA_FLAG_WME={0x4}, @NL80211_STA_FLAG_ASSOCIATED={0x4}, @NL80211_STA_FLAG_WME={0x4}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="44000600", @ANYRES16=r2, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r6, @ANYBLOB="0a00340002020202020200000a00060008021100000000000800350000000000080026006c090000"], 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:24:42 executing program 2: syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setregset(0x4205, 0x0, 0x0, &(0x7f00000000c0)={0x0}) r0 = syz_clone(0xa4000000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) tkill(r0, 0x0) 19:24:42 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x30000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2504.909966][T18817] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2504.944975][T18823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2504.979391][T18817] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2504.996707][T18823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2505.031586][T18817] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2505.048409][T18823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:24:42 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x1000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:24:42 executing program 2: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000006ff67"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000008, 0xfb, 0x1, 0x0, 0x20]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:24:43 executing program 3: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000006ff67"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000008, 0xfb, 0x1, 0x0, 0x20]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:24:43 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x2000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:24:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x30000, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2505.506531][T18845] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2505.558521][T18845] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2505.615723][T18847] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:24:53 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x3000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:24:53 executing program 5: ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000100000000f7ffffdfc5c868b1f99f6e87747e8d6c791cc223c81b73000000000000000010e3ffffff0100"]) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000200)=ANY=[], 0xfffffecc) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x303000, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000140)={&(0x7f0000000280), 0xc, 0x0, 0x1, 0x0, 0x0, 0x6afddd45d02b215a}, 0x40094) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f00000006c0)={0x9b0000, 0x100, 0x200, r0, 0x0, &(0x7f0000000680)={0x990a72, 0x0, '\x00', @value=0xff}}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r5, @ANYBLOB="01edff00e200000004003b1c210008000300", @ANYRES32=r4, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000640)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0xd0, r2, 0x200, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x7, 0x6e}}}}, [@NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x80}, @NL80211_ATTR_STA_VLAN={0x8}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x6e, 0xbe, "f88898c910dd3a6272424c6a51ba9c6bb39bad12c6727458667b65cb3ba091f8c63e132caa323070d743549b1afb20511ae6577e9e2db50df224c9f81d0acce703382930359a2064ca10a95d1a6684031ce458d657e753f2d4d4365832f6fba4e3d9ea540de073c803de"}, @NL80211_ATTR_STA_CAPABILITY={0x6}, @NL80211_ATTR_STA_FLAGS={0x20, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_SHORT_PREAMBLE={0x4}, @NL80211_STA_FLAG_MFP={0x4}, @NL80211_STA_FLAG_MFP={0x4}, @NL80211_STA_FLAG_ASSOCIATED={0x4}, @NL80211_STA_FLAG_WME={0x4}, @NL80211_STA_FLAG_ASSOCIATED={0x4}, @NL80211_STA_FLAG_WME={0x4}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="44000600", @ANYRES16=r2, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r6, @ANYBLOB="0a00340002020202020200000a00060008021100000000000800350000000000080026006c090000"], 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000100000000f7ffffdfc5c868b1f99f6e87747e8d6c791cc223c81b73000000000000000010e3ffffff0100"]) (async) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000200)=ANY=[], 0xfffffecc) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x303000, 0x0) (async) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000140)={&(0x7f0000000280), 0xc, 0x0, 0x1, 0x0, 0x0, 0x6afddd45d02b215a}, 0x40094) (async) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f00000006c0)={0x9b0000, 0x100, 0x200, r0, 0x0, &(0x7f0000000680)={0x990a72, 0x0, '\x00', @value=0xff}}) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) socket$inet6_udplite(0xa, 0x2, 0x88) (async) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000240)={'wlan1\x00'}) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) (async) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r5, @ANYBLOB="01edff00e200000004003b1c210008000300", @ANYRES32=r4, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) (async) sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000640)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0xd0, r2, 0x200, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x7, 0x6e}}}}, [@NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x80}, @NL80211_ATTR_STA_VLAN={0x8}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x6e, 0xbe, "f88898c910dd3a6272424c6a51ba9c6bb39bad12c6727458667b65cb3ba091f8c63e132caa323070d743549b1afb20511ae6577e9e2db50df224c9f81d0acce703382930359a2064ca10a95d1a6684031ce458d657e753f2d4d4365832f6fba4e3d9ea540de073c803de"}, @NL80211_ATTR_STA_CAPABILITY={0x6}, @NL80211_ATTR_STA_FLAGS={0x20, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_SHORT_PREAMBLE={0x4}, @NL80211_STA_FLAG_MFP={0x4}, @NL80211_STA_FLAG_MFP={0x4}, @NL80211_STA_FLAG_ASSOCIATED={0x4}, @NL80211_STA_FLAG_WME={0x4}, @NL80211_STA_FLAG_ASSOCIATED={0x4}, @NL80211_STA_FLAG_WME={0x4}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="44000600", @ANYRES16=r2, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r6, @ANYBLOB="0a00340002020202020200000a00060008021100000000000800350000000000080026006c090000"], 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (async) 19:24:53 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x1000000, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:24:53 executing program 2: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000006ff67"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000008, 0xfb, 0x1, 0x0, 0x20]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:24:53 executing program 3: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000006ff67"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000008, 0xfb, 0x1, 0x0, 0x20]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:24:53 executing program 1: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000006ff67"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000008, 0xfb, 0x1, 0x0, 0x20]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:24:53 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x4000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2515.386686][T18856] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2515.387348][T18857] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2515.438511][T18856] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2515.440677][T18868] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2515.490341][T18856] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:24:53 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x5000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2515.492203][T18857] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2515.527448][T18857] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2515.528726][T18868] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:24:53 executing program 5: ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000100000000f7ffffdfc5c868b1f99f6e87747e8d6c791cc223c81b73000000000000000010e3ffffff0100"]) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000200)=ANY=[], 0xfffffecc) (async) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x303000, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000140)={&(0x7f0000000280), 0xc, 0x0, 0x1, 0x0, 0x0, 0x6afddd45d02b215a}, 0x40094) (async) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f00000006c0)={0x9b0000, 0x100, 0x200, r0, 0x0, &(0x7f0000000680)={0x990a72, 0x0, '\x00', @value=0xff}}) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r5, @ANYBLOB="01edff00e200000004003b1c210008000300", @ANYRES32=r4, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) (async) sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000640)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0xd0, r2, 0x200, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x7, 0x6e}}}}, [@NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x80}, @NL80211_ATTR_STA_VLAN={0x8}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x6e, 0xbe, "f88898c910dd3a6272424c6a51ba9c6bb39bad12c6727458667b65cb3ba091f8c63e132caa323070d743549b1afb20511ae6577e9e2db50df224c9f81d0acce703382930359a2064ca10a95d1a6684031ce458d657e753f2d4d4365832f6fba4e3d9ea540de073c803de"}, @NL80211_ATTR_STA_CAPABILITY={0x6}, @NL80211_ATTR_STA_FLAGS={0x20, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_SHORT_PREAMBLE={0x4}, @NL80211_STA_FLAG_MFP={0x4}, @NL80211_STA_FLAG_MFP={0x4}, @NL80211_STA_FLAG_ASSOCIATED={0x4}, @NL80211_STA_FLAG_WME={0x4}, @NL80211_STA_FLAG_ASSOCIATED={0x4}, @NL80211_STA_FLAG_WME={0x4}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="44000600", @ANYRES16=r2, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r6, @ANYBLOB="0a00340002020202020200000a00060008021100000000000800350000000000080026006c090000"], 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2515.530041][T18871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:24:53 executing program 2: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000006ff67"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000008, 0xfb, 0x1, 0x0, 0x20]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:24:53 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x6000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:24:53 executing program 3: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000006ff67"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000008, 0xfb, 0x1, 0x0, 0x20]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:24:53 executing program 5: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000040)={'gretap0\x00', &(0x7f0000000600)={'gretap0\x00', 0x0, 0x0, 0x8000, 0xfffffb21, 0x8, {{0x30, 0x4, 0x2, 0x2, 0xc0, 0x67, 0x0, 0x3, 0x4, 0x0, @loopback, @multicast1, {[@timestamp_addr={0x44, 0x54, 0x9a, 0x1, 0x4, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8000}, {@private=0xa010102}, {@rand_addr=0x64010101, 0x800}, {@broadcast, 0xff}, {@empty, 0x4}, {@remote, 0xb13}, {@local, 0x800}, {@remote, 0x4}, {@dev={0xac, 0x14, 0x14, 0x24}, 0x200}, {@empty, 0x7}]}, @generic={0x83, 0x11, "21e58633cf3474f8bc81d28b2f3f25"}, @lsrr={0x83, 0x1f, 0x37, [@local, @loopback, @empty, @private=0xa010101, @broadcast, @remote, @multicast2]}, @end, @ssrr={0x89, 0x1b, 0x14, [@private=0xa010100, @private=0xa010101, @local, @rand_addr=0x64010101, @local, @loopback]}, @noop, @noop, @ra={0x94, 0x4}, @rr={0x7, 0x3, 0x22}]}}}}}) r1 = socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) ioctl$int_in(r3, 0x5452, &(0x7f0000000040)=0xe1e5) ioctl$int_in(r3, 0x5421, &(0x7f0000000180)=0xfff) splice(r2, 0x0, r3, 0x0, 0x200002b2, 0x0) ioctl$MON_IOCX_GET(r2, 0x40189206, &(0x7f0000000400)={&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000700)=""/113, 0x71}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000540)=ANY=[@ANYBLOB="5000000008021100000108021100000008021100000000000000000000000000640001000006020202020202010882848b960c121824c93e0f64880a2c27125bd957c6c886b140303ae8391e0a138558e6a5c0a0637e0f208f1fd59d98297d67bdd3ca25ddbb6030a3e4fe51084f7f2340f4a448d4f0277f44b9e290df3f68bc4ea17a6b3b260a960a8775c59b9ececf8bdc115003efc8196b028186927331602a1d"], 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000840)=@data_frame={@qos_no_ht={{@type01={{0x0, 0x2, 0x9, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1}, {0x2}, @broadcast, @random="bd495bdb785d", @device_b, {0xd, 0x3f}}, {0xf, 0x0, 0x2, 0x0, 0x12}}, {@type01={{0x0, 0x2, 0xd, 0x0, 0x1, 0x1, 0x1}, {0x4}, @device_a, @initial, @random="e7fae2b8c06d", {0x6, 0x73}}, {0x5, 0x0, 0x0, 0x1, 0x4}}}, @a_msdu=[{@device_a, @device_a, 0xbd, "80c0674522e3b2bec017eaa8dc31648b7de6d837edc833c14b91d94868c1dbf7ba50f837fc31e4fe622874435bf6d36f61b222cec7cf808afc271f9c7e765aed5b6274f28fd6967727eca9384b2a9bb2cdc7c6540d17e809e629d535d5a6d22a066f4607fba7345bb71177dbf92fd72ea8b313b12fa46cf53ce713f7d606095f164823746dfe05edfc7949cce122251b41e9157386246d3dbc1368652fe0ad15ae1f57faa4d2160c0d86ef95c46149112f2e291ebeb450260eefd4ba71"}]}, 0x100) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24, 0x1}]}, @void}, 0x28) [ 2515.736675][T18887] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:24:53 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x2000000, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:24:53 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x7000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:24:53 executing program 2: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000002180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x7, [@union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x5}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x2e]}}, &(0x7f0000000140)=""/4096, 0x37, 0x1000, 0x1}, 0x20) [ 2515.976669][T18902] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2515.998792][T18903] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:24:53 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x8000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2516.030689][T18902] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2516.052158][T18907] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2516.082600][T18902] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2516.104202][T18907] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2528.725476][ T1225] ieee802154 phy0 wpan0: encryption failed: -22 [ 2528.725537][ T1225] ieee802154 phy1 wpan1: encryption failed: -22 [ 2528.733402][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! 19:25:10 executing program 1: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000006ff67"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000008, 0xfb, 0x1, 0x0, 0x20]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:25:10 executing program 3: r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800007, 0x11, r0, 0x0) fsmount(0xffffffffffffffff, 0x1, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(0xffffffffffffffff, 0x80189439, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6000) ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, &(0x7f0000000240)="9abdddf677582dd9e5c7fac3d5013dd7b95d5d15d678a456e3f4544f99f09b152e9b3b0d44c7e5d53a4bc7161499d05d03bb86b6a52ddfe4073a7b734565f53623f691f37ea733f616d5a809b5825a4856c60b3cfd75ddef1a95c0f7614ed7ae1a832eb8744b86a996d1f44952fa06ea0793b43ee44a050d9c34a0ed6a88c68708494d890a645a89497c8d474c43f3c1bc5123f832099ba2284a5c86247ea5aadf4dc4139bec64f08737c636fb48ea3a54cb82b1d1f3fa163ffa8b699e8ca598e825e8502d2ae00e4f93c6085f2b6ce35564af13b627d68b4f844cc06840826046c83b5d5b08f3044b7c89042641f14cd744c9bc09490b0174343f302b3d8987") io_setup(0x202, &(0x7f0000000200)=0x0) ftruncate(r1, 0xf012) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000040)={0x0, 0x2, 0x0, 0x1299}) ioctl$PTP_SYS_OFFSET(0xffffffffffffffff, 0x43403d05, &(0x7f0000000e40)) writev(0xffffffffffffffff, &(0x7f0000003500)=[{0x0}], 0x1) io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}]) 19:25:10 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f00000000c0)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000440)=ANY=[@ANYBLOB="020000000000000002000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000020000000a01010100000000001700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b8d1e314d60279f4000000000000000000000000000000000000000000000083a40000000000000000000000000000000000020000f1ffffff000000000000000000000000000004cc19610000000000000000000000000000000000235b6c798b9aeceb00000000e6ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e23ac1e00010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003c540000000000000000000000000015000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e21ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e220a01010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x410) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f00000000c0)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) dup3(r2, r1, 0x0) 19:25:10 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x9000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:25:10 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x3000000, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:25:10 executing program 5: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000040)={'gretap0\x00', &(0x7f0000000600)={'gretap0\x00', 0x0, 0x0, 0x8000, 0xfffffb21, 0x8, {{0x30, 0x4, 0x2, 0x2, 0xc0, 0x67, 0x0, 0x3, 0x4, 0x0, @loopback, @multicast1, {[@timestamp_addr={0x44, 0x54, 0x9a, 0x1, 0x4, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8000}, {@private=0xa010102}, {@rand_addr=0x64010101, 0x800}, {@broadcast, 0xff}, {@empty, 0x4}, {@remote, 0xb13}, {@local, 0x800}, {@remote, 0x4}, {@dev={0xac, 0x14, 0x14, 0x24}, 0x200}, {@empty, 0x7}]}, @generic={0x83, 0x11, "21e58633cf3474f8bc81d28b2f3f25"}, @lsrr={0x83, 0x1f, 0x37, [@local, @loopback, @empty, @private=0xa010101, @broadcast, @remote, @multicast2]}, @end, @ssrr={0x89, 0x1b, 0x14, [@private=0xa010100, @private=0xa010101, @local, @rand_addr=0x64010101, @local, @loopback]}, @noop, @noop, @ra={0x94, 0x4}, @rr={0x7, 0x3, 0x22}]}}}}}) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) (async) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) (async) ioctl$int_in(r3, 0x5452, &(0x7f0000000040)=0xe1e5) (async) ioctl$int_in(r3, 0x5421, &(0x7f0000000180)=0xfff) (async) splice(r2, 0x0, r3, 0x0, 0x200002b2, 0x0) (async, rerun: 32) ioctl$MON_IOCX_GET(r2, 0x40189206, &(0x7f0000000400)={&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000700)=""/113, 0x71}) (async, rerun: 32) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000540)=ANY=[@ANYBLOB="5000000008021100000108021100000008021100000000000000000000000000640001000006020202020202010882848b960c121824c93e0f64880a2c27125bd957c6c886b140303ae8391e0a138558e6a5c0a0637e0f208f1fd59d98297d67bdd3ca25ddbb6030a3e4fe51084f7f2340f4a448d4f0277f44b9e290df3f68bc4ea17a6b3b260a960a8775c59b9ececf8bdc115003efc8196b028186927331602a1d"], 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000840)=@data_frame={@qos_no_ht={{@type01={{0x0, 0x2, 0x9, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1}, {0x2}, @broadcast, @random="bd495bdb785d", @device_b, {0xd, 0x3f}}, {0xf, 0x0, 0x2, 0x0, 0x12}}, {@type01={{0x0, 0x2, 0xd, 0x0, 0x1, 0x1, 0x1}, {0x4}, @device_a, @initial, @random="e7fae2b8c06d", {0x6, 0x73}}, {0x5, 0x0, 0x0, 0x1, 0x4}}}, @a_msdu=[{@device_a, @device_a, 0xbd, "80c0674522e3b2bec017eaa8dc31648b7de6d837edc833c14b91d94868c1dbf7ba50f837fc31e4fe622874435bf6d36f61b222cec7cf808afc271f9c7e765aed5b6274f28fd6967727eca9384b2a9bb2cdc7c6540d17e809e629d535d5a6d22a066f4607fba7345bb71177dbf92fd72ea8b313b12fa46cf53ce713f7d606095f164823746dfe05edfc7949cce122251b41e9157386246d3dbc1368652fe0ad15ae1f57faa4d2160c0d86ef95c46149112f2e291ebeb450260eefd4ba71"}]}, 0x100) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24, 0x1}]}, @void}, 0x28) 19:25:10 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0xc000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:25:10 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000080)={0x0, 0x3234564e, 0x0, @stepwise}) 19:25:10 executing program 5: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000040)={'gretap0\x00', &(0x7f0000000600)={'gretap0\x00', 0x0, 0x0, 0x8000, 0xfffffb21, 0x8, {{0x30, 0x4, 0x2, 0x2, 0xc0, 0x67, 0x0, 0x3, 0x4, 0x0, @loopback, @multicast1, {[@timestamp_addr={0x44, 0x54, 0x9a, 0x1, 0x4, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8000}, {@private=0xa010102}, {@rand_addr=0x64010101, 0x800}, {@broadcast, 0xff}, {@empty, 0x4}, {@remote, 0xb13}, {@local, 0x800}, {@remote, 0x4}, {@dev={0xac, 0x14, 0x14, 0x24}, 0x200}, {@empty, 0x7}]}, @generic={0x83, 0x11, "21e58633cf3474f8bc81d28b2f3f25"}, @lsrr={0x83, 0x1f, 0x37, [@local, @loopback, @empty, @private=0xa010101, @broadcast, @remote, @multicast2]}, @end, @ssrr={0x89, 0x1b, 0x14, [@private=0xa010100, @private=0xa010101, @local, @rand_addr=0x64010101, @local, @loopback]}, @noop, @noop, @ra={0x94, 0x4}, @rr={0x7, 0x3, 0x22}]}}}}}) r1 = socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) ioctl$int_in(r3, 0x5452, &(0x7f0000000040)=0xe1e5) ioctl$int_in(r3, 0x5421, &(0x7f0000000180)=0xfff) splice(r2, 0x0, r3, 0x0, 0x200002b2, 0x0) ioctl$MON_IOCX_GET(r2, 0x40189206, &(0x7f0000000400)={&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000700)=""/113, 0x71}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000540)=ANY=[@ANYBLOB="5000000008021100000108021100000008021100000000000000000000000000640001000006020202020202010882848b960c121824c93e0f64880a2c27125bd957c6c886b140303ae8391e0a138558e6a5c0a0637e0f208f1fd59d98297d67bdd3ca25ddbb6030a3e4fe51084f7f2340f4a448d4f0277f44b9e290df3f68bc4ea17a6b3b260a960a8775c59b9ececf8bdc115003efc8196b028186927331602a1d"], 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000840)=@data_frame={@qos_no_ht={{@type01={{0x0, 0x2, 0x9, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1}, {0x2}, @broadcast, @random="bd495bdb785d", @device_b, {0xd, 0x3f}}, {0xf, 0x0, 0x2, 0x0, 0x12}}, {@type01={{0x0, 0x2, 0xd, 0x0, 0x1, 0x1, 0x1}, {0x4}, @device_a, @initial, @random="e7fae2b8c06d", {0x6, 0x73}}, {0x5, 0x0, 0x0, 0x1, 0x4}}}, @a_msdu=[{@device_a, @device_a, 0xbd, "80c0674522e3b2bec017eaa8dc31648b7de6d837edc833c14b91d94868c1dbf7ba50f837fc31e4fe622874435bf6d36f61b222cec7cf808afc271f9c7e765aed5b6274f28fd6967727eca9384b2a9bb2cdc7c6540d17e809e629d535d5a6d22a066f4607fba7345bb71177dbf92fd72ea8b313b12fa46cf53ce713f7d606095f164823746dfe05edfc7949cce122251b41e9157386246d3dbc1368652fe0ad15ae1f57faa4d2160c0d86ef95c46149112f2e291ebeb450260eefd4ba71"}]}, 0x100) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24, 0x1}]}, @void}, 0x28) pipe2(&(0x7f0000000000), 0x0) (async) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000040)={'gretap0\x00', &(0x7f0000000600)={'gretap0\x00', 0x0, 0x0, 0x8000, 0xfffffb21, 0x8, {{0x30, 0x4, 0x2, 0x2, 0xc0, 0x67, 0x0, 0x3, 0x4, 0x0, @loopback, @multicast1, {[@timestamp_addr={0x44, 0x54, 0x9a, 0x1, 0x4, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8000}, {@private=0xa010102}, {@rand_addr=0x64010101, 0x800}, {@broadcast, 0xff}, {@empty, 0x4}, {@remote, 0xb13}, {@local, 0x800}, {@remote, 0x4}, {@dev={0xac, 0x14, 0x14, 0x24}, 0x200}, {@empty, 0x7}]}, @generic={0x83, 0x11, "21e58633cf3474f8bc81d28b2f3f25"}, @lsrr={0x83, 0x1f, 0x37, [@local, @loopback, @empty, @private=0xa010101, @broadcast, @remote, @multicast2]}, @end, @ssrr={0x89, 0x1b, 0x14, [@private=0xa010100, @private=0xa010101, @local, @rand_addr=0x64010101, @local, @loopback]}, @noop, @noop, @ra={0x94, 0x4}, @rr={0x7, 0x3, 0x22}]}}}}}) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) pipe(&(0x7f00000001c0)) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) close(r3) (async) ioctl$int_in(r3, 0x5452, &(0x7f0000000040)=0xe1e5) (async) ioctl$int_in(r3, 0x5421, &(0x7f0000000180)=0xfff) (async) splice(r2, 0x0, r3, 0x0, 0x200002b2, 0x0) (async) ioctl$MON_IOCX_GET(r2, 0x40189206, &(0x7f0000000400)={&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000700)=""/113, 0x71}) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000540)=ANY=[@ANYBLOB="5000000008021100000108021100000008021100000000000000000000000000640001000006020202020202010882848b960c121824c93e0f64880a2c27125bd957c6c886b140303ae8391e0a138558e6a5c0a0637e0f208f1fd59d98297d67bdd3ca25ddbb6030a3e4fe51084f7f2340f4a448d4f0277f44b9e290df3f68bc4ea17a6b3b260a960a8775c59b9ececf8bdc115003efc8196b028186927331602a1d"], 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000840)=@data_frame={@qos_no_ht={{@type01={{0x0, 0x2, 0x9, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1}, {0x2}, @broadcast, @random="bd495bdb785d", @device_b, {0xd, 0x3f}}, {0xf, 0x0, 0x2, 0x0, 0x12}}, {@type01={{0x0, 0x2, 0xd, 0x0, 0x1, 0x1, 0x1}, {0x4}, @device_a, @initial, @random="e7fae2b8c06d", {0x6, 0x73}}, {0x5, 0x0, 0x0, 0x1, 0x4}}}, @a_msdu=[{@device_a, @device_a, 0xbd, "80c0674522e3b2bec017eaa8dc31648b7de6d837edc833c14b91d94868c1dbf7ba50f837fc31e4fe622874435bf6d36f61b222cec7cf808afc271f9c7e765aed5b6274f28fd6967727eca9384b2a9bb2cdc7c6540d17e809e629d535d5a6d22a066f4607fba7345bb71177dbf92fd72ea8b313b12fa46cf53ce713f7d606095f164823746dfe05edfc7949cce122251b41e9157386246d3dbc1368652fe0ad15ae1f57faa4d2160c0d86ef95c46149112f2e291ebeb450260eefd4ba71"}]}, 0x100) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24, 0x1}]}, @void}, 0x28) (async) [ 2532.522127][T18931] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2532.574244][T18931] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2532.626198][T18931] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:25:10 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000180), 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x11, 0x0, r1}, 0x14) [ 2532.723989][T18943] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:25:10 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0xe000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:25:10 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000080)={0x0, 0x3234564e, 0x0, @stepwise}) [ 2532.776281][T18943] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2532.831708][T18943] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:25:21 executing program 1: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000006ff67"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000008, 0xfb, 0x1, 0x0, 0x20]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:25:21 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x40, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:25:21 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000180), 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x11, 0x0, r1}, 0x14) 19:25:21 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x4000000, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:25:21 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0xf000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:25:21 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000080)={0x0, 0x3234564e, 0x0, @stepwise}) 19:25:21 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000180), 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x11, 0x0, r1}, 0x14) 19:25:21 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x3f000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:25:21 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000080)={0x0, 0x3234564e, 0x0, @stepwise}) [ 2543.412235][T18981] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2543.417955][T18978] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2543.463843][T18981] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2543.469399][T18978] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2543.515649][T18981] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2543.521028][T18983] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:25:21 executing program 2: r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000280)={0x8000041}, 0x10) bind$tipc(r1, 0x0, 0x0) close(r1) 19:25:21 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000180), 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x11, 0x0, r1}, 0x14) 19:25:21 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x60000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2543.802898][ T28] audit: type=1400 audit(1655061921.551:886): avc: denied { bind } for pid=18991 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 19:25:30 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x40, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x40, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (async) 19:25:30 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x5000000, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:25:30 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x38, r1, 0x121, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}]}, @ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x8, 0x3, 0x0, 0x1, [{0x3}]}]}]}, 0x38}}, 0x0) 19:25:30 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vxcan1\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000540)={0x1d, r2}, 0x18) sendmsg$can_j1939(r1, &(0x7f00000018c0)={&(0x7f0000001780)={0x1d, 0x0, 0x0, {}, 0xfe}, 0x18, &(0x7f0000001880)={&(0x7f00000017c0)='\'', 0x6fffff9}}, 0xee) syz_io_uring_setup(0x3f32, &(0x7f0000000140), &(0x7f0000ffc000/0x4000)=nil, &(0x7f00005ea000/0x4000)=nil, 0x0, 0x0) syz_io_uring_setup(0x4cdc, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 19:25:30 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0xffffff7f, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:25:30 executing program 1: r0 = socket(0x25, 0x5, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) 19:25:30 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:25:30 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000002700)=@raw={'raw\x00', 0x2008, 0x3, 0x12c8, 0x0, 0x800000a, 0x0, 0x0, 0x150, 0x1230, 0x1e8, 0x1e8, 0x1230, 0x1e8, 0x3, 0x0, {[{{@ip={@loopback=0x7f008700, @local, 0x0, 0x0, 'ip6_vti0\x00', 'bond_slave_1\x00'}, 0x0, 0x10e8, 0x1130, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x0, 0x4}}, @common=@unspec=@cgroup1={{0x1030}, {0x0, 0x4a, 0x0, 0x0, './cgroup.cpu/syz1\x00'}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x2}}}, {{@ip={@rand_addr, @rand_addr, 0x0, 0x0, 'xfrm0\x00', 'ipvlan1\x00'}, 0x0, 0x98, 0x100, 0x0, {}, [@common=@icmp={{0x28}, {0x0, 'U:'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x1328) [ 2552.662861][T19012] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2552.696337][T19014] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2552.715493][T19017] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2552.748505][T19018] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:25:30 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vxcan1\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000540)={0x1d, r2}, 0x18) sendmsg$can_j1939(r1, &(0x7f00000018c0)={&(0x7f0000001780)={0x1d, 0x0, 0x0, {}, 0xfe}, 0x18, &(0x7f0000001880)={&(0x7f00000017c0)='\'', 0x6fffff9}}, 0xee) syz_io_uring_setup(0x3f32, &(0x7f0000000140), &(0x7f0000ffc000/0x4000)=nil, &(0x7f00005ea000/0x4000)=nil, 0x0, 0x0) syz_io_uring_setup(0x4cdc, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 19:25:30 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x40, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2552.769486][T19017] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2552.787820][T19017] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2552.800352][T19014] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:25:30 executing program 2: unshare(0x2e020480) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = syz_io_uring_setup(0x3edd, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000000c0), &(0x7f0000000180)='./cgroup/cgroup.procs\x00', 0x18}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000002040)=[{{&(0x7f0000001380)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, 0x0, 0x0, 0x0, 0x3}}], 0x1, 0x0) io_uring_enter(r1, 0x2ff, 0x0, 0x0, 0x0, 0x0) 19:25:30 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x2, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2552.990574][T19035] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:25:30 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vxcan1\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000540)={0x1d, r2}, 0x18) sendmsg$can_j1939(r1, &(0x7f00000018c0)={&(0x7f0000001780)={0x1d, 0x0, 0x0, {}, 0xfe}, 0x18, &(0x7f0000001880)={&(0x7f00000017c0)='\'', 0x6fffff9}}, 0xee) syz_io_uring_setup(0x3f32, &(0x7f0000000140), &(0x7f0000ffc000/0x4000)=nil, &(0x7f00005ea000/0x4000)=nil, 0x0, 0x0) syz_io_uring_setup(0x4cdc, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) [ 2553.038208][T19033] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2553.039432][T19034] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:25:30 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x6000000, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:25:30 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x3, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:25:31 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x4, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2553.287288][T19045] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:25:31 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vxcan1\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000540)={0x1d, r2}, 0x18) sendmsg$can_j1939(r1, &(0x7f00000018c0)={&(0x7f0000001780)={0x1d, 0x0, 0x0, {}, 0xfe}, 0x18, &(0x7f0000001880)={&(0x7f00000017c0)='\'', 0x6fffff9}}, 0xee) syz_io_uring_setup(0x3f32, &(0x7f0000000140), &(0x7f0000ffc000/0x4000)=nil, &(0x7f00005ea000/0x4000)=nil, 0x0, 0x0) syz_io_uring_setup(0x4cdc, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) [ 2554.054588][ T6945] wlan1: deauthenticating from 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING) [ 2554.227360][ T6945] device hsr_slave_0 left promiscuous mode [ 2554.228051][ T6945] device hsr_slave_1 left promiscuous mode [ 2554.230248][ T6945] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2554.230286][ T6945] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2554.232581][ T6945] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2554.232609][ T6945] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2554.248096][ T6945] device bridge_slave_1 left promiscuous mode [ 2554.248240][ T6945] bridge0: port 2(bridge_slave_1) entered disabled state [ 2554.249818][ T6945] device bridge_slave_0 left promiscuous mode [ 2554.249954][ T6945] bridge0: port 1(bridge_slave_0) entered disabled state [ 2554.286835][ T6945] device veth1_macvtap left promiscuous mode [ 2554.286898][ T6945] device veth0_macvtap left promiscuous mode [ 2554.287030][ T6945] device veth1_vlan left promiscuous mode [ 2554.287139][ T6945] device veth0_vlan left promiscuous mode [ 2554.511596][ T6945] team0 (unregistering): Port device team_slave_1 removed [ 2554.525817][ T6945] team0 (unregistering): Port device team_slave_0 removed [ 2554.536894][ T6945] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2554.552957][ T6945] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2554.634212][ T6945] bond0 (unregistering): Released all slaves [ 2556.494859][ T49] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 2556.497988][ T49] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 2556.499418][ T49] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 2556.500190][ T49] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 2556.500751][ T49] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 2556.501007][ T49] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 2556.627263][T19053] chnl_net:caif_netlink_parms(): no params data found [ 2556.678435][T19053] bridge0: port 1(bridge_slave_0) entered blocking state [ 2556.678513][T19053] bridge0: port 1(bridge_slave_0) entered disabled state [ 2556.679181][T19053] device bridge_slave_0 entered promiscuous mode [ 2556.680686][T19053] bridge0: port 2(bridge_slave_1) entered blocking state [ 2556.680761][T19053] bridge0: port 2(bridge_slave_1) entered disabled state [ 2556.681531][T19053] device bridge_slave_1 entered promiscuous mode [ 2556.730399][T19053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2556.732246][T19053] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2556.777664][T19053] team0: Port device team_slave_0 added [ 2556.779295][T19053] team0: Port device team_slave_1 added [ 2556.801340][T19053] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2556.801355][T19053] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2556.801378][T19053] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2556.824519][T19053] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2556.824535][T19053] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2556.824562][T19053] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2556.904332][T19053] device hsr_slave_0 entered promiscuous mode [ 2556.905197][T19053] device hsr_slave_1 entered promiscuous mode [ 2556.905593][T19053] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2556.905610][T19053] Cannot create hsr debugfs directory [ 2556.999019][T19053] bridge0: port 2(bridge_slave_1) entered blocking state [ 2556.999066][T19053] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2556.999166][T19053] bridge0: port 1(bridge_slave_0) entered blocking state [ 2556.999211][T19053] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2557.063057][T19053] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2557.073045][T18485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2557.080773][T18485] bridge0: port 1(bridge_slave_0) entered disabled state [ 2557.081331][T18485] bridge0: port 2(bridge_slave_1) entered disabled state [ 2557.082281][T18485] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2557.111631][T19053] 8021q: adding VLAN 0 to HW filter on device team0 [ 2557.117620][T18485] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2557.118143][T18485] bridge0: port 1(bridge_slave_0) entered blocking state [ 2557.118205][T18485] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2557.123219][T18485] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2557.123688][T18485] bridge0: port 2(bridge_slave_1) entered blocking state [ 2557.123743][T18485] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2557.139812][T13310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2557.140706][T13310] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2557.150323][T13310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2557.157323][T18485] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2557.162457][T18485] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2557.167114][T19053] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2557.182566][T13310] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2557.182715][T13310] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2557.189827][T19053] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2557.504733][T18489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2557.513068][T18489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2557.514002][T18489] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2557.514597][T18489] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2557.536293][T19053] device veth0_vlan entered promiscuous mode [ 2557.542953][T19053] device veth1_vlan entered promiscuous mode [ 2557.570192][T13310] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 2557.570871][T13310] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 2557.571745][T13310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2557.577303][T19053] device veth0_macvtap entered promiscuous mode [ 2557.580841][T19053] device veth1_macvtap entered promiscuous mode [ 2557.606119][T19053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2557.606139][T19053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2557.606149][T19053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2557.606162][T19053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2557.606174][T19053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2557.606188][T19053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2557.606200][T19053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2557.606214][T19053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2557.608027][T19053] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2557.608368][T13310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2557.614170][T13310] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 2557.625507][T19053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2557.625527][T19053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2557.625536][T19053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2557.625551][T19053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2557.625563][T19053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2557.625577][T19053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2557.625588][T19053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2557.625602][T19053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2557.626873][T19053] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2557.626983][T18485] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 2557.627648][T18485] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 2557.766791][ T4346] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2557.766812][ T4346] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2557.773491][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 2557.777908][ T6945] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2557.777927][ T6945] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2557.781957][T18485] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2558.010440][T19072] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2558.054797][T18488] wlan1: authenticate with 08:02:11:00:00:00 [ 2558.054911][T18488] wlan1: bad VHT capabilities, disabling VHT [ 2558.054921][T18488] wlan1: Invalid HE elem, Disable HE [ 2558.062145][T18488] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 2558.063105][T17362] wlan1: authenticated [ 2558.063365][T19072] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2558.065374][T13310] mac80211_hwsim hwsim39 wlan1: disabling HT/VHT/HE as WMM/QoS is not supported by the AP [ 2558.083833][ T4346] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 2558.122111][T17362] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 2558.122226][T19073] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2558.122559][T17362] wlan1: associated [ 2558.567233][T18485] Bluetooth: hci2: command 0x0409 tx timeout [ 2560.653588][T13310] Bluetooth: hci2: command 0x041b tx timeout [ 2562.733585][T13310] Bluetooth: hci2: command 0x040f tx timeout 19:25:40 executing program 1: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000001680), 0x2, 0x0) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r0, 0x4008af23, 0x0) 19:25:40 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="bbf30b46680d7e6fbbce47c341324dbeb2cc5689f7c5884e7b", @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="0800050002000000"], 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) syz_80211_inject_frame(&(0x7f0000000000)=@device_b, &(0x7f00000009c0)=@mgmt_frame=@beacon={@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0xafc}, @device_b, @device_b, @random="caed153ac50f", {0x1, 0x20}}, @ver_80211n={0x0, 0x1, 0x0, 0x2, 0x0, 0x2, 0x1}}, 0xe7b3, @default, 0x1, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x8, [{0x60}, {0x16, 0x1}, {0x6c}, {0x36}, {0x12}, {0x73}, {0x18}, {0x4, 0x1}]}, @void, @val={0x4, 0x6, {0x3, 0x40, 0x6, 0x7}}, @void, @val={0x5, 0x6a, {0x69, 0x31, 0x1, "9a4891d0cc88ac572804304c9ed013f9625beb8774ea4458d79d50e8ede27732386a14a7d9a09a397e168ee222c3afa3c6185fd5bc357cc316255c798bbb2a31121d286ee6f57c0e98b46c225a3d2e5a6be4164db6dcf6e1e0b59a9099a6d38c56975f585a3975"}}, @val={0x25, 0x3, {0x0, 0x8c, 0x2}}, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @void, @val={0x2d, 0x1a, {0x400, 0x0, 0x7, 0x0, {0x7, 0xa47, 0x0, 0x20, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x8, 0x7fe, 0xff}}, @val={0x72, 0x6}, @void, @void, [{0xdd, 0x6e, "4eba20bbf098f7fbc9b6e025744fd531f9743e29533c420a0857b9fc445a3dbd5a49f9f69c7e05dbb6b655098396dab9a9b774db804c55a5f85a110fb6211326eb60a5e52e012e58c8209a3a56e8dca0fe89e9d2e4bc46f2307d5d59cfc1700a3535111ea3005e93099bb0e5ef47"}, {0xdd, 0xcb, "de7b229a2b14baaedf49b87e3bf9615e23ec0a977f806cf875124eec66e2392249a4dad0e02f1763e6155411ca0ad8a3513bf996cce54c9a20e6b480c7d2f346e2c512cddb36cd35950b88bef7bc220f442f929c65736edc3b86447a7a5df1307fe63b82fbb4f8ed94293e1795bd3b73976ad1928ce346e81e5f06064410cfeac233a910d65a80605c408c225db1cddf1ca95653fcf5ac1b3da54274c14a408cd6542b5df2e6a047cbf87303ca79d8fd5ea93e9fd95de6af090bbefaa79e2c9b39f78f87b3b2b8049c2826"}, {0xdd, 0x7a, "6e2a5f88ee3482484fc215c8370285ad116bb25ca6f0b69efab03be3bfcf530890326c83564fed6745701f6c3e054f8213aba75725ab5391f01d982be7865b10813785a4264ea43845c46c33ecaab52684e578d9122dc543ef0a7e4f4c4e5bcbbc805ad286436bf4bb24e7b70c1a4d1080a30f50ed2bc06443cc"}, {0xdd, 0x17, "08010d0a01e83a5f5b9831487b6c000000000000000000"}, {0xdd, 0xd5, "ece85921935de1ca634bd3a8b21ea696a28e9888cea754a577dffe233b30e9f1629f7c64e1752b63be9c8a14f445c639444175dd6ad9418e7f0b0b0e76153b6a49ac88121e85f80f51e4e76062aac2bd4b40dabd1a30316e48fe7353f6003b6151867004e186e1b4589c50773a4e9f2caccd9b61655e9eb01d3a58291cb6c4279469be67eb01b39788fbcb8c6d4c3fe7b167b09161580ea58502057195d79392f7709c2a1bb098430cdd5ca49ef4a3b02f48a673a2ae7d6014b939ab612573a34931a0d67ce90ebddc11e58b5d08135b1e0b0fa4b9"}, {0xdd, 0xd9, "fbca466a2db7428a5d2538824186ce8b5746b6b52ef3ee8a536ddf7cd8659ceb7d78f07d0bd58b6f195be29f9a6b6f8650a37edf2dd5126df4e55e6b7080c3c4048595788282ffd5ae0674aedcdf725f7d1b31391cd1fdce3dfcc06218613dfe57047e4f27c221fd077ad7816529d0fdb18f503aa0137bafd826e70e56990055018264cd9be5a577b538d503fb31c6eea9bc96dd24888c1ea739a4cf0ae8caf283425e83214b24faad0c2adced87bc4f7efc5602806fb2bad3b0a764a960c3fed715d220b7ca3e2588f933a8046423887d8260aeb035b0f078"}]}, 0x495) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:25:40 executing program 3: unshare(0x2e020480) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = syz_io_uring_setup(0x3edd, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000000c0), &(0x7f0000000180)='./cgroup/cgroup.procs\x00', 0x18}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000002040)=[{{&(0x7f0000001380)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, 0x0, 0x0, 0x0, 0x3}}], 0x1, 0x0) io_uring_enter(r1, 0x2ff, 0x0, 0x0, 0x0, 0x0) 19:25:40 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x5, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:25:40 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x7000000, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:25:40 executing program 2: unshare(0x2e020480) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = syz_io_uring_setup(0x3edd, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000000c0), &(0x7f0000000180)='./cgroup/cgroup.procs\x00', 0x18}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000002040)=[{{&(0x7f0000001380)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, 0x0, 0x0, 0x0, 0x3}}], 0x1, 0x0) io_uring_enter(r1, 0x2ff, 0x0, 0x0, 0x0, 0x0) [ 2563.047852][ T28] audit: type=1400 audit(1655061940.801:887): avc: denied { create } for pid=19074 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 19:25:40 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x6, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2563.119318][T19081] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2563.139260][T19084] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:25:41 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x7, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2563.187556][T19086] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2563.195622][T19087] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2563.197057][T19084] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2563.245019][T19081] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:25:41 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x8, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2563.248824][T19084] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:25:41 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x9, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:25:41 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="bbf30b46680d7e6fbbce47c341324dbeb2cc5689f7c5884e7b", @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="0800050002000000"], 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) syz_80211_inject_frame(&(0x7f0000000000)=@device_b, &(0x7f00000009c0)=@mgmt_frame=@beacon={@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0xafc}, @device_b, @device_b, @random="caed153ac50f", {0x1, 0x20}}, @ver_80211n={0x0, 0x1, 0x0, 0x2, 0x0, 0x2, 0x1}}, 0xe7b3, @default, 0x1, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x8, [{0x60}, {0x16, 0x1}, {0x6c}, {0x36}, {0x12}, {0x73}, {0x18}, {0x4, 0x1}]}, @void, @val={0x4, 0x6, {0x3, 0x40, 0x6, 0x7}}, @void, @val={0x5, 0x6a, {0x69, 0x31, 0x1, "9a4891d0cc88ac572804304c9ed013f9625beb8774ea4458d79d50e8ede27732386a14a7d9a09a397e168ee222c3afa3c6185fd5bc357cc316255c798bbb2a31121d286ee6f57c0e98b46c225a3d2e5a6be4164db6dcf6e1e0b59a9099a6d38c56975f585a3975"}}, @val={0x25, 0x3, {0x0, 0x8c, 0x2}}, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @void, @val={0x2d, 0x1a, {0x400, 0x0, 0x7, 0x0, {0x7, 0xa47, 0x0, 0x20, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x8, 0x7fe, 0xff}}, @val={0x72, 0x6}, @void, @void, [{0xdd, 0x6e, "4eba20bbf098f7fbc9b6e025744fd531f9743e29533c420a0857b9fc445a3dbd5a49f9f69c7e05dbb6b655098396dab9a9b774db804c55a5f85a110fb6211326eb60a5e52e012e58c8209a3a56e8dca0fe89e9d2e4bc46f2307d5d59cfc1700a3535111ea3005e93099bb0e5ef47"}, {0xdd, 0xcb, "de7b229a2b14baaedf49b87e3bf9615e23ec0a977f806cf875124eec66e2392249a4dad0e02f1763e6155411ca0ad8a3513bf996cce54c9a20e6b480c7d2f346e2c512cddb36cd35950b88bef7bc220f442f929c65736edc3b86447a7a5df1307fe63b82fbb4f8ed94293e1795bd3b73976ad1928ce346e81e5f06064410cfeac233a910d65a80605c408c225db1cddf1ca95653fcf5ac1b3da54274c14a408cd6542b5df2e6a047cbf87303ca79d8fd5ea93e9fd95de6af090bbefaa79e2c9b39f78f87b3b2b8049c2826"}, {0xdd, 0x7a, "6e2a5f88ee3482484fc215c8370285ad116bb25ca6f0b69efab03be3bfcf530890326c83564fed6745701f6c3e054f8213aba75725ab5391f01d982be7865b10813785a4264ea43845c46c33ecaab52684e578d9122dc543ef0a7e4f4c4e5bcbbc805ad286436bf4bb24e7b70c1a4d1080a30f50ed2bc06443cc"}, {0xdd, 0x17, "08010d0a01e83a5f5b9831487b6c000000000000000000"}, {0xdd, 0xd5, "ece85921935de1ca634bd3a8b21ea696a28e9888cea754a577dffe233b30e9f1629f7c64e1752b63be9c8a14f445c639444175dd6ad9418e7f0b0b0e76153b6a49ac88121e85f80f51e4e76062aac2bd4b40dabd1a30316e48fe7353f6003b6151867004e186e1b4589c50773a4e9f2caccd9b61655e9eb01d3a58291cb6c4279469be67eb01b39788fbcb8c6d4c3fe7b167b09161580ea58502057195d79392f7709c2a1bb098430cdd5ca49ef4a3b02f48a673a2ae7d6014b939ab612573a34931a0d67ce90ebddc11e58b5d08135b1e0b0fa4b9"}, {0xdd, 0xd9, "fbca466a2db7428a5d2538824186ce8b5746b6b52ef3ee8a536ddf7cd8659ceb7d78f07d0bd58b6f195be29f9a6b6f8650a37edf2dd5126df4e55e6b7080c3c4048595788282ffd5ae0674aedcdf725f7d1b31391cd1fdce3dfcc06218613dfe57047e4f27c221fd077ad7816529d0fdb18f503aa0137bafd826e70e56990055018264cd9be5a577b538d503fb31c6eea9bc96dd24888c1ea739a4cf0ae8caf283425e83214b24faad0c2adced87bc4f7efc5602806fb2bad3b0a764a960c3fed715d220b7ca3e2588f933a8046423887d8260aeb035b0f078"}]}, 0x495) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:25:41 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x8000000, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2563.735702][T19097] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2563.758838][T19100] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2563.810469][T19099] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2563.811718][T19099] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2563.812815][T19100] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2564.445744][ T4346] wlan1: deauthenticating from 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING) [ 2564.615908][ T4346] device hsr_slave_0 left promiscuous mode [ 2564.616581][ T4346] device hsr_slave_1 left promiscuous mode [ 2564.617304][ T4346] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2564.617389][ T4346] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2564.619701][ T4346] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2564.619727][ T4346] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2564.621935][ T4346] device bridge_slave_1 left promiscuous mode [ 2564.622079][ T4346] bridge0: port 2(bridge_slave_1) entered disabled state [ 2564.624682][ T4346] device bridge_slave_0 left promiscuous mode [ 2564.624818][ T4346] bridge0: port 1(bridge_slave_0) entered disabled state [ 2564.638171][ T4346] device veth1_macvtap left promiscuous mode [ 2564.638239][ T4346] device veth0_macvtap left promiscuous mode [ 2564.638372][ T4346] device veth1_vlan left promiscuous mode [ 2564.638466][ T4346] device veth0_vlan left promiscuous mode [ 2564.901044][ T4346] team0 (unregistering): Port device team_slave_1 removed [ 2564.922012][ T4346] team0 (unregistering): Port device team_slave_0 removed [ 2564.934201][ T4346] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2564.952434][ T4346] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2565.036637][ T4346] bond0 (unregistering): Released all slaves [ 2566.890625][ T49] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 2566.895055][ T49] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 2566.903751][ T49] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 2566.909965][ T49] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 2566.910436][ T49] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 2566.910688][ T49] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 2567.024025][T19102] chnl_net:caif_netlink_parms(): no params data found [ 2567.073163][T19102] bridge0: port 1(bridge_slave_0) entered blocking state [ 2567.073348][T19102] bridge0: port 1(bridge_slave_0) entered disabled state [ 2567.074023][T19102] device bridge_slave_0 entered promiscuous mode [ 2567.075486][T19102] bridge0: port 2(bridge_slave_1) entered blocking state [ 2567.075555][T19102] bridge0: port 2(bridge_slave_1) entered disabled state [ 2567.076245][T19102] device bridge_slave_1 entered promiscuous mode [ 2567.107599][T19102] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2567.110140][T19102] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2567.157587][T19102] team0: Port device team_slave_0 added [ 2567.161541][T19102] team0: Port device team_slave_1 added [ 2567.184059][T19102] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2567.184076][T19102] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2567.184102][T19102] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2567.186108][T19102] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2567.186121][T19102] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2567.186149][T19102] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2567.277424][T19102] device hsr_slave_0 entered promiscuous mode [ 2567.293923][T19102] device hsr_slave_1 entered promiscuous mode [ 2567.301925][T19102] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2567.301950][T19102] Cannot create hsr debugfs directory [ 2567.390374][T19102] bridge0: port 2(bridge_slave_1) entered blocking state [ 2567.390414][T19102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2567.390517][T19102] bridge0: port 1(bridge_slave_0) entered blocking state [ 2567.390558][T19102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2567.442200][T19102] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2567.450881][T18486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2567.451947][T18486] bridge0: port 1(bridge_slave_0) entered disabled state [ 2567.458759][T18486] bridge0: port 2(bridge_slave_1) entered disabled state [ 2567.473762][T18486] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2567.490953][T19102] 8021q: adding VLAN 0 to HW filter on device team0 [ 2567.501426][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2567.501936][T18488] bridge0: port 1(bridge_slave_0) entered blocking state [ 2567.501997][T18488] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2567.507720][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2567.508207][T18488] bridge0: port 2(bridge_slave_1) entered blocking state [ 2567.508266][T18488] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2567.527153][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2567.528091][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2567.533382][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2567.540771][T18486] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2567.547602][T18486] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2567.551261][T19102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2567.567009][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2567.567146][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2567.574847][T19102] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2567.873898][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2567.885900][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2567.886722][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2567.887271][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2567.891349][T19102] device veth0_vlan entered promiscuous mode [ 2567.899848][T19102] device veth1_vlan entered promiscuous mode [ 2567.919212][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 2567.919816][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 2567.920766][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2567.926147][T19102] device veth0_macvtap entered promiscuous mode [ 2567.929579][T19102] device veth1_macvtap entered promiscuous mode [ 2567.948904][T19102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2567.948925][T19102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2567.948934][T19102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2567.948956][T19102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2567.948969][T19102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2567.948983][T19102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2567.948995][T19102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2567.949009][T19102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2567.950735][T19102] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2567.950848][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2567.955591][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 2567.964968][T19102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2567.964988][T19102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2567.964997][T19102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2567.965011][T19102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2567.965023][T19102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2567.965037][T19102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2567.965048][T19102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2567.965062][T19102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2567.966804][T19102] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2567.967158][T18486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 2568.110449][ T6945] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2568.110468][ T6945] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2568.151468][T18485] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 2568.162466][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2568.162485][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2568.168379][T18489] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2568.339299][T19121] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2568.378298][T18489] wlan1: authenticate with 08:02:11:00:00:00 [ 2568.378362][T18489] wlan1: bad VHT capabilities, disabling VHT [ 2568.378367][T18489] wlan1: Invalid HE elem, Disable HE [ 2568.382627][T18489] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 2568.391657][T19122] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2568.392130][ T42] wlan1: authenticated [ 2568.394040][T18489] mac80211_hwsim hwsim41 wlan1: disabling HT/VHT/HE as WMM/QoS is not supported by the AP [ 2568.404805][ T42] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 2568.443212][T19121] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2568.443365][ T42] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 2568.443804][ T42] wlan1: associated [ 2568.963923][ T144] Bluetooth: hci2: command 0x0409 tx timeout [ 2571.053537][T18489] Bluetooth: hci2: command 0x041b tx timeout [ 2573.124464][T18489] Bluetooth: hci2: command 0x040f tx timeout [ 2575.203474][T18489] Bluetooth: hci2: command 0x0419 tx timeout 19:25:54 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00002c7000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:25:54 executing program 3: unshare(0x2e020480) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = syz_io_uring_setup(0x3edd, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000000c0), &(0x7f0000000180)='./cgroup/cgroup.procs\x00', 0x18}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000002040)=[{{&(0x7f0000001380)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, 0x0, 0x0, 0x0, 0x3}}], 0x1, 0x0) io_uring_enter(r1, 0x2ff, 0x0, 0x0, 0x0, 0x0) 19:25:54 executing program 2: unshare(0x2e020480) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = syz_io_uring_setup(0x3edd, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000000c0), &(0x7f0000000180)='./cgroup/cgroup.procs\x00', 0x18}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000002040)=[{{&(0x7f0000001380)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, 0x0, 0x0, 0x0, 0x3}}], 0x1, 0x0) io_uring_enter(r1, 0x2ff, 0x0, 0x0, 0x0, 0x0) 19:25:54 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x9000000, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:25:54 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0xc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:25:54 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="bbf30b46680d7e6fbbce47c341324dbeb2cc5689f7c5884e7b", @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="0800050002000000"], 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) syz_80211_inject_frame(&(0x7f0000000000)=@device_b, &(0x7f00000009c0)=@mgmt_frame=@beacon={@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0xafc}, @device_b, @device_b, @random="caed153ac50f", {0x1, 0x20}}, @ver_80211n={0x0, 0x1, 0x0, 0x2, 0x0, 0x2, 0x1}}, 0xe7b3, @default, 0x1, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x8, [{0x60}, {0x16, 0x1}, {0x6c}, {0x36}, {0x12}, {0x73}, {0x18}, {0x4, 0x1}]}, @void, @val={0x4, 0x6, {0x3, 0x40, 0x6, 0x7}}, @void, @val={0x5, 0x6a, {0x69, 0x31, 0x1, "9a4891d0cc88ac572804304c9ed013f9625beb8774ea4458d79d50e8ede27732386a14a7d9a09a397e168ee222c3afa3c6185fd5bc357cc316255c798bbb2a31121d286ee6f57c0e98b46c225a3d2e5a6be4164db6dcf6e1e0b59a9099a6d38c56975f585a3975"}}, @val={0x25, 0x3, {0x0, 0x8c, 0x2}}, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @void, @val={0x2d, 0x1a, {0x400, 0x0, 0x7, 0x0, {0x7, 0xa47, 0x0, 0x20, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x8, 0x7fe, 0xff}}, @val={0x72, 0x6}, @void, @void, [{0xdd, 0x6e, "4eba20bbf098f7fbc9b6e025744fd531f9743e29533c420a0857b9fc445a3dbd5a49f9f69c7e05dbb6b655098396dab9a9b774db804c55a5f85a110fb6211326eb60a5e52e012e58c8209a3a56e8dca0fe89e9d2e4bc46f2307d5d59cfc1700a3535111ea3005e93099bb0e5ef47"}, {0xdd, 0xcb, "de7b229a2b14baaedf49b87e3bf9615e23ec0a977f806cf875124eec66e2392249a4dad0e02f1763e6155411ca0ad8a3513bf996cce54c9a20e6b480c7d2f346e2c512cddb36cd35950b88bef7bc220f442f929c65736edc3b86447a7a5df1307fe63b82fbb4f8ed94293e1795bd3b73976ad1928ce346e81e5f06064410cfeac233a910d65a80605c408c225db1cddf1ca95653fcf5ac1b3da54274c14a408cd6542b5df2e6a047cbf87303ca79d8fd5ea93e9fd95de6af090bbefaa79e2c9b39f78f87b3b2b8049c2826"}, {0xdd, 0x7a, "6e2a5f88ee3482484fc215c8370285ad116bb25ca6f0b69efab03be3bfcf530890326c83564fed6745701f6c3e054f8213aba75725ab5391f01d982be7865b10813785a4264ea43845c46c33ecaab52684e578d9122dc543ef0a7e4f4c4e5bcbbc805ad286436bf4bb24e7b70c1a4d1080a30f50ed2bc06443cc"}, {0xdd, 0x17, "08010d0a01e83a5f5b9831487b6c000000000000000000"}, {0xdd, 0xd5, "ece85921935de1ca634bd3a8b21ea696a28e9888cea754a577dffe233b30e9f1629f7c64e1752b63be9c8a14f445c639444175dd6ad9418e7f0b0b0e76153b6a49ac88121e85f80f51e4e76062aac2bd4b40dabd1a30316e48fe7353f6003b6151867004e186e1b4589c50773a4e9f2caccd9b61655e9eb01d3a58291cb6c4279469be67eb01b39788fbcb8c6d4c3fe7b167b09161580ea58502057195d79392f7709c2a1bb098430cdd5ca49ef4a3b02f48a673a2ae7d6014b939ab612573a34931a0d67ce90ebddc11e58b5d08135b1e0b0fa4b9"}, {0xdd, 0xd9, "fbca466a2db7428a5d2538824186ce8b5746b6b52ef3ee8a536ddf7cd8659ceb7d78f07d0bd58b6f195be29f9a6b6f8650a37edf2dd5126df4e55e6b7080c3c4048595788282ffd5ae0674aedcdf725f7d1b31391cd1fdce3dfcc06218613dfe57047e4f27c221fd077ad7816529d0fdb18f503aa0137bafd826e70e56990055018264cd9be5a577b538d503fb31c6eea9bc96dd24888c1ea739a4cf0ae8caf283425e83214b24faad0c2adced87bc4f7efc5602806fb2bad3b0a764a960c3fed715d220b7ca3e2588f933a8046423887d8260aeb035b0f078"}]}, 0x495) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="bbf30b46680d7e6fbbce47c341324dbeb2cc5689f7c5884e7b", @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="0800050002000000"], 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) syz_80211_inject_frame(&(0x7f0000000000)=@device_b, &(0x7f00000009c0)=@mgmt_frame=@beacon={@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0xafc}, @device_b, @device_b, @random="caed153ac50f", {0x1, 0x20}}, @ver_80211n={0x0, 0x1, 0x0, 0x2, 0x0, 0x2, 0x1}}, 0xe7b3, @default, 0x1, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x8, [{0x60}, {0x16, 0x1}, {0x6c}, {0x36}, {0x12}, {0x73}, {0x18}, {0x4, 0x1}]}, @void, @val={0x4, 0x6, {0x3, 0x40, 0x6, 0x7}}, @void, @val={0x5, 0x6a, {0x69, 0x31, 0x1, "9a4891d0cc88ac572804304c9ed013f9625beb8774ea4458d79d50e8ede27732386a14a7d9a09a397e168ee222c3afa3c6185fd5bc357cc316255c798bbb2a31121d286ee6f57c0e98b46c225a3d2e5a6be4164db6dcf6e1e0b59a9099a6d38c56975f585a3975"}}, @val={0x25, 0x3, {0x0, 0x8c, 0x2}}, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @void, @val={0x2d, 0x1a, {0x400, 0x0, 0x7, 0x0, {0x7, 0xa47, 0x0, 0x20, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x8, 0x7fe, 0xff}}, @val={0x72, 0x6}, @void, @void, [{0xdd, 0x6e, "4eba20bbf098f7fbc9b6e025744fd531f9743e29533c420a0857b9fc445a3dbd5a49f9f69c7e05dbb6b655098396dab9a9b774db804c55a5f85a110fb6211326eb60a5e52e012e58c8209a3a56e8dca0fe89e9d2e4bc46f2307d5d59cfc1700a3535111ea3005e93099bb0e5ef47"}, {0xdd, 0xcb, "de7b229a2b14baaedf49b87e3bf9615e23ec0a977f806cf875124eec66e2392249a4dad0e02f1763e6155411ca0ad8a3513bf996cce54c9a20e6b480c7d2f346e2c512cddb36cd35950b88bef7bc220f442f929c65736edc3b86447a7a5df1307fe63b82fbb4f8ed94293e1795bd3b73976ad1928ce346e81e5f06064410cfeac233a910d65a80605c408c225db1cddf1ca95653fcf5ac1b3da54274c14a408cd6542b5df2e6a047cbf87303ca79d8fd5ea93e9fd95de6af090bbefaa79e2c9b39f78f87b3b2b8049c2826"}, {0xdd, 0x7a, "6e2a5f88ee3482484fc215c8370285ad116bb25ca6f0b69efab03be3bfcf530890326c83564fed6745701f6c3e054f8213aba75725ab5391f01d982be7865b10813785a4264ea43845c46c33ecaab52684e578d9122dc543ef0a7e4f4c4e5bcbbc805ad286436bf4bb24e7b70c1a4d1080a30f50ed2bc06443cc"}, {0xdd, 0x17, "08010d0a01e83a5f5b9831487b6c000000000000000000"}, {0xdd, 0xd5, "ece85921935de1ca634bd3a8b21ea696a28e9888cea754a577dffe233b30e9f1629f7c64e1752b63be9c8a14f445c639444175dd6ad9418e7f0b0b0e76153b6a49ac88121e85f80f51e4e76062aac2bd4b40dabd1a30316e48fe7353f6003b6151867004e186e1b4589c50773a4e9f2caccd9b61655e9eb01d3a58291cb6c4279469be67eb01b39788fbcb8c6d4c3fe7b167b09161580ea58502057195d79392f7709c2a1bb098430cdd5ca49ef4a3b02f48a673a2ae7d6014b939ab612573a34931a0d67ce90ebddc11e58b5d08135b1e0b0fa4b9"}, {0xdd, 0xd9, "fbca466a2db7428a5d2538824186ce8b5746b6b52ef3ee8a536ddf7cd8659ceb7d78f07d0bd58b6f195be29f9a6b6f8650a37edf2dd5126df4e55e6b7080c3c4048595788282ffd5ae0674aedcdf725f7d1b31391cd1fdce3dfcc06218613dfe57047e4f27c221fd077ad7816529d0fdb18f503aa0137bafd826e70e56990055018264cd9be5a577b538d503fb31c6eea9bc96dd24888c1ea739a4cf0ae8caf283425e83214b24faad0c2adced87bc4f7efc5602806fb2bad3b0a764a960c3fed715d220b7ca3e2588f933a8046423887d8260aeb035b0f078"}]}, 0x495) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (async) 19:25:54 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0xe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2576.623729][T19135] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2576.637076][T19132] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2576.680461][T19135] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2576.693641][T19135] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2576.749738][T19135] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:25:54 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0xf, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:25:54 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000005c0)=@ctrl_frame=@bar={{}, {0x4}, @broadcast, @device_b, @basic={{0x1, 0x0, 0x0, 0x0, 0x1}, {0x6, 0x77}}}, 0x14) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:25:54 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x60, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2577.056130][T19148] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2577.107786][T19148] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:25:54 executing program 2: unshare(0x2e020480) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = syz_io_uring_setup(0x3edd, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000000c0), &(0x7f0000000180)='./cgroup/cgroup.procs\x00', 0x18}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000002040)=[{{&(0x7f0000001380)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, 0x0, 0x0, 0x0, 0x3}}], 0x1, 0x0) io_uring_enter(r1, 0x2ff, 0x0, 0x0, 0x0, 0x0) [ 2577.159608][T19148] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:25:55 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x300, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:25:55 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x500, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2577.608330][ T42] wlan1: deauthenticating from 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING) [ 2577.846554][ T42] device hsr_slave_0 left promiscuous mode [ 2577.847213][ T42] device hsr_slave_1 left promiscuous mode [ 2577.847845][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2577.847874][ T42] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2577.849829][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2577.849854][ T42] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2577.851720][ T42] device bridge_slave_1 left promiscuous mode [ 2577.851857][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 2577.860455][ T42] device bridge_slave_0 left promiscuous mode [ 2577.860603][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 2577.871927][ T42] device veth1_macvtap left promiscuous mode [ 2577.871982][ T42] device veth0_macvtap left promiscuous mode [ 2577.872099][ T42] device veth1_vlan left promiscuous mode [ 2577.872181][ T42] device veth0_vlan left promiscuous mode [ 2578.262052][ T42] team0 (unregistering): Port device team_slave_1 removed [ 2578.272744][ T42] team0 (unregistering): Port device team_slave_0 removed [ 2578.285179][ T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2578.289562][ T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2578.370976][ T42] bond0 (unregistering): Released all slaves [ 2580.340060][ T49] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 2580.350460][ T49] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 2580.352856][ T49] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 2580.354136][ T49] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 2580.354600][ T49] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 2580.354844][ T49] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 2580.462424][T19158] chnl_net:caif_netlink_parms(): no params data found [ 2580.510316][T19158] bridge0: port 1(bridge_slave_0) entered blocking state [ 2580.510443][T19158] bridge0: port 1(bridge_slave_0) entered disabled state [ 2580.511701][T19158] device bridge_slave_0 entered promiscuous mode [ 2580.516935][T19158] bridge0: port 2(bridge_slave_1) entered blocking state [ 2580.517056][T19158] bridge0: port 2(bridge_slave_1) entered disabled state [ 2580.518216][T19158] device bridge_slave_1 entered promiscuous mode [ 2580.569099][T19158] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2580.572034][T19158] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2580.611073][T19158] team0: Port device team_slave_0 added [ 2580.612616][T19158] team0: Port device team_slave_1 added [ 2580.635888][T19158] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2580.635904][T19158] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2580.635923][T19158] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2580.637162][T19158] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2580.637174][T19158] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2580.637195][T19158] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2580.733346][T19158] device hsr_slave_0 entered promiscuous mode [ 2580.744774][T19158] device hsr_slave_1 entered promiscuous mode [ 2580.751142][T19158] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2580.751166][T19158] Cannot create hsr debugfs directory [ 2580.871778][T19158] bridge0: port 2(bridge_slave_1) entered blocking state [ 2580.871826][T19158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2580.871928][T19158] bridge0: port 1(bridge_slave_0) entered blocking state [ 2580.871968][T19158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2580.927704][T19158] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2580.936998][T18485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2580.940123][T18485] bridge0: port 1(bridge_slave_0) entered disabled state [ 2580.947562][T18485] bridge0: port 2(bridge_slave_1) entered disabled state [ 2580.961928][T18485] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2580.976019][T19158] 8021q: adding VLAN 0 to HW filter on device team0 [ 2580.990274][ T1693] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2580.990566][ T1693] bridge0: port 1(bridge_slave_0) entered blocking state [ 2580.990605][ T1693] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2580.990874][ T1693] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2580.991131][ T1693] bridge0: port 2(bridge_slave_1) entered blocking state [ 2580.991162][ T1693] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2581.031962][T13310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2581.033046][T13310] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2581.048296][T13310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2581.056237][T18485] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2581.070058][T13310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2581.074782][T19158] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2581.118748][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2581.118890][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2581.124396][T19158] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2581.395174][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2581.407081][T18489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2581.407953][T18489] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2581.408514][T18489] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2581.412390][T19158] device veth0_vlan entered promiscuous mode [ 2581.428772][T19158] device veth1_vlan entered promiscuous mode [ 2581.465145][T18489] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 2581.465752][T18489] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 2581.468272][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 2581.468722][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2581.476630][T19158] device veth0_macvtap entered promiscuous mode [ 2581.484694][T19158] device veth1_macvtap entered promiscuous mode [ 2581.503136][T19158] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2581.503156][T19158] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2581.505521][T19158] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2581.505538][T19158] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2581.505557][T19158] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2581.505571][T19158] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2581.505589][T19158] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2581.505603][T19158] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2581.511233][T19158] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2581.511351][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 2581.513888][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 2581.514493][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 2581.515080][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2581.519708][T19158] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2581.519728][T19158] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2581.519739][T19158] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2581.519754][T19158] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2581.519767][T19158] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2581.519782][T19158] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2581.519794][T19158] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2581.519809][T19158] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2581.521100][T19158] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2581.521206][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 2581.521873][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 2581.672629][ T7036] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2581.672649][ T7036] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2581.679534][T18489] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 2581.728550][T17362] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2581.728570][T17362] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2581.732705][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2581.930329][T19178] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2581.975012][T18489] wlan1: authenticate with 08:02:11:00:00:00 [ 2581.975117][T18489] wlan1: bad VHT capabilities, disabling VHT [ 2581.975123][T18489] wlan1: Invalid HE elem, Disable HE [ 2581.978292][T18489] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 2581.982183][T19179] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2581.982364][ T4346] wlan1: authenticated [ 2581.984006][T18489] mac80211_hwsim hwsim43 wlan1: disabling HT/VHT/HE as WMM/QoS is not supported by the AP [ 2582.008607][ T7036] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 2582.034248][T19178] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2582.035088][ T4346] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 2582.035394][ T4346] wlan1: associated [ 2582.403899][T18485] Bluetooth: hci2: command 0x0409 tx timeout [ 2584.493392][ T1693] Bluetooth: hci2: command 0x041b tx timeout [ 2586.574203][ T1693] Bluetooth: hci2: command 0x040f tx timeout 19:26:05 executing program 1: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r0, &(0x7f0000000240), 0x14) 19:26:05 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000005c0)=@ctrl_frame=@bar={{}, {0x4}, @broadcast, @device_b, @basic={{0x1, 0x0, 0x0, 0x0, 0x1}, {0x6, 0x77}}}, 0x14) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:26:05 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x600, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:26:05 executing program 3: unshare(0x2e020480) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = syz_io_uring_setup(0x3edd, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000000c0), &(0x7f0000000180)='./cgroup/cgroup.procs\x00', 0x18}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000002040)=[{{&(0x7f0000001380)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, 0x0, 0x0, 0x0, 0x3}}], 0x1, 0x0) io_uring_enter(r1, 0x2ff, 0x0, 0x0, 0x0, 0x0) 19:26:05 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000800)="8a", 0x1}], 0x1}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) dup3(r0, r1, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000800)="8a", 0x1}], 0x1}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000024000b0f00"/20, @ANYRES32=r5, @ANYBLOB="00000000ffffffff0000000008000100687462001c0002001800020003"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x68, 0x28, 0xd27, 0x0, 0x0, {0x0, 0xa, 0x0, r5, {0xf}}, [@filter_kind_options=@f_bpf={{0x8}, {0x34, 0x2, [@TCA_BPF_ACT={0x30, 0x1, [@m_xt={0x2c, 0x0, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x2}}]}, 0x68}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x68, 0x28, 0xd27, 0x0, 0x0, {0x0, 0xa, 0x0, r2, {0xf}}, [@filter_kind_options=@f_bpf={{0x8}, {0x34, 0x2, [@TCA_BPF_ACT={0x30, 0x1, [@m_xt={0x2c, 0x0, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x2}}]}, 0x68}}, 0x0) 19:26:05 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0xe000000, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:26:05 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x700, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:26:05 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000005c0)=@ctrl_frame=@bar={{}, {0x4}, @broadcast, @device_b, @basic={{0x1, 0x0, 0x0, 0x0, 0x1}, {0x6, 0x77}}}, 0x14) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000005c0)=@ctrl_frame=@bar={{}, {0x4}, @broadcast, @device_b, @basic={{0x1, 0x0, 0x0, 0x0, 0x1}, {0x6, 0x77}}}, 0x14) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (async) [ 2587.949069][T19188] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2587.971080][T19189] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:26:05 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000800)="8a", 0x1}], 0x1}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) dup3(r0, r1, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000800)="8a", 0x1}], 0x1}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000024000b0f00"/20, @ANYRES32=r5, @ANYBLOB="00000000ffffffff0000000008000100687462001c0002001800020003"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x68, 0x28, 0xd27, 0x0, 0x0, {0x0, 0xa, 0x0, r5, {0xf}}, [@filter_kind_options=@f_bpf={{0x8}, {0x34, 0x2, [@TCA_BPF_ACT={0x30, 0x1, [@m_xt={0x2c, 0x0, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x2}}]}, 0x68}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x68, 0x28, 0xd27, 0x0, 0x0, {0x0, 0xa, 0x0, r2, {0xf}}, [@filter_kind_options=@f_bpf={{0x8}, {0x34, 0x2, [@TCA_BPF_ACT={0x30, 0x1, [@m_xt={0x2c, 0x0, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x2}}]}, 0x68}}, 0x0) [ 2587.988436][T19192] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2587.997921][T19194] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2588.049879][T19190] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:26:05 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x900, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2588.101509][T19190] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2588.168758][T19200] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2588.174998][T19201] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2588.222370][T19202] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:26:06 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000800)="8a", 0x1}], 0x1}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) dup3(r0, r1, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000800)="8a", 0x1}], 0x1}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000024000b0f00"/20, @ANYRES32=r5, @ANYBLOB="00000000ffffffff0000000008000100687462001c0002001800020003"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x68, 0x28, 0xd27, 0x0, 0x0, {0x0, 0xa, 0x0, r5, {0xf}}, [@filter_kind_options=@f_bpf={{0x8}, {0x34, 0x2, [@TCA_BPF_ACT={0x30, 0x1, [@m_xt={0x2c, 0x0, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x2}}]}, 0x68}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x68, 0x28, 0xd27, 0x0, 0x0, {0x0, 0xa, 0x0, r2, {0xf}}, [@filter_kind_options=@f_bpf={{0x8}, {0x34, 0x2, [@TCA_BPF_ACT={0x30, 0x1, [@m_xt={0x2c, 0x0, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x2}}]}, 0x68}}, 0x0) 19:26:06 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) clock_getres(0x0, &(0x7f0000000040)) syz_80211_inject_frame(&(0x7f0000000000), &(0x7f0000000540)=@data_frame={@no_qos=@type11={{0x0, 0x2, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x1}, @device_b, @device_a, @device_b, {0x8, 0x81}}, @a_msdu=[{@device_a, @device_a, 0x54, "78d7c07dedcaa04c7387dfa8fc3ca6b794af9f8e7585820845366ceec1dbb63db849cd46fc7cc60c0136b7e4e93fd95941d69a856b7f3a91387bfb04e46acad753c34e9945c05e785295b8f78a83df110155def3"}]}, 0x82) [ 2588.273948][T19200] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2588.488978][T19209] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2588.510393][T19211] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2588.540591][T19209] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2588.592287][T19209] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2588.595360][T19209] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2588.653588][T13310] Bluetooth: hci2: command 0x0419 tx timeout [ 2590.165537][ T1225] ieee802154 phy0 wpan0: encryption failed: -22 [ 2590.165568][ T1225] ieee802154 phy1 wpan1: encryption failed: -22 19:26:16 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0xf000000, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:26:16 executing program 1: r0 = memfd_create(&(0x7f0000000240)='Nwlan\x91\xfe5\x9b\xf6\x06\x16\xa0.\x91\xc4?\x04\xe4!\xaeQ\x1fGb\xb4\xb5\x92\\\xd2\xae\x80\x13J\xb7\xc0\xe7\x06\xbe\xe2~\xfafY\x98BF\xd3\xb8^V\t\x8f\xe4\xbb\xaa\xac\x9b\xe3\bvX\x19\x1b\x9d\xe6\xf8\xf5?\x1f\xc5\xe1\xc1\xbb\x9ee\x8e,\xb6:\xc2\xd4[', 0x5) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) madvise(&(0x7f0000700000/0x2000)=nil, 0x2000, 0x17) r1 = openat(0xffffffffffffffff, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x200000, 0x0, 0x13, r1, 0x0) 19:26:16 executing program 3: r0 = io_uring_setup(0x7ef8, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x2, &(0x7f0000000080), 0x300) 19:26:16 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0xc00, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:26:16 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000800)="8a", 0x1}], 0x1}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) dup3(r0, r1, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000800)="8a", 0x1}], 0x1}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000024000b0f00"/20, @ANYRES32=r5, @ANYBLOB="00000000ffffffff0000000008000100687462001c0002001800020003"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x68, 0x28, 0xd27, 0x0, 0x0, {0x0, 0xa, 0x0, r5, {0xf}}, [@filter_kind_options=@f_bpf={{0x8}, {0x34, 0x2, [@TCA_BPF_ACT={0x30, 0x1, [@m_xt={0x2c, 0x0, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x2}}]}, 0x68}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x68, 0x28, 0xd27, 0x0, 0x0, {0x0, 0xa, 0x0, r2, {0xf}}, [@filter_kind_options=@f_bpf={{0x8}, {0x34, 0x2, [@TCA_BPF_ACT={0x30, 0x1, [@m_xt={0x2c, 0x0, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x2}}]}, 0x68}}, 0x0) 19:26:16 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (async) clock_getres(0x0, &(0x7f0000000040)) syz_80211_inject_frame(&(0x7f0000000000), &(0x7f0000000540)=@data_frame={@no_qos=@type11={{0x0, 0x2, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x1}, @device_b, @device_a, @device_b, {0x8, 0x81}}, @a_msdu=[{@device_a, @device_a, 0x54, "78d7c07dedcaa04c7387dfa8fc3ca6b794af9f8e7585820845366ceec1dbb63db849cd46fc7cc60c0136b7e4e93fd95941d69a856b7f3a91387bfb04e46acad753c34e9945c05e785295b8f78a83df110155def3"}]}, 0x82) [ 2598.327371][T19215] Unsupported ieee802154 address type: 0 19:26:16 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x23c, 0xd8, 0x2d0, 0xd0e0000, 0xd8, 0x8f, 0x1a8, 0x1d8, 0x1d8, 0x1a8, 0x1d8, 0x4, 0x0, {[{{@ip={@multicast1=0xe000d400, @local, 0x0, 0x0, 'bond_slave_0\x00'}, 0xee02, 0xb4, 0xd8, 0x0, {0x700000000000000}, [@common=@unspec=@helper={{0x44}, {0x0, 'netbios-ns\x00'}}]}, @common=@unspec=@STANDARD={0x24, '\x00', 0x0, 0xfffffffffffffffc}}, {{@ip={@multicast1, @local, 0x0, 0x0, 'batadv_slave_0\x00', 'ipvlan0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x298) 19:26:16 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0xe00, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:26:16 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) clock_getres(0x0, &(0x7f0000000040)) syz_80211_inject_frame(&(0x7f0000000000), &(0x7f0000000540)=@data_frame={@no_qos=@type11={{0x0, 0x2, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x1}, @device_b, @device_a, @device_b, {0x8, 0x81}}, @a_msdu=[{@device_a, @device_a, 0x54, "78d7c07dedcaa04c7387dfa8fc3ca6b794af9f8e7585820845366ceec1dbb63db849cd46fc7cc60c0136b7e4e93fd95941d69a856b7f3a91387bfb04e46acad753c34e9945c05e785295b8f78a83df110155def3"}]}, 0x82) [ 2598.401501][T19222] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2598.402669][T19226] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:26:16 executing program 2: syz_usb_connect(0x0, 0xe1, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x5a, 0xc8, 0xa, 0x10, 0x403, 0xf9d0, 0x9fdf, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xcf, 0x2, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xc5, 0xa8, 0x5, 0x4e, 0x1d, 0x1d, 0x4, [@hid_hid={0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0xcf3}}], [{{0x9, 0x5, 0x0, 0x1, 0x10, 0x20, 0x0, 0x0, [@generic={0x28, 0x0, "685b0fba0dae08ebce88f0519f9d085f0a06467610a914e4966169d2d843c6a7c374fc310b68"}]}}, {{0x9, 0x5, 0x1, 0x0, 0x20}}, {}, {{0x9, 0x5, 0x0, 0x0, 0x20}}, {{0x9, 0x5, 0x8, 0x0, 0x8}}]}}, {{0x9, 0x4, 0x0, 0x0, 0x2, 0xc, 0x41, 0xe9, 0x0, [@cdc_ncm={{0x5}, {0x5}, {0xd}, {0x6}, [@mbim={0xc}, @network_terminal={0x7, 0x24, 0xa, 0x8}]}], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, [@generic={0x11, 0xe, "c518c4ff49b9f67296f6bb86782cce"}, @generic={0x3, 0x0, "93"}]}}, {}]}}]}}]}}, 0x0) [ 2598.457814][T19232] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2598.509699][T19226] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:26:16 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r4 = open(&(0x7f0000000280)='./file0\x00', 0x3fc, 0x0) flock(r4, 0x2) r5 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) flock(r5, 0x1) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) getpid() 19:26:16 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0xf00, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2598.665117][T19241] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2598.714996][T19239] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:26:16 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x3f000000, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2598.926521][T19252] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2598.943841][T17333] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 2598.977884][T19252] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2599.029654][T19252] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2599.183300][T17333] usb 3-1: Using ep0 maxpacket: 16 [ 2599.303358][T17333] usb 3-1: config 0 has an invalid interface number: 197 but max is 1 [ 2599.303390][T17333] usb 3-1: config 0 has no interface number 1 [ 2599.303430][T17333] usb 3-1: config 0 interface 197 altsetting 168 has an invalid endpoint with address 0x0, skipping [ 2599.303459][T17333] usb 3-1: config 0 interface 197 altsetting 168 has an invalid endpoint with address 0x0, skipping [ 2599.303490][T17333] usb 3-1: config 0 interface 197 altsetting 168 has an invalid endpoint with address 0x0, skipping [ 2599.303605][T17333] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 2599.303633][T17333] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 2599.303675][T17333] usb 3-1: config 0 interface 197 has no altsetting 0 [ 2599.463485][T17333] usb 3-1: New USB device found, idVendor=0403, idProduct=f9d0, bcdDevice=9f.df [ 2599.463506][T17333] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2599.463520][T17333] usb 3-1: Product: syz [ 2599.463530][T17333] usb 3-1: Manufacturer: syz [ 2599.463540][T17333] usb 3-1: SerialNumber: syz [ 2599.464870][T17333] usb 3-1: config 0 descriptor?? [ 2599.744593][T17333] ftdi_sio 3-1:0.197: FTDI USB Serial Device converter detected [ 2599.746122][T17333] usb 3-1: Detected FT2232C [ 2599.763557][T17333] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 2599.783613][T17333] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 2599.784870][T17333] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2599.788304][T17333] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 2599.789023][T17333] usb 3-1: Detected FT2232C [ 2599.803485][T17333] ftdi_sio ttyUSB1: Unable to read latency timer: -71 [ 2599.823387][T17333] ftdi_sio ttyUSB1: Unable to write latency timer: -71 [ 2599.825045][T17333] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB1 [ 2599.854627][T17333] usb 3-1: USB disconnect, device number 25 [ 2599.862659][T17333] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2599.873352][T17333] ftdi_sio 3-1:0.197: device disconnected [ 2599.877897][T17333] ftdi_sio ttyUSB1: FTDI USB Serial Device converter now disconnected from ttyUSB1 [ 2599.879120][T17333] ftdi_sio 3-1:0.0: device disconnected 19:26:32 executing program 1: r0 = memfd_create(&(0x7f0000000240)='Nwlan\x91\xfe5\x9b\xf6\x06\x16\xa0.\x91\xc4?\x04\xe4!\xaeQ\x1fGb\xb4\xb5\x92\\\xd2\xae\x80\x13J\xb7\xc0\xe7\x06\xbe\xe2~\xfafY\x98BF\xd3\xb8^V\t\x8f\xe4\xbb\xaa\xac\x9b\xe3\bvX\x19\x1b\x9d\xe6\xf8\xf5?\x1f\xc5\xe1\xc1\xbb\x9ee\x8e,\xb6:\xc2\xd4[', 0x5) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) madvise(&(0x7f0000700000/0x2000)=nil, 0x2000, 0x17) r1 = openat(0xffffffffffffffff, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x200000, 0x0, 0x13, r1, 0x0) 19:26:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) sendmsg$NL80211_CMD_DEL_TX_TS(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x54, r1, 0x2, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x200, 0x27}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TSID={0x5}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TSID={0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x44}, 0xb941fa5011976fdf) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f0000000040)=@ipv4_getrule={0x1c, 0x22, 0x400, 0x70bd2b, 0x25dfdbfd, {0x2, 0x80, 0x14, 0x80, 0x7, 0x0, 0x0, 0x2, 0x8}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4004000) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:26:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x3f00, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:26:32 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x60000000, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:26:32 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r4 = open(&(0x7f0000000280)='./file0\x00', 0x3fc, 0x0) flock(r4, 0x2) r5 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) flock(r5, 0x1) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) getpid() 19:26:32 executing program 2: syz_usb_connect(0x0, 0xe1, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x5a, 0xc8, 0xa, 0x10, 0x403, 0xf9d0, 0x9fdf, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xcf, 0x2, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xc5, 0xa8, 0x5, 0x4e, 0x1d, 0x1d, 0x4, [@hid_hid={0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0xcf3}}], [{{0x9, 0x5, 0x0, 0x1, 0x10, 0x20, 0x0, 0x0, [@generic={0x28, 0x0, "685b0fba0dae08ebce88f0519f9d085f0a06467610a914e4966169d2d843c6a7c374fc310b68"}]}}, {{0x9, 0x5, 0x1, 0x0, 0x20}}, {}, {{0x9, 0x5, 0x0, 0x0, 0x20}}, {{0x9, 0x5, 0x8, 0x0, 0x8}}]}}, {{0x9, 0x4, 0x0, 0x0, 0x2, 0xc, 0x41, 0xe9, 0x0, [@cdc_ncm={{0x5}, {0x5}, {0xd}, {0x6}, [@mbim={0xc}, @network_terminal={0x7, 0x24, 0xa, 0x8}]}], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, [@generic={0x11, 0xe, "c518c4ff49b9f67296f6bb86782cce"}, @generic={0x3, 0x0, "93"}]}}, {}]}}]}}]}}, 0x0) 19:26:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x6000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2615.041887][T19263] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2615.057588][T19262] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2615.094022][T19263] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2615.109488][T19262] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:26:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x30000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2615.145636][T19263] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2615.168642][T19272] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:26:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x1000000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:26:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x2000000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2615.317077][T18488] usb 3-1: new high-speed USB device number 26 using dummy_hcd 19:26:33 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) sendmsg$NL80211_CMD_DEL_TX_TS(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x54, r1, 0x2, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x200, 0x27}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TSID={0x5}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TSID={0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x44}, 0xb941fa5011976fdf) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f0000000040)=@ipv4_getrule={0x1c, 0x22, 0x400, 0x70bd2b, 0x25dfdbfd, {0x2, 0x80, 0x14, 0x80, 0x7, 0x0, 0x0, 0x2, 0x8}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4004000) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:26:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x3000000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2615.553515][T18488] usb 3-1: Using ep0 maxpacket: 16 [ 2615.673585][T18488] usb 3-1: config 0 has an invalid interface number: 197 but max is 1 [ 2615.673620][T18488] usb 3-1: config 0 has no interface number 1 [ 2615.673658][T18488] usb 3-1: config 0 interface 197 altsetting 168 has an invalid endpoint with address 0x0, skipping [ 2615.673688][T18488] usb 3-1: config 0 interface 197 altsetting 168 has an invalid endpoint with address 0x0, skipping [ 2615.673716][T18488] usb 3-1: config 0 interface 197 altsetting 168 has an invalid endpoint with address 0x0, skipping [ 2615.673751][T18488] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 2615.673777][T18488] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 2615.673805][T18488] usb 3-1: config 0 interface 197 has no altsetting 0 [ 2615.833473][T18488] usb 3-1: New USB device found, idVendor=0403, idProduct=f9d0, bcdDevice=9f.df [ 2615.833507][T18488] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2615.833531][T18488] usb 3-1: Product: syz [ 2615.833547][T18488] usb 3-1: Manufacturer: syz [ 2615.833564][T18488] usb 3-1: SerialNumber: syz [ 2615.835894][T18488] usb 3-1: config 0 descriptor?? [ 2616.114731][T18488] ftdi_sio 3-1:0.197: FTDI USB Serial Device converter detected [ 2616.115440][T18488] usb 3-1: Detected FT2232C [ 2616.133538][T18488] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 2616.153387][T18488] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 2616.154281][T18488] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2616.157027][T18488] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 2616.157652][T18488] usb 3-1: Detected FT2232C [ 2616.173447][T18488] ftdi_sio ttyUSB1: Unable to read latency timer: -71 [ 2616.193738][T18488] ftdi_sio ttyUSB1: Unable to write latency timer: -71 [ 2616.195003][T18488] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB1 [ 2616.204946][T18488] usb 3-1: USB disconnect, device number 26 [ 2616.224676][T18488] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2616.225068][T18488] ftdi_sio 3-1:0.197: device disconnected [ 2616.242452][T18488] ftdi_sio ttyUSB1: FTDI USB Serial Device converter now disconnected from ttyUSB1 [ 2616.242850][T18488] ftdi_sio 3-1:0.0: device disconnected 19:26:43 executing program 1: r0 = memfd_create(&(0x7f0000000240)='Nwlan\x91\xfe5\x9b\xf6\x06\x16\xa0.\x91\xc4?\x04\xe4!\xaeQ\x1fGb\xb4\xb5\x92\\\xd2\xae\x80\x13J\xb7\xc0\xe7\x06\xbe\xe2~\xfafY\x98BF\xd3\xb8^V\t\x8f\xe4\xbb\xaa\xac\x9b\xe3\bvX\x19\x1b\x9d\xe6\xf8\xf5?\x1f\xc5\xe1\xc1\xbb\x9ee\x8e,\xb6:\xc2\xd4[', 0x5) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) madvise(&(0x7f0000700000/0x2000)=nil, 0x2000, 0x17) r1 = openat(0xffffffffffffffff, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x200000, 0x0, 0x13, r1, 0x0) 19:26:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0xffffff7f, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:26:43 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x4000000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:26:43 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) sendmsg$NL80211_CMD_DEL_TX_TS(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x54, r1, 0x2, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x200, 0x27}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TSID={0x5}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TSID={0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x44}, 0xb941fa5011976fdf) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f0000000040)=@ipv4_getrule={0x1c, 0x22, 0x400, 0x70bd2b, 0x25dfdbfd, {0x2, 0x80, 0x14, 0x80, 0x7, 0x0, 0x0, 0x2, 0x8}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4004000) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:26:43 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r4 = open(&(0x7f0000000280)='./file0\x00', 0x3fc, 0x0) flock(r4, 0x2) r5 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) flock(r5, 0x1) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) getpid() 19:26:43 executing program 2: syz_usb_connect(0x0, 0xe1, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x5a, 0xc8, 0xa, 0x10, 0x403, 0xf9d0, 0x9fdf, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xcf, 0x2, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xc5, 0xa8, 0x5, 0x4e, 0x1d, 0x1d, 0x4, [@hid_hid={0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0xcf3}}], [{{0x9, 0x5, 0x0, 0x1, 0x10, 0x20, 0x0, 0x0, [@generic={0x28, 0x0, "685b0fba0dae08ebce88f0519f9d085f0a06467610a914e4966169d2d843c6a7c374fc310b68"}]}}, {{0x9, 0x5, 0x1, 0x0, 0x20}}, {}, {{0x9, 0x5, 0x0, 0x0, 0x20}}, {{0x9, 0x5, 0x8, 0x0, 0x8}}]}}, {{0x9, 0x4, 0x0, 0x0, 0x2, 0xc, 0x41, 0xe9, 0x0, [@cdc_ncm={{0x5}, {0x5}, {0xd}, {0x6}, [@mbim={0xc}, @network_terminal={0x7, 0x24, 0xa, 0x8}]}], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, [@generic={0x11, 0xe, "c518c4ff49b9f67296f6bb86782cce"}, @generic={0x3, 0x0, "93"}]}}, {}]}}]}}]}}, 0x0) 19:26:43 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x5000000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:26:43 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, @mcast2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x20, 0x5218af3e5c9494b0, 0x3f}}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r4) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r3, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x80, r5, 0x100, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x65}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x16}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x19}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x51}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x54}]}, 0x80}, 0x1, 0x0, 0x0, 0x8011}, 0x4040000) sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000800)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000940)={0x688, r5, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9c1, 0x79}}}}, [@NL80211_ATTR_BEACON_TAIL={0x341, 0xf, [@dsss={0x3, 0x1, 0xa}, @peer_mgmt={0x75, 0x14, {0x1, 0x7, @void, @void, @val="425397a56ed0fc8846bdf15a059f9bf7"}}, @gcr_ga={0xbd, 0x6, @broadcast}, @fast_bss_trans={0x37, 0x77, {0x9, 0x2, "c7421d6a31f0d3e80ed2182e941928c6", "ee20ba33479f399675c864fc94b40619e8a3aaa485d565e3ee40bfa98e07c46b", "120bf4750865ef2ff64f3a575db2fd58031f736eb91b6e7b18701b4c2a31f1e7", [{0x3, 0x1a, "9e89a114dfb18d7bea8f7e1ffb3c6b3418612fd769a6c58c9437"}, {0x2, 0x7, "5c0cf5f1d46bc4"}]}}, @perr={0x84, 0xee, {0x3f, 0xe, [@not_ext={{}, @device_b, 0xe9, "", 0x8}, @ext={{}, @device_b, 0x1f, @device_b, 0x16}, @not_ext={{}, @device_b, 0x7, "", 0x26}, @not_ext={{}, @broadcast, 0x4a02, "", 0x1}, @ext={{}, @device_a, 0x3, @broadcast, 0x32}, @ext={{}, @device_b, 0x10000, @device_b, 0x36}, @ext={{}, @device_b, 0x1, @device_b, 0x12}, @ext={{}, @device_a, 0x6, @device_a, 0x4}, @ext={{}, @device_a, 0x100, @device_a, 0x2c}, @ext={{}, @device_a, 0x2, @device_a, 0x11}, @ext={{}, @device_a, 0xff, @device_a, 0x29}, @not_ext={{}, @broadcast, 0x0, "", 0x2d}, @ext={{}, @broadcast, 0xeb, @broadcast, 0x2c}, @not_ext={{}, @broadcast, 0x2, "", 0x21}]}}, @random_vendor={0xdd, 0xcb, "b824b29c966f7d78c40cf0f1ba400a2c2737fead014eea7e326d94d7fa738ca866b013ee88baeeb0205581ed396317a8033eb81e12f7ae261af3566fedfcfd2cad050ee70ba64cd77c8d3662d80a6d8551390cedb8d275aa4d567dcdbb362089ccf99401579251284b94e7e1673a5da47266702fa36e844c74d795383a3208c9e19a0cf19167b38bf901118fcb5a403579c5bd0a71c011a22ddd77f283ee6882d359603df9ba290c0a5b2d0be024ac64a37108b1431463f9c41da4cc1e765845b660ee6fcd51f264d23528"}, @mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0xa, 0x20}}, @tim={0x5, 0xd0, {0x40, 0x7b, 0xb9, "760a49f4d9b379e642a679c5716937a8635f7cbdae879fc1da44deca6b5878513435327ab44da727223af589470f0f56f25dfc347a90348e5adb576e9d59688ad9992b54ac7532ddc7f74a90933dcd044bd7ecb7cc5b29bc9a81f57f41ab82ca1db9d29c9215a0da2d8984279d1703804bfb391e88689690895b761b1df14d65e20aabe48b22789b82da95c6addf022d04327e9bd2a98e523a0788f819b1270434c18f7d3abb9c1e8e4d30cec0d23bcda5a861f5ed7e67f0e1ac26dc2fba211fcf369f05d18d4edfe4c1c523f9"}}, @sec_chan_ofs={0x3e, 0x1}, @gcr_ga={0xbd, 0x6}]}, @NL80211_ATTR_IE={0x23a, 0x2a, [@tim={0x5, 0xdd, {0x1, 0x5f, 0x8f, "f03505deab38e5dd71b9134b8562111caaea49da8e01da61663e2a04114b901575ab3fe32479d90b1bef465d496133b4f2fdc3f0254498b3988a4b57b4e5efcfd75ae034e440d38c9f1b484250fb16109e1aa1485941f671c7eb161d757aca536c5ed99d6adc74f8987b116f3b9822d15f4374c2dad0890ab06df1cbd84b0af336b33a18df924c9b7cd5c431f7d7bae9351bb4169b9e71671d67f56eda9c44e2b5521173b2a87093673b582c58aad1eeb4bc5c7587e73c5e1b4942fdbbeb1528c9dadf2e038ebef09e520c461362dee294fdb66001fdd23e8d90"}}, @mesh_id={0x72, 0x6}, @mic={0x8c, 0x10, {0x27, "85359bbf0068", @short="8b3b59d03b184c8d"}}, @tim={0x5, 0x5a, {0x6, 0x58, 0x4, "9f574fd134487abb3f99a7b32f631de681adba64e7c3b756c6962f76a4b12b8bc87fb17e0ab034bd4265249937de35c1417cd5365108776fcd742b52b6064f443e93224dee52a1ef0961192d6d5170b4edf0944cce3375"}}, @sec_chan_ofs={0x3e, 0x1, 0x1}, @peer_mgmt={0x75, 0x16, {0x1, 0xc0c, @val=0xffff, @void, @val="e643000d7e85a8845b613a1a88d6e28c"}}, @supported_rates={0x1, 0x3, [{0x4, 0x1}, {0x6c, 0x1}, {0x1b, 0x1}]}, @random_vendor={0xdd, 0xbf, "085c772f9789ba10e5181009ddbba0c6cc0d1a75beb1bade7bb95b8c13e58eb6568d910f9cfd6bfc9447e95c73ed5b7edd1f952ddc448d1bbea289ee32b5e06537c9c333e793833a95de7660593332feb4c8cd456adf16e4415a0a629447bfa30784fd47b944bfb3af6a9debbf84e2ea853cb6b74dbf357411963b875b536f36d51d91f6214f8872b0a4bb61f68951c606e3173c7fce0d29acd2378931940f4a8902c7f1511282f4304c27ee3f8ae6809cf616fe0c3f37170d03d340cf8ac8"}]}, @NL80211_ATTR_IE_PROBE_RESP={0xaa, 0x7f, [@tim={0x5, 0xa4, {0x3f, 0xc9, 0xa1, "7b35d246dec05f9a28efdd55e088b840a20ea627f12ace35163a657109060ea98567e8becb1b9445fa11c733f867c7efcbb0a28b7c381444f59a00f6cc2fd3c0e899148d299191a5582569f565f5f75a4ca82890bb53e84d644cf8d11820132fe55bc4915551ecb7bbda0f91979e8f704bfa819af139918f7495219c50dfb01dc5b2bf747d74fb70b4e36e34baf51245e8c853339accea1be7db2a4e427513b167"}}]}, @NL80211_ATTR_BEACON_TAIL={0x34, 0xf, [@ht={0x2d, 0x1a, {0x300, 0x2, 0x3, 0x0, {0x10001, 0x7, 0x0, 0x4, 0x0, 0x1, 0x1, 0x2}, 0x800, 0x101, 0x6}}, @link_id={0x65, 0x12, {@initial, @device_b, @broadcast}}]}]}, 0x688}, 0x1, 0x0, 0x0, 0x40000c0}, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x50, r5, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000600)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0x88, r5, 0x10, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7, 0x59}}}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x148c}], @NL80211_ATTR_CSA_C_OFFSETS_TX={0x14, 0xcd, [0x3fb4, 0x81, 0x1ff, 0x6, 0x5, 0x200, 0x9, 0x8]}, @chandef_params, @NL80211_ATTR_FRAME={0x30, 0x33, @deauth={@wo_ht={{0x0, 0x0, 0xc, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x9}, @broadcast, @device_a, @initial, {0x7, 0xd2}}, 0x38, @val={0x8c, 0x10, {0x2aa, "c72b0de77106", @short="dff582368470d5d2"}}}}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0x88}, 0x1, 0x0, 0x0, 0x4000810}, 0x4040000) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2625.620169][T19302] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2625.671675][T19302] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2625.722990][T19302] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:26:43 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x6000000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2625.809265][T19311] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2625.861900][T19312] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2625.863875][T19311] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=19311 comm=syz-executor.5 19:26:43 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x7000000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2625.903329][T13310] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 2625.915566][T19311] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:26:43 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x8000000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:26:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0xf, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2626.131227][T19320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2626.143284][T13310] usb 3-1: Using ep0 maxpacket: 16 [ 2626.191188][T19320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2626.242558][T19320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2626.283539][T13310] usb 3-1: config 0 has an invalid interface number: 197 but max is 1 [ 2626.283572][T13310] usb 3-1: config 0 has no interface number 1 [ 2626.283612][T13310] usb 3-1: config 0 interface 197 altsetting 168 has an invalid endpoint with address 0x0, skipping [ 2626.283645][T13310] usb 3-1: config 0 interface 197 altsetting 168 has an invalid endpoint with address 0x0, skipping [ 2626.283671][T13310] usb 3-1: config 0 interface 197 altsetting 168 has an invalid endpoint with address 0x0, skipping [ 2626.283705][T13310] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 2626.283732][T13310] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 2626.283760][T13310] usb 3-1: config 0 interface 197 has no altsetting 0 [ 2626.453548][T13310] usb 3-1: New USB device found, idVendor=0403, idProduct=f9d0, bcdDevice=9f.df [ 2626.453575][T13310] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2626.453599][T13310] usb 3-1: Product: syz [ 2626.453617][T13310] usb 3-1: Manufacturer: syz [ 2626.453634][T13310] usb 3-1: SerialNumber: syz [ 2626.455273][T13310] usb 3-1: config 0 descriptor?? [ 2626.724424][T13310] ftdi_sio 3-1:0.197: FTDI USB Serial Device converter detected [ 2626.725202][T13310] usb 3-1: Detected FT2232C [ 2626.745771][T13310] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 2626.763375][T13310] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 2626.764601][T13310] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2626.767277][T13310] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 2626.768007][T13310] usb 3-1: Detected FT2232C [ 2626.793342][T13310] ftdi_sio ttyUSB1: Unable to read latency timer: -71 [ 2626.813488][T13310] ftdi_sio ttyUSB1: Unable to write latency timer: -71 [ 2626.819642][T13310] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB1 [ 2626.821503][T13310] usb 3-1: USB disconnect, device number 27 [ 2626.826549][T13310] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2626.827730][T13310] ftdi_sio 3-1:0.197: device disconnected [ 2626.831945][T13310] ftdi_sio ttyUSB1: FTDI USB Serial Device converter now disconnected from ttyUSB1 [ 2626.833073][T13310] ftdi_sio 3-1:0.0: device disconnected 19:26:51 executing program 1: r0 = memfd_create(&(0x7f0000000240)='Nwlan\x91\xfe5\x9b\xf6\x06\x16\xa0.\x91\xc4?\x04\xe4!\xaeQ\x1fGb\xb4\xb5\x92\\\xd2\xae\x80\x13J\xb7\xc0\xe7\x06\xbe\xe2~\xfafY\x98BF\xd3\xb8^V\t\x8f\xe4\xbb\xaa\xac\x9b\xe3\bvX\x19\x1b\x9d\xe6\xf8\xf5?\x1f\xc5\xe1\xc1\xbb\x9ee\x8e,\xb6:\xc2\xd4[', 0x5) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) madvise(&(0x7f0000700000/0x2000)=nil, 0x2000, 0x17) r1 = openat(0xffffffffffffffff, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x200000, 0x0, 0x13, r1, 0x0) 19:26:51 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x9000000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:26:51 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, @mcast2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x20, 0x5218af3e5c9494b0, 0x3f}}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r4) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r3, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x80, r5, 0x100, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x65}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x16}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x19}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x51}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x54}]}, 0x80}, 0x1, 0x0, 0x0, 0x8011}, 0x4040000) sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000800)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000940)={0x688, r5, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9c1, 0x79}}}}, [@NL80211_ATTR_BEACON_TAIL={0x341, 0xf, [@dsss={0x3, 0x1, 0xa}, @peer_mgmt={0x75, 0x14, {0x1, 0x7, @void, @void, @val="425397a56ed0fc8846bdf15a059f9bf7"}}, @gcr_ga={0xbd, 0x6, @broadcast}, @fast_bss_trans={0x37, 0x77, {0x9, 0x2, "c7421d6a31f0d3e80ed2182e941928c6", "ee20ba33479f399675c864fc94b40619e8a3aaa485d565e3ee40bfa98e07c46b", "120bf4750865ef2ff64f3a575db2fd58031f736eb91b6e7b18701b4c2a31f1e7", [{0x3, 0x1a, "9e89a114dfb18d7bea8f7e1ffb3c6b3418612fd769a6c58c9437"}, {0x2, 0x7, "5c0cf5f1d46bc4"}]}}, @perr={0x84, 0xee, {0x3f, 0xe, [@not_ext={{}, @device_b, 0xe9, "", 0x8}, @ext={{}, @device_b, 0x1f, @device_b, 0x16}, @not_ext={{}, @device_b, 0x7, "", 0x26}, @not_ext={{}, @broadcast, 0x4a02, "", 0x1}, @ext={{}, @device_a, 0x3, @broadcast, 0x32}, @ext={{}, @device_b, 0x10000, @device_b, 0x36}, @ext={{}, @device_b, 0x1, @device_b, 0x12}, @ext={{}, @device_a, 0x6, @device_a, 0x4}, @ext={{}, @device_a, 0x100, @device_a, 0x2c}, @ext={{}, @device_a, 0x2, @device_a, 0x11}, @ext={{}, @device_a, 0xff, @device_a, 0x29}, @not_ext={{}, @broadcast, 0x0, "", 0x2d}, @ext={{}, @broadcast, 0xeb, @broadcast, 0x2c}, @not_ext={{}, @broadcast, 0x2, "", 0x21}]}}, @random_vendor={0xdd, 0xcb, "b824b29c966f7d78c40cf0f1ba400a2c2737fead014eea7e326d94d7fa738ca866b013ee88baeeb0205581ed396317a8033eb81e12f7ae261af3566fedfcfd2cad050ee70ba64cd77c8d3662d80a6d8551390cedb8d275aa4d567dcdbb362089ccf99401579251284b94e7e1673a5da47266702fa36e844c74d795383a3208c9e19a0cf19167b38bf901118fcb5a403579c5bd0a71c011a22ddd77f283ee6882d359603df9ba290c0a5b2d0be024ac64a37108b1431463f9c41da4cc1e765845b660ee6fcd51f264d23528"}, @mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0xa, 0x20}}, @tim={0x5, 0xd0, {0x40, 0x7b, 0xb9, "760a49f4d9b379e642a679c5716937a8635f7cbdae879fc1da44deca6b5878513435327ab44da727223af589470f0f56f25dfc347a90348e5adb576e9d59688ad9992b54ac7532ddc7f74a90933dcd044bd7ecb7cc5b29bc9a81f57f41ab82ca1db9d29c9215a0da2d8984279d1703804bfb391e88689690895b761b1df14d65e20aabe48b22789b82da95c6addf022d04327e9bd2a98e523a0788f819b1270434c18f7d3abb9c1e8e4d30cec0d23bcda5a861f5ed7e67f0e1ac26dc2fba211fcf369f05d18d4edfe4c1c523f9"}}, @sec_chan_ofs={0x3e, 0x1}, @gcr_ga={0xbd, 0x6}]}, @NL80211_ATTR_IE={0x23a, 0x2a, [@tim={0x5, 0xdd, {0x1, 0x5f, 0x8f, "f03505deab38e5dd71b9134b8562111caaea49da8e01da61663e2a04114b901575ab3fe32479d90b1bef465d496133b4f2fdc3f0254498b3988a4b57b4e5efcfd75ae034e440d38c9f1b484250fb16109e1aa1485941f671c7eb161d757aca536c5ed99d6adc74f8987b116f3b9822d15f4374c2dad0890ab06df1cbd84b0af336b33a18df924c9b7cd5c431f7d7bae9351bb4169b9e71671d67f56eda9c44e2b5521173b2a87093673b582c58aad1eeb4bc5c7587e73c5e1b4942fdbbeb1528c9dadf2e038ebef09e520c461362dee294fdb66001fdd23e8d90"}}, @mesh_id={0x72, 0x6}, @mic={0x8c, 0x10, {0x27, "85359bbf0068", @short="8b3b59d03b184c8d"}}, @tim={0x5, 0x5a, {0x6, 0x58, 0x4, "9f574fd134487abb3f99a7b32f631de681adba64e7c3b756c6962f76a4b12b8bc87fb17e0ab034bd4265249937de35c1417cd5365108776fcd742b52b6064f443e93224dee52a1ef0961192d6d5170b4edf0944cce3375"}}, @sec_chan_ofs={0x3e, 0x1, 0x1}, @peer_mgmt={0x75, 0x16, {0x1, 0xc0c, @val=0xffff, @void, @val="e643000d7e85a8845b613a1a88d6e28c"}}, @supported_rates={0x1, 0x3, [{0x4, 0x1}, {0x6c, 0x1}, {0x1b, 0x1}]}, @random_vendor={0xdd, 0xbf, "085c772f9789ba10e5181009ddbba0c6cc0d1a75beb1bade7bb95b8c13e58eb6568d910f9cfd6bfc9447e95c73ed5b7edd1f952ddc448d1bbea289ee32b5e06537c9c333e793833a95de7660593332feb4c8cd456adf16e4415a0a629447bfa30784fd47b944bfb3af6a9debbf84e2ea853cb6b74dbf357411963b875b536f36d51d91f6214f8872b0a4bb61f68951c606e3173c7fce0d29acd2378931940f4a8902c7f1511282f4304c27ee3f8ae6809cf616fe0c3f37170d03d340cf8ac8"}]}, @NL80211_ATTR_IE_PROBE_RESP={0xaa, 0x7f, [@tim={0x5, 0xa4, {0x3f, 0xc9, 0xa1, "7b35d246dec05f9a28efdd55e088b840a20ea627f12ace35163a657109060ea98567e8becb1b9445fa11c733f867c7efcbb0a28b7c381444f59a00f6cc2fd3c0e899148d299191a5582569f565f5f75a4ca82890bb53e84d644cf8d11820132fe55bc4915551ecb7bbda0f91979e8f704bfa819af139918f7495219c50dfb01dc5b2bf747d74fb70b4e36e34baf51245e8c853339accea1be7db2a4e427513b167"}}]}, @NL80211_ATTR_BEACON_TAIL={0x34, 0xf, [@ht={0x2d, 0x1a, {0x300, 0x2, 0x3, 0x0, {0x10001, 0x7, 0x0, 0x4, 0x0, 0x1, 0x1, 0x2}, 0x800, 0x101, 0x6}}, @link_id={0x65, 0x12, {@initial, @device_b, @broadcast}}]}]}, 0x688}, 0x1, 0x0, 0x0, 0x40000c0}, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x50, r5, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000600)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0x88, r5, 0x10, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7, 0x59}}}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x148c}], @NL80211_ATTR_CSA_C_OFFSETS_TX={0x14, 0xcd, [0x3fb4, 0x81, 0x1ff, 0x6, 0x5, 0x200, 0x9, 0x8]}, @chandef_params, @NL80211_ATTR_FRAME={0x30, 0x33, @deauth={@wo_ht={{0x0, 0x0, 0xc, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x9}, @broadcast, @device_a, @initial, {0x7, 0xd2}}, 0x38, @val={0x8c, 0x10, {0x2aa, "c72b0de77106", @short="dff582368470d5d2"}}}}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0x88}, 0x1, 0x0, 0x0, 0x4000810}, 0x4040000) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) pipe(&(0x7f0000000440)) (async) socket(0x10, 0x3, 0x0) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, @mcast2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x20, 0x5218af3e5c9494b0, 0x3f}}) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r4) (async) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r3, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x80, r5, 0x100, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x65}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x16}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x19}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x51}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x54}]}, 0x80}, 0x1, 0x0, 0x0, 0x8011}, 0x4040000) (async) sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000800)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000940)={0x688, r5, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9c1, 0x79}}}}, [@NL80211_ATTR_BEACON_TAIL={0x341, 0xf, [@dsss={0x3, 0x1, 0xa}, @peer_mgmt={0x75, 0x14, {0x1, 0x7, @void, @void, @val="425397a56ed0fc8846bdf15a059f9bf7"}}, @gcr_ga={0xbd, 0x6, @broadcast}, @fast_bss_trans={0x37, 0x77, {0x9, 0x2, "c7421d6a31f0d3e80ed2182e941928c6", "ee20ba33479f399675c864fc94b40619e8a3aaa485d565e3ee40bfa98e07c46b", "120bf4750865ef2ff64f3a575db2fd58031f736eb91b6e7b18701b4c2a31f1e7", [{0x3, 0x1a, "9e89a114dfb18d7bea8f7e1ffb3c6b3418612fd769a6c58c9437"}, {0x2, 0x7, "5c0cf5f1d46bc4"}]}}, @perr={0x84, 0xee, {0x3f, 0xe, [@not_ext={{}, @device_b, 0xe9, "", 0x8}, @ext={{}, @device_b, 0x1f, @device_b, 0x16}, @not_ext={{}, @device_b, 0x7, "", 0x26}, @not_ext={{}, @broadcast, 0x4a02, "", 0x1}, @ext={{}, @device_a, 0x3, @broadcast, 0x32}, @ext={{}, @device_b, 0x10000, @device_b, 0x36}, @ext={{}, @device_b, 0x1, @device_b, 0x12}, @ext={{}, @device_a, 0x6, @device_a, 0x4}, @ext={{}, @device_a, 0x100, @device_a, 0x2c}, @ext={{}, @device_a, 0x2, @device_a, 0x11}, @ext={{}, @device_a, 0xff, @device_a, 0x29}, @not_ext={{}, @broadcast, 0x0, "", 0x2d}, @ext={{}, @broadcast, 0xeb, @broadcast, 0x2c}, @not_ext={{}, @broadcast, 0x2, "", 0x21}]}}, @random_vendor={0xdd, 0xcb, "b824b29c966f7d78c40cf0f1ba400a2c2737fead014eea7e326d94d7fa738ca866b013ee88baeeb0205581ed396317a8033eb81e12f7ae261af3566fedfcfd2cad050ee70ba64cd77c8d3662d80a6d8551390cedb8d275aa4d567dcdbb362089ccf99401579251284b94e7e1673a5da47266702fa36e844c74d795383a3208c9e19a0cf19167b38bf901118fcb5a403579c5bd0a71c011a22ddd77f283ee6882d359603df9ba290c0a5b2d0be024ac64a37108b1431463f9c41da4cc1e765845b660ee6fcd51f264d23528"}, @mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0xa, 0x20}}, @tim={0x5, 0xd0, {0x40, 0x7b, 0xb9, "760a49f4d9b379e642a679c5716937a8635f7cbdae879fc1da44deca6b5878513435327ab44da727223af589470f0f56f25dfc347a90348e5adb576e9d59688ad9992b54ac7532ddc7f74a90933dcd044bd7ecb7cc5b29bc9a81f57f41ab82ca1db9d29c9215a0da2d8984279d1703804bfb391e88689690895b761b1df14d65e20aabe48b22789b82da95c6addf022d04327e9bd2a98e523a0788f819b1270434c18f7d3abb9c1e8e4d30cec0d23bcda5a861f5ed7e67f0e1ac26dc2fba211fcf369f05d18d4edfe4c1c523f9"}}, @sec_chan_ofs={0x3e, 0x1}, @gcr_ga={0xbd, 0x6}]}, @NL80211_ATTR_IE={0x23a, 0x2a, [@tim={0x5, 0xdd, {0x1, 0x5f, 0x8f, "f03505deab38e5dd71b9134b8562111caaea49da8e01da61663e2a04114b901575ab3fe32479d90b1bef465d496133b4f2fdc3f0254498b3988a4b57b4e5efcfd75ae034e440d38c9f1b484250fb16109e1aa1485941f671c7eb161d757aca536c5ed99d6adc74f8987b116f3b9822d15f4374c2dad0890ab06df1cbd84b0af336b33a18df924c9b7cd5c431f7d7bae9351bb4169b9e71671d67f56eda9c44e2b5521173b2a87093673b582c58aad1eeb4bc5c7587e73c5e1b4942fdbbeb1528c9dadf2e038ebef09e520c461362dee294fdb66001fdd23e8d90"}}, @mesh_id={0x72, 0x6}, @mic={0x8c, 0x10, {0x27, "85359bbf0068", @short="8b3b59d03b184c8d"}}, @tim={0x5, 0x5a, {0x6, 0x58, 0x4, "9f574fd134487abb3f99a7b32f631de681adba64e7c3b756c6962f76a4b12b8bc87fb17e0ab034bd4265249937de35c1417cd5365108776fcd742b52b6064f443e93224dee52a1ef0961192d6d5170b4edf0944cce3375"}}, @sec_chan_ofs={0x3e, 0x1, 0x1}, @peer_mgmt={0x75, 0x16, {0x1, 0xc0c, @val=0xffff, @void, @val="e643000d7e85a8845b613a1a88d6e28c"}}, @supported_rates={0x1, 0x3, [{0x4, 0x1}, {0x6c, 0x1}, {0x1b, 0x1}]}, @random_vendor={0xdd, 0xbf, "085c772f9789ba10e5181009ddbba0c6cc0d1a75beb1bade7bb95b8c13e58eb6568d910f9cfd6bfc9447e95c73ed5b7edd1f952ddc448d1bbea289ee32b5e06537c9c333e793833a95de7660593332feb4c8cd456adf16e4415a0a629447bfa30784fd47b944bfb3af6a9debbf84e2ea853cb6b74dbf357411963b875b536f36d51d91f6214f8872b0a4bb61f68951c606e3173c7fce0d29acd2378931940f4a8902c7f1511282f4304c27ee3f8ae6809cf616fe0c3f37170d03d340cf8ac8"}]}, @NL80211_ATTR_IE_PROBE_RESP={0xaa, 0x7f, [@tim={0x5, 0xa4, {0x3f, 0xc9, 0xa1, "7b35d246dec05f9a28efdd55e088b840a20ea627f12ace35163a657109060ea98567e8becb1b9445fa11c733f867c7efcbb0a28b7c381444f59a00f6cc2fd3c0e899148d299191a5582569f565f5f75a4ca82890bb53e84d644cf8d11820132fe55bc4915551ecb7bbda0f91979e8f704bfa819af139918f7495219c50dfb01dc5b2bf747d74fb70b4e36e34baf51245e8c853339accea1be7db2a4e427513b167"}}]}, @NL80211_ATTR_BEACON_TAIL={0x34, 0xf, [@ht={0x2d, 0x1a, {0x300, 0x2, 0x3, 0x0, {0x10001, 0x7, 0x0, 0x4, 0x0, 0x1, 0x1, 0x2}, 0x800, 0x101, 0x6}}, @link_id={0x65, 0x12, {@initial, @device_b, @broadcast}}]}]}, 0x688}, 0x1, 0x0, 0x0, 0x40000c0}, 0x0) (async) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x50, r5, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) (async) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000600)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0x88, r5, 0x10, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7, 0x59}}}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x148c}], @NL80211_ATTR_CSA_C_OFFSETS_TX={0x14, 0xcd, [0x3fb4, 0x81, 0x1ff, 0x6, 0x5, 0x200, 0x9, 0x8]}, @chandef_params, @NL80211_ATTR_FRAME={0x30, 0x33, @deauth={@wo_ht={{0x0, 0x0, 0xc, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x9}, @broadcast, @device_a, @initial, {0x7, 0xd2}}, 0x38, @val={0x8c, 0x10, {0x2aa, "c72b0de77106", @short="dff582368470d5d2"}}}}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0x88}, 0x1, 0x0, 0x0, 0x4000810}, 0x4040000) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (async) 19:26:51 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x14, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:26:51 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r4 = open(&(0x7f0000000280)='./file0\x00', 0x3fc, 0x0) flock(r4, 0x2) r5 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) flock(r5, 0x1) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) getpid() 19:26:51 executing program 2: syz_usb_connect(0x0, 0xe1, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x5a, 0xc8, 0xa, 0x10, 0x403, 0xf9d0, 0x9fdf, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xcf, 0x2, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xc5, 0xa8, 0x5, 0x4e, 0x1d, 0x1d, 0x4, [@hid_hid={0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0xcf3}}], [{{0x9, 0x5, 0x0, 0x1, 0x10, 0x20, 0x0, 0x0, [@generic={0x28, 0x0, "685b0fba0dae08ebce88f0519f9d085f0a06467610a914e4966169d2d843c6a7c374fc310b68"}]}}, {{0x9, 0x5, 0x1, 0x0, 0x20}}, {}, {{0x9, 0x5, 0x0, 0x0, 0x20}}, {{0x9, 0x5, 0x8, 0x0, 0x8}}]}}, {{0x9, 0x4, 0x0, 0x0, 0x2, 0xc, 0x41, 0xe9, 0x0, [@cdc_ncm={{0x5}, {0x5}, {0xd}, {0x6}, [@mbim={0xc}, @network_terminal={0x7, 0x24, 0xa, 0x8}]}], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, [@generic={0x11, 0xe, "c518c4ff49b9f67296f6bb86782cce"}, @generic={0x3, 0x0, "93"}]}}, {}]}}]}}]}}, 0x0) 19:26:51 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0xc000000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2634.167885][T19331] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2634.169044][T19335] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2634.220260][T19331] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2634.220889][T19335] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2634.221996][T19335] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=19335 comm=syz-executor.5 19:26:52 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r4 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, @mcast2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x20, 0x5218af3e5c9494b0, 0x3f}}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r4) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r3, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x80, r5, 0x100, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x65}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x16}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x19}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x51}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x54}]}, 0x80}, 0x1, 0x0, 0x0, 0x8011}, 0x4040000) (async) sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000800)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000940)={0x688, r5, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9c1, 0x79}}}}, [@NL80211_ATTR_BEACON_TAIL={0x341, 0xf, [@dsss={0x3, 0x1, 0xa}, @peer_mgmt={0x75, 0x14, {0x1, 0x7, @void, @void, @val="425397a56ed0fc8846bdf15a059f9bf7"}}, @gcr_ga={0xbd, 0x6, @broadcast}, @fast_bss_trans={0x37, 0x77, {0x9, 0x2, "c7421d6a31f0d3e80ed2182e941928c6", "ee20ba33479f399675c864fc94b40619e8a3aaa485d565e3ee40bfa98e07c46b", "120bf4750865ef2ff64f3a575db2fd58031f736eb91b6e7b18701b4c2a31f1e7", [{0x3, 0x1a, "9e89a114dfb18d7bea8f7e1ffb3c6b3418612fd769a6c58c9437"}, {0x2, 0x7, "5c0cf5f1d46bc4"}]}}, @perr={0x84, 0xee, {0x3f, 0xe, [@not_ext={{}, @device_b, 0xe9, "", 0x8}, @ext={{}, @device_b, 0x1f, @device_b, 0x16}, @not_ext={{}, @device_b, 0x7, "", 0x26}, @not_ext={{}, @broadcast, 0x4a02, "", 0x1}, @ext={{}, @device_a, 0x3, @broadcast, 0x32}, @ext={{}, @device_b, 0x10000, @device_b, 0x36}, @ext={{}, @device_b, 0x1, @device_b, 0x12}, @ext={{}, @device_a, 0x6, @device_a, 0x4}, @ext={{}, @device_a, 0x100, @device_a, 0x2c}, @ext={{}, @device_a, 0x2, @device_a, 0x11}, @ext={{}, @device_a, 0xff, @device_a, 0x29}, @not_ext={{}, @broadcast, 0x0, "", 0x2d}, @ext={{}, @broadcast, 0xeb, @broadcast, 0x2c}, @not_ext={{}, @broadcast, 0x2, "", 0x21}]}}, @random_vendor={0xdd, 0xcb, "b824b29c966f7d78c40cf0f1ba400a2c2737fead014eea7e326d94d7fa738ca866b013ee88baeeb0205581ed396317a8033eb81e12f7ae261af3566fedfcfd2cad050ee70ba64cd77c8d3662d80a6d8551390cedb8d275aa4d567dcdbb362089ccf99401579251284b94e7e1673a5da47266702fa36e844c74d795383a3208c9e19a0cf19167b38bf901118fcb5a403579c5bd0a71c011a22ddd77f283ee6882d359603df9ba290c0a5b2d0be024ac64a37108b1431463f9c41da4cc1e765845b660ee6fcd51f264d23528"}, @mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0xa, 0x20}}, @tim={0x5, 0xd0, {0x40, 0x7b, 0xb9, "760a49f4d9b379e642a679c5716937a8635f7cbdae879fc1da44deca6b5878513435327ab44da727223af589470f0f56f25dfc347a90348e5adb576e9d59688ad9992b54ac7532ddc7f74a90933dcd044bd7ecb7cc5b29bc9a81f57f41ab82ca1db9d29c9215a0da2d8984279d1703804bfb391e88689690895b761b1df14d65e20aabe48b22789b82da95c6addf022d04327e9bd2a98e523a0788f819b1270434c18f7d3abb9c1e8e4d30cec0d23bcda5a861f5ed7e67f0e1ac26dc2fba211fcf369f05d18d4edfe4c1c523f9"}}, @sec_chan_ofs={0x3e, 0x1}, @gcr_ga={0xbd, 0x6}]}, @NL80211_ATTR_IE={0x23a, 0x2a, [@tim={0x5, 0xdd, {0x1, 0x5f, 0x8f, "f03505deab38e5dd71b9134b8562111caaea49da8e01da61663e2a04114b901575ab3fe32479d90b1bef465d496133b4f2fdc3f0254498b3988a4b57b4e5efcfd75ae034e440d38c9f1b484250fb16109e1aa1485941f671c7eb161d757aca536c5ed99d6adc74f8987b116f3b9822d15f4374c2dad0890ab06df1cbd84b0af336b33a18df924c9b7cd5c431f7d7bae9351bb4169b9e71671d67f56eda9c44e2b5521173b2a87093673b582c58aad1eeb4bc5c7587e73c5e1b4942fdbbeb1528c9dadf2e038ebef09e520c461362dee294fdb66001fdd23e8d90"}}, @mesh_id={0x72, 0x6}, @mic={0x8c, 0x10, {0x27, "85359bbf0068", @short="8b3b59d03b184c8d"}}, @tim={0x5, 0x5a, {0x6, 0x58, 0x4, "9f574fd134487abb3f99a7b32f631de681adba64e7c3b756c6962f76a4b12b8bc87fb17e0ab034bd4265249937de35c1417cd5365108776fcd742b52b6064f443e93224dee52a1ef0961192d6d5170b4edf0944cce3375"}}, @sec_chan_ofs={0x3e, 0x1, 0x1}, @peer_mgmt={0x75, 0x16, {0x1, 0xc0c, @val=0xffff, @void, @val="e643000d7e85a8845b613a1a88d6e28c"}}, @supported_rates={0x1, 0x3, [{0x4, 0x1}, {0x6c, 0x1}, {0x1b, 0x1}]}, @random_vendor={0xdd, 0xbf, "085c772f9789ba10e5181009ddbba0c6cc0d1a75beb1bade7bb95b8c13e58eb6568d910f9cfd6bfc9447e95c73ed5b7edd1f952ddc448d1bbea289ee32b5e06537c9c333e793833a95de7660593332feb4c8cd456adf16e4415a0a629447bfa30784fd47b944bfb3af6a9debbf84e2ea853cb6b74dbf357411963b875b536f36d51d91f6214f8872b0a4bb61f68951c606e3173c7fce0d29acd2378931940f4a8902c7f1511282f4304c27ee3f8ae6809cf616fe0c3f37170d03d340cf8ac8"}]}, @NL80211_ATTR_IE_PROBE_RESP={0xaa, 0x7f, [@tim={0x5, 0xa4, {0x3f, 0xc9, 0xa1, "7b35d246dec05f9a28efdd55e088b840a20ea627f12ace35163a657109060ea98567e8becb1b9445fa11c733f867c7efcbb0a28b7c381444f59a00f6cc2fd3c0e899148d299191a5582569f565f5f75a4ca82890bb53e84d644cf8d11820132fe55bc4915551ecb7bbda0f91979e8f704bfa819af139918f7495219c50dfb01dc5b2bf747d74fb70b4e36e34baf51245e8c853339accea1be7db2a4e427513b167"}}]}, @NL80211_ATTR_BEACON_TAIL={0x34, 0xf, [@ht={0x2d, 0x1a, {0x300, 0x2, 0x3, 0x0, {0x10001, 0x7, 0x0, 0x4, 0x0, 0x1, 0x1, 0x2}, 0x800, 0x101, 0x6}}, @link_id={0x65, 0x12, {@initial, @device_b, @broadcast}}]}]}, 0x688}, 0x1, 0x0, 0x0, 0x40000c0}, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x50, r5, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000600)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0x88, r5, 0x10, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7, 0x59}}}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x148c}], @NL80211_ATTR_CSA_C_OFFSETS_TX={0x14, 0xcd, [0x3fb4, 0x81, 0x1ff, 0x6, 0x5, 0x200, 0x9, 0x8]}, @chandef_params, @NL80211_ATTR_FRAME={0x30, 0x33, @deauth={@wo_ht={{0x0, 0x0, 0xc, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x9}, @broadcast, @device_a, @initial, {0x7, 0xd2}}, 0x38, @val={0x8c, 0x10, {0x2aa, "c72b0de77106", @short="dff582368470d5d2"}}}}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0x88}, 0x1, 0x0, 0x0, 0x4000810}, 0x4040000) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2634.273756][T19338] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2634.275837][T19340] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:26:52 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0xe000000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2634.423602][T17333] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 2634.465187][T19356] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:26:52 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0xf000000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2634.468815][T19357] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2634.471446][T19358] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=19358 comm=syz-executor.5 [ 2634.522692][T19356] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:26:52 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x3f000000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:26:52 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0xc0, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2634.663295][T17333] usb 3-1: Using ep0 maxpacket: 16 [ 2634.699628][T19363] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2634.751493][T19363] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2634.803751][T17333] usb 3-1: config 0 has an invalid interface number: 197 but max is 1 [ 2634.803786][T17333] usb 3-1: config 0 has no interface number 1 [ 2634.803834][T17333] usb 3-1: config 0 interface 197 altsetting 168 has an invalid endpoint with address 0x0, skipping [ 2634.803863][T17333] usb 3-1: config 0 interface 197 altsetting 168 has an invalid endpoint with address 0x0, skipping [ 2634.803891][T17333] usb 3-1: config 0 interface 197 altsetting 168 has an invalid endpoint with address 0x0, skipping [ 2634.803933][T17333] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 2634.803960][T17333] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 2634.803985][T17333] usb 3-1: config 0 interface 197 has no altsetting 0 [ 2634.804134][T19365] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2634.963658][T17333] usb 3-1: New USB device found, idVendor=0403, idProduct=f9d0, bcdDevice=9f.df [ 2634.963694][T17333] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2634.963720][T17333] usb 3-1: Product: syz [ 2634.963738][T17333] usb 3-1: Manufacturer: syz [ 2634.963757][T17333] usb 3-1: SerialNumber: syz [ 2634.966216][T17333] usb 3-1: config 0 descriptor?? [ 2635.245593][T17333] ftdi_sio 3-1:0.197: FTDI USB Serial Device converter detected [ 2635.246319][T17333] usb 3-1: Detected FT2232C [ 2635.263407][T17333] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 2635.283497][T17333] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 2635.284638][T17333] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2635.287260][T17333] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 2635.287959][T17333] usb 3-1: Detected FT2232C [ 2635.303386][T17333] ftdi_sio ttyUSB1: Unable to read latency timer: -71 [ 2635.323457][T17333] ftdi_sio ttyUSB1: Unable to write latency timer: -71 [ 2635.324551][T17333] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB1 [ 2635.335205][T17333] usb 3-1: USB disconnect, device number 28 [ 2635.338792][T17333] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2635.339789][T17333] ftdi_sio 3-1:0.197: device disconnected [ 2635.362429][T17333] ftdi_sio ttyUSB1: FTDI USB Serial Device converter now disconnected from ttyUSB1 [ 2635.362816][T17333] ftdi_sio 3-1:0.0: device disconnected 19:27:03 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x70, 0x30, 0x8586b2d6831d36c9, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x0, 0x0, 0x9}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0) 19:27:03 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x60000000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:27:03 executing program 3: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x4, 0x0, @fd_index}, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd=r3}, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000280)={0x0, 0x0, 0x30}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 19:27:03 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x28, 0x0, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x28}}, 0x0) sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000540)={&(0x7f0000000040)={0x24, 0x0, 0xa10, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x24}}, 0x40) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) r6 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x28, r6, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x28}}, 0x0) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x30, r6, 0x300, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="5f4a21c0b617"}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000040}, 0x8000) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:27:03 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0xec0, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:27:03 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002b00)={0x0, 0x0, &(0x7f0000002ac0)={&(0x7f00000004c0)=@acquire={0x1ac, 0x17, 0x1, 0x0, 0x0, {{@in=@local}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {@in=@multicast2, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@mcast2, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x0, 0x0, 0x0, 0x2}}}, [@tmpl={0x84, 0x5, [{{@in6=@empty, 0x0, 0x32}, 0x0, @in=@private}, {{@in6=@remote, 0x0, 0x33}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x4}]}]}, 0x1ac}}, 0x0) 19:27:03 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f00000006c0)={0x3c, r1, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8}}]}, 0x3c}}, 0x0) 19:27:03 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0xffffff7f, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2645.542258][T19375] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2645.556442][T19374] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:27:03 executing program 3: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = socket(0x1d, 0x2, 0x6) dup2(r0, r1) [ 2645.595536][T19379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2645.613427][T19380] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2645.651229][T19375] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2645.665951][T19374] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:27:03 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f00000006c0)={0x3c, r1, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8}}]}, 0x3c}}, 0x0) 19:27:03 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:27:03 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x38, r1, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_PEER_V6={0x14, 0x9, @local}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e22}]}, 0x38}}, 0x0) 19:27:03 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f00000006c0)={0x3c, r1, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8}}]}, 0x3c}}, 0x0) 19:27:03 executing program 3: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x9}, 0xb9, 0x59d, 0x9858, 0xfffffffffffffff7, 0x0, 0x0, 0x7f}) sendmsg$DCCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0}, 0x0) r1 = dup(0xffffffffffffffff) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0xa00, 0x0) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x137) sendmsg$nl_route(r2, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="640000001300000125bd7000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="002200000002060024002b8008000800", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="08001300", @ANYRES32, @ANYBLOB="0800030001000000050300003f00000008003c000010000008000f00000100005f63200009000000"], 0x64}, 0x1, 0x0, 0x0, 0x801c1}, 0x4040) ptrace$cont(0x7, 0x0, 0x1, 0xf4) syz_open_procfs(0x0, 0x0) r3 = dup(r0) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) socket$inet6_mptcp(0xa, 0x1, 0x106) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x18, r4, 0x3, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}}, 0x0) sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2094010}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, r4, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x14008080) r5 = open(&(0x7f0000000200)='./bus\x00', 0x1610c2, 0x1) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x4000000000010043) 19:27:03 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{0x5}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:27:03 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x28, 0x0, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x28}}, 0x0) sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000540)={&(0x7f0000000040)={0x24, 0x0, 0xa10, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x24}}, 0x40) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) r6 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x28, r6, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x28}}, 0x0) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x30, r6, 0x300, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="5f4a21c0b617"}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000040}, 0x8000) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000040)) (async) sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x28, 0x0, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x28}}, 0x0) (async) sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000540)={&(0x7f0000000040)={0x24, 0x0, 0xa10, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x24}}, 0x40) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040)) (async) sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x28, r6, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x28}}, 0x0) (async) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x30, r6, 0x300, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="5f4a21c0b617"}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000040}, 0x8000) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (async) 19:27:03 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x33fe0, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2646.128729][T19402] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2646.180423][T19402] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2646.204503][T19403] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2646.240339][T19405] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2646.264197][T19411] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2646.275711][T19402] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2646.316583][T19403] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2651.603430][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 2651.605731][ T1225] ieee802154 phy0 wpan0: encryption failed: -22 [ 2651.605777][ T1225] ieee802154 phy1 wpan1: encryption failed: -22 19:27:17 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreqn(r0, 0x0, 0x4, &(0x7f0000000000)={@multicast1, @local={0xac, 0x14, 0x0}}, 0xc) 19:27:17 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f00000006c0)={0x3c, r1, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8}}]}, 0x3c}}, 0x0) 19:27:17 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{0x6}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:27:17 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x28, 0x0, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x28}}, 0x0) sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000540)={&(0x7f0000000040)={0x24, 0x0, 0xa10, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x24}}, 0x40) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) r6 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x28, r6, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x28}}, 0x0) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x30, r6, 0x300, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="5f4a21c0b617"}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000040}, 0x8000) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000040)) (async) sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x28, 0x0, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x28}}, 0x0) (async) sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000540)={&(0x7f0000000040)={0x24, 0x0, 0xa10, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x24}}, 0x40) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040)) (async) sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x28, r6, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x28}}, 0x0) (async) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x30, r6, 0x300, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="5f4a21c0b617"}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000040}, 0x8000) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (async) 19:27:17 executing program 3: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x9}, 0xb9, 0x59d, 0x9858, 0xfffffffffffffff7, 0x0, 0x0, 0x7f}) sendmsg$DCCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0}, 0x0) r1 = dup(0xffffffffffffffff) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0xa00, 0x0) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x137) sendmsg$nl_route(r2, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="640000001300000125bd7000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="002200000002060024002b8008000800", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="08001300", @ANYRES32, @ANYBLOB="0800030001000000050300003f00000008003c000010000008000f00000100005f63200009000000"], 0x64}, 0x1, 0x0, 0x0, 0x801c1}, 0x4040) ptrace$cont(0x7, 0x0, 0x1, 0xf4) syz_open_procfs(0x0, 0x0) r3 = dup(r0) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) socket$inet6_mptcp(0xa, 0x1, 0x106) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x18, r4, 0x3, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}}, 0x0) sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2094010}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, r4, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x14008080) r5 = open(&(0x7f0000000200)='./bus\x00', 0x1610c2, 0x1) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x4000000000010043) 19:27:17 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x7ffff000, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:27:17 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)) ioctl$PPPIOCSFLAGS1(r0, 0x4010744d, 0x0) [ 2660.149485][T19432] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2660.167061][T19434] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:27:18 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{0x7}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2660.201549][T19435] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2660.219321][T19434] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:27:18 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000540)=@mgmt_frame=@auth={@wo_ht={{0x0, 0x0, 0xb, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x80}, @broadcast, @device_b, @random="50f960eaee2e", {0x2, 0x4}}, 0x1, 0x1, 0x69, @val={0x10, 0x1, 0x10}, [{0xdd, 0x5c, "98a2021dda03bfc87f67130d1990363f6fd715b44c1997150b44c375cf43430ac242ff3e022d0a947f88c39a18e96d24bec3334d223a92dd1de23e7800665e525d0e4a6ab3610b91c8c85a84648248de235831bfabbdbec920682b03"}, {0xdd, 0x2f, "d1867ec05f89a44485156df1823a3dc13f88408ec2079c73a2ea102a2247fcd2ffde10b3f08715566ab60ce3fbddf5"}, {0xdd, 0x18, "d4f96f67927e5ce3afebb47bf9f7717598b9661b2eea3dea"}, {0xdd, 0xe3, "80087967e888a35b60c91f92d80b3e6892ad01174c25329b8b72b2a0ff2d60bf6318a399b4851c71102fb9d6dbad436ed7affea478e632b7bfb20c9c8b8b9c80a56f19b563e7f473dab7e1da6a3a03db8f211d6810b193899f0499370023d9bde5787351579ed8b46d580112002ac737111da701d409c4b8c3c18149624af30cb38b8db349559e1f4628bea34a6d789b497cae3857158aeeb6939611cf08369a753584e4c476398ee08d472dfbfaac34b2cbd7a7dc341905a47a5088125efbe2ff7e70f4967df6757051104252160ceb4c602a4b16dc0333f6c3dfbf696f1ba067040d"}, {0xdd, 0xab, "400082221df4ca4a6b2e1d9eab50526070e8c8028fa571b680e04e92b23461d212bac5101c792f3fef10132d9934cf6818b54ac896aa1e4e4e8c3fa8e6ba8bd33428b65ce11824b25fd237b9e159a17efe2f2c593807de1b9a6ff32a824c6d29423c2f3bf31027a7de7e18dc5c0e8d1092f873b512bd028a9367ea91bdfa9406461c8197bcdabc52b6e2e12536a30fd9dfd630acc6a490b5603730166da162bef8f35692429fab9636777d"}, {0xdd, 0x84, "efd8352441d7f16525a2bac44678a724e6d67fd40c740a7b56d692086605ba1d86c69313929f56c6940e07c5c5e90b467ef1e9661e3b8f5cccd6d3ca254288323695bbf8a27ae590cb16b025d5ba85e80e4929266e88a1fda1a7e71c06c6576be3155af3618eb3e5bc24cecfb1657ccfa8831f1ca587ccaf0e9cb93d427c6438b221329c"}, {0xdd, 0x78, "31e621c1294ed46c22745e2b2052be6a80ba4871958811a8c4ca3ec3bc3d0cc7982408ad3dc86fab132d9bee66c2aab61bb7cad01669ea9bf8e526905d6a1978dd8e75a25f8791434597316bf3c29247eac940f32515eca80920c7a2d18f3338bb071d111afa85bfeb282b4af005e983a252d32438e72fbb"}]}, 0x35c) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2660.255148][T19435] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2660.271274][T19434] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:27:18 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2660.450627][T19445] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2660.503048][T19445] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:27:18 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0xfffffdef, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2660.556851][T19445] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:27:18 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)) ioctl$PPPIOCSFLAGS1(r0, 0x4010744d, 0x0) [ 2660.749196][T19454] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2660.800366][T19454] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2660.851655][T19452] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:27:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{0x9}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:27:32 executing program 1: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)) ioctl$PPPIOCSFLAGS1(r0, 0x4010744d, 0x0) 19:27:32 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)) ioctl$PPPIOCSFLAGS1(r0, 0x4010744d, 0x0) 19:27:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000540)=@mgmt_frame=@auth={@wo_ht={{0x0, 0x0, 0xb, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x80}, @broadcast, @device_b, @random="50f960eaee2e", {0x2, 0x4}}, 0x1, 0x1, 0x69, @val={0x10, 0x1, 0x10}, [{0xdd, 0x5c, "98a2021dda03bfc87f67130d1990363f6fd715b44c1997150b44c375cf43430ac242ff3e022d0a947f88c39a18e96d24bec3334d223a92dd1de23e7800665e525d0e4a6ab3610b91c8c85a84648248de235831bfabbdbec920682b03"}, {0xdd, 0x2f, "d1867ec05f89a44485156df1823a3dc13f88408ec2079c73a2ea102a2247fcd2ffde10b3f08715566ab60ce3fbddf5"}, {0xdd, 0x18, "d4f96f67927e5ce3afebb47bf9f7717598b9661b2eea3dea"}, {0xdd, 0xe3, "80087967e888a35b60c91f92d80b3e6892ad01174c25329b8b72b2a0ff2d60bf6318a399b4851c71102fb9d6dbad436ed7affea478e632b7bfb20c9c8b8b9c80a56f19b563e7f473dab7e1da6a3a03db8f211d6810b193899f0499370023d9bde5787351579ed8b46d580112002ac737111da701d409c4b8c3c18149624af30cb38b8db349559e1f4628bea34a6d789b497cae3857158aeeb6939611cf08369a753584e4c476398ee08d472dfbfaac34b2cbd7a7dc341905a47a5088125efbe2ff7e70f4967df6757051104252160ceb4c602a4b16dc0333f6c3dfbf696f1ba067040d"}, {0xdd, 0xab, "400082221df4ca4a6b2e1d9eab50526070e8c8028fa571b680e04e92b23461d212bac5101c792f3fef10132d9934cf6818b54ac896aa1e4e4e8c3fa8e6ba8bd33428b65ce11824b25fd237b9e159a17efe2f2c593807de1b9a6ff32a824c6d29423c2f3bf31027a7de7e18dc5c0e8d1092f873b512bd028a9367ea91bdfa9406461c8197bcdabc52b6e2e12536a30fd9dfd630acc6a490b5603730166da162bef8f35692429fab9636777d"}, {0xdd, 0x84, "efd8352441d7f16525a2bac44678a724e6d67fd40c740a7b56d692086605ba1d86c69313929f56c6940e07c5c5e90b467ef1e9661e3b8f5cccd6d3ca254288323695bbf8a27ae590cb16b025d5ba85e80e4929266e88a1fda1a7e71c06c6576be3155af3618eb3e5bc24cecfb1657ccfa8831f1ca587ccaf0e9cb93d427c6438b221329c"}, {0xdd, 0x78, "31e621c1294ed46c22745e2b2052be6a80ba4871958811a8c4ca3ec3bc3d0cc7982408ad3dc86fab132d9bee66c2aab61bb7cad01669ea9bf8e526905d6a1978dd8e75a25f8791434597316bf3c29247eac940f32515eca80920c7a2d18f3338bb071d111afa85bfeb282b4af005e983a252d32438e72fbb"}]}, 0x35c) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:27:32 executing program 3: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x9}, 0xb9, 0x59d, 0x9858, 0xfffffffffffffff7, 0x0, 0x0, 0x7f}) sendmsg$DCCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0}, 0x0) r1 = dup(0xffffffffffffffff) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0xa00, 0x0) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x137) sendmsg$nl_route(r2, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="640000001300000125bd7000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="002200000002060024002b8008000800", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="08001300", @ANYRES32, @ANYBLOB="0800030001000000050300003f00000008003c000010000008000f00000100005f63200009000000"], 0x64}, 0x1, 0x0, 0x0, 0x801c1}, 0x4040) ptrace$cont(0x7, 0x0, 0x1, 0xf4) syz_open_procfs(0x0, 0x0) r3 = dup(r0) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) socket$inet6_mptcp(0xa, 0x1, 0x106) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x18, r4, 0x3, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}}, 0x0) sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2094010}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, r4, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x14008080) r5 = open(&(0x7f0000000200)='./bus\x00', 0x1610c2, 0x1) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x4000000000010043) 19:27:32 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0xa, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:27:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000540)=@mgmt_frame=@auth={@wo_ht={{0x0, 0x0, 0xb, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x80}, @broadcast, @device_b, @random="50f960eaee2e", {0x2, 0x4}}, 0x1, 0x1, 0x69, @val={0x10, 0x1, 0x10}, [{0xdd, 0x5c, "98a2021dda03bfc87f67130d1990363f6fd715b44c1997150b44c375cf43430ac242ff3e022d0a947f88c39a18e96d24bec3334d223a92dd1de23e7800665e525d0e4a6ab3610b91c8c85a84648248de235831bfabbdbec920682b03"}, {0xdd, 0x2f, "d1867ec05f89a44485156df1823a3dc13f88408ec2079c73a2ea102a2247fcd2ffde10b3f08715566ab60ce3fbddf5"}, {0xdd, 0x18, "d4f96f67927e5ce3afebb47bf9f7717598b9661b2eea3dea"}, {0xdd, 0xe3, "80087967e888a35b60c91f92d80b3e6892ad01174c25329b8b72b2a0ff2d60bf6318a399b4851c71102fb9d6dbad436ed7affea478e632b7bfb20c9c8b8b9c80a56f19b563e7f473dab7e1da6a3a03db8f211d6810b193899f0499370023d9bde5787351579ed8b46d580112002ac737111da701d409c4b8c3c18149624af30cb38b8db349559e1f4628bea34a6d789b497cae3857158aeeb6939611cf08369a753584e4c476398ee08d472dfbfaac34b2cbd7a7dc341905a47a5088125efbe2ff7e70f4967df6757051104252160ceb4c602a4b16dc0333f6c3dfbf696f1ba067040d"}, {0xdd, 0xab, "400082221df4ca4a6b2e1d9eab50526070e8c8028fa571b680e04e92b23461d212bac5101c792f3fef10132d9934cf6818b54ac896aa1e4e4e8c3fa8e6ba8bd33428b65ce11824b25fd237b9e159a17efe2f2c593807de1b9a6ff32a824c6d29423c2f3bf31027a7de7e18dc5c0e8d1092f873b512bd028a9367ea91bdfa9406461c8197bcdabc52b6e2e12536a30fd9dfd630acc6a490b5603730166da162bef8f35692429fab9636777d"}, {0xdd, 0x84, "efd8352441d7f16525a2bac44678a724e6d67fd40c740a7b56d692086605ba1d86c69313929f56c6940e07c5c5e90b467ef1e9661e3b8f5cccd6d3ca254288323695bbf8a27ae590cb16b025d5ba85e80e4929266e88a1fda1a7e71c06c6576be3155af3618eb3e5bc24cecfb1657ccfa8831f1ca587ccaf0e9cb93d427c6438b221329c"}, {0xdd, 0x78, "31e621c1294ed46c22745e2b2052be6a80ba4871958811a8c4ca3ec3bc3d0cc7982408ad3dc86fab132d9bee66c2aab61bb7cad01669ea9bf8e526905d6a1978dd8e75a25f8791434597316bf3c29247eac940f32515eca80920c7a2d18f3338bb071d111afa85bfeb282b4af005e983a252d32438e72fbb"}]}, 0x35c) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000540)=@mgmt_frame=@auth={@wo_ht={{0x0, 0x0, 0xb, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x80}, @broadcast, @device_b, @random="50f960eaee2e", {0x2, 0x4}}, 0x1, 0x1, 0x69, @val={0x10, 0x1, 0x10}, [{0xdd, 0x5c, "98a2021dda03bfc87f67130d1990363f6fd715b44c1997150b44c375cf43430ac242ff3e022d0a947f88c39a18e96d24bec3334d223a92dd1de23e7800665e525d0e4a6ab3610b91c8c85a84648248de235831bfabbdbec920682b03"}, {0xdd, 0x2f, "d1867ec05f89a44485156df1823a3dc13f88408ec2079c73a2ea102a2247fcd2ffde10b3f08715566ab60ce3fbddf5"}, {0xdd, 0x18, "d4f96f67927e5ce3afebb47bf9f7717598b9661b2eea3dea"}, {0xdd, 0xe3, "80087967e888a35b60c91f92d80b3e6892ad01174c25329b8b72b2a0ff2d60bf6318a399b4851c71102fb9d6dbad436ed7affea478e632b7bfb20c9c8b8b9c80a56f19b563e7f473dab7e1da6a3a03db8f211d6810b193899f0499370023d9bde5787351579ed8b46d580112002ac737111da701d409c4b8c3c18149624af30cb38b8db349559e1f4628bea34a6d789b497cae3857158aeeb6939611cf08369a753584e4c476398ee08d472dfbfaac34b2cbd7a7dc341905a47a5088125efbe2ff7e70f4967df6757051104252160ceb4c602a4b16dc0333f6c3dfbf696f1ba067040d"}, {0xdd, 0xab, "400082221df4ca4a6b2e1d9eab50526070e8c8028fa571b680e04e92b23461d212bac5101c792f3fef10132d9934cf6818b54ac896aa1e4e4e8c3fa8e6ba8bd33428b65ce11824b25fd237b9e159a17efe2f2c593807de1b9a6ff32a824c6d29423c2f3bf31027a7de7e18dc5c0e8d1092f873b512bd028a9367ea91bdfa9406461c8197bcdabc52b6e2e12536a30fd9dfd630acc6a490b5603730166da162bef8f35692429fab9636777d"}, {0xdd, 0x84, "efd8352441d7f16525a2bac44678a724e6d67fd40c740a7b56d692086605ba1d86c69313929f56c6940e07c5c5e90b467ef1e9661e3b8f5cccd6d3ca254288323695bbf8a27ae590cb16b025d5ba85e80e4929266e88a1fda1a7e71c06c6576be3155af3618eb3e5bc24cecfb1657ccfa8831f1ca587ccaf0e9cb93d427c6438b221329c"}, {0xdd, 0x78, "31e621c1294ed46c22745e2b2052be6a80ba4871958811a8c4ca3ec3bc3d0cc7982408ad3dc86fab132d9bee66c2aab61bb7cad01669ea9bf8e526905d6a1978dd8e75a25f8791434597316bf3c29247eac940f32515eca80920c7a2d18f3338bb071d111afa85bfeb282b4af005e983a252d32438e72fbb"}]}, 0x35c) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) (async) 19:27:32 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)) ioctl$PPPIOCSFLAGS1(r0, 0x4010744d, 0x0) [ 2674.740594][T19472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2674.747225][T19474] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2674.795747][T19472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:27:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{0xa}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2674.848184][T19472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2675.068350][T19482] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:27:32 executing program 2: r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f00000001c0)=@base={0x1, 0x16, 0x8, 0x7f}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1f, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @generic={0x16, 0x0, 0x0, 0x2}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x4, 0xe1, &(0x7f0000000340)=""/225, 0x0, 0x19, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) 19:27:32 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x25, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:27:32 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{0xb}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2675.385802][T19496] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2675.438150][T19496] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2675.489490][T19496] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:27:33 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@bloom_filter={0x1e, 0x0, 0x9, 0x10000}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r0, 0x0, &(0x7f0000000080)=@udp6}, 0x20) 19:27:33 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{0xc}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2678.513011][T17506] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 2678.515629][T17506] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 2678.521855][T17506] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 2678.522737][T17506] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 2678.531521][T17506] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 2678.531837][T17506] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 2678.646254][T19512] chnl_net:caif_netlink_parms(): no params data found [ 2678.699754][T19512] bridge0: port 1(bridge_slave_0) entered blocking state [ 2678.699838][T19512] bridge0: port 1(bridge_slave_0) entered disabled state [ 2678.700565][T19512] device bridge_slave_0 entered promiscuous mode [ 2678.702028][T19512] bridge0: port 2(bridge_slave_1) entered blocking state [ 2678.702098][T19512] bridge0: port 2(bridge_slave_1) entered disabled state [ 2678.702758][T19512] device bridge_slave_1 entered promiscuous mode [ 2678.749957][T19512] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2678.752142][T19512] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2678.784847][T19512] team0: Port device team_slave_0 added [ 2678.787275][T19512] team0: Port device team_slave_1 added [ 2678.825798][T19512] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2678.825815][T19512] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2678.825842][T19512] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2678.827990][T19512] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2678.828006][T19512] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2678.828034][T19512] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2678.927108][T19512] device hsr_slave_0 entered promiscuous mode [ 2678.928092][T19512] device hsr_slave_1 entered promiscuous mode [ 2678.928706][T19512] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2678.928730][T19512] Cannot create hsr debugfs directory [ 2679.033845][T19512] bridge0: port 2(bridge_slave_1) entered blocking state [ 2679.033912][T19512] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2679.034106][T19512] bridge0: port 1(bridge_slave_0) entered blocking state [ 2679.034182][T19512] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2679.100189][T19512] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2679.108306][T18489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2679.110296][T18489] bridge0: port 1(bridge_slave_0) entered disabled state [ 2679.118439][T18489] bridge0: port 2(bridge_slave_1) entered disabled state [ 2679.127491][T18489] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2679.147462][T19512] 8021q: adding VLAN 0 to HW filter on device team0 [ 2679.164358][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2679.164876][T17333] bridge0: port 1(bridge_slave_0) entered blocking state [ 2679.164937][T17333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2679.165428][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2679.165887][T17333] bridge0: port 2(bridge_slave_1) entered blocking state [ 2679.165944][T17333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2679.183021][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2679.184820][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2679.191872][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2679.212915][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2679.219979][T18489] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2679.232721][T19512] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2679.260974][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2679.261122][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2679.268748][T19512] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2679.538554][T18489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2679.550479][ T1693] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2679.551362][ T1693] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2679.551980][ T1693] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2679.562083][T19512] device veth0_vlan entered promiscuous mode [ 2679.576281][T19512] device veth1_vlan entered promiscuous mode [ 2679.600023][T18489] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 2679.600845][T18489] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 2679.601750][T18489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2679.606218][T19512] device veth0_macvtap entered promiscuous mode [ 2679.609889][T19512] device veth1_macvtap entered promiscuous mode [ 2679.623847][T19512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2679.623869][T19512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2679.623879][T19512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2679.623894][T19512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2679.623907][T19512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2679.623921][T19512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2679.623933][T19512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2679.623949][T19512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2679.623959][T19512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2679.623974][T19512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2679.638838][T19512] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2679.639243][ T1693] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2679.642988][ T1693] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 2679.651059][T19512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2679.651079][T19512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2679.651089][T19512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2679.651103][T19512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2679.651116][T19512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2679.651130][T19512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2679.651142][T19512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2679.651156][T19512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2679.651166][T19512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2679.651180][T19512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2679.652315][T19512] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2679.654012][T18485] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 2679.654679][T18485] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 2679.796689][T17362] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2679.796709][T17362] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2679.801124][T18485] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 2679.857419][T17362] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2679.857440][T17362] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2679.862656][T18485] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2680.085749][T19533] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2680.137380][T19533] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2680.189072][T19534] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2680.192305][T19535] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2680.563817][T17333] Bluetooth: hci1: command 0x0409 tx timeout [ 2682.643693][T17333] Bluetooth: hci1: command 0x041b tx timeout [ 2684.723692][T17333] Bluetooth: hci1: command 0x040f tx timeout [ 2686.803632][T18488] Bluetooth: hci1: command 0x0419 tx timeout 19:27:49 executing program 1: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)) ioctl$PPPIOCSFLAGS1(r0, 0x4010744d, 0x0) 19:27:49 executing program 3: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x9}, 0xb9, 0x59d, 0x9858, 0xfffffffffffffff7, 0x0, 0x0, 0x7f}) sendmsg$DCCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0}, 0x0) r1 = dup(0xffffffffffffffff) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0xa00, 0x0) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x137) sendmsg$nl_route(r2, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="640000001300000125bd7000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="002200000002060024002b8008000800", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="08001300", @ANYRES32, @ANYBLOB="0800030001000000050300003f00000008003c000010000008000f00000100005f63200009000000"], 0x64}, 0x1, 0x0, 0x0, 0x801c1}, 0x4040) ptrace$cont(0x7, 0x0, 0x1, 0xf4) syz_open_procfs(0x0, 0x0) r3 = dup(r0) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) socket$inet6_mptcp(0xa, 0x1, 0x106) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x18, r4, 0x3, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}}, 0x0) sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2094010}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, r4, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x14008080) r5 = open(&(0x7f0000000200)='./bus\x00', 0x1610c2, 0x1) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x4000000000010043) 19:27:49 executing program 2: r0 = inotify_init() ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x40044900, 0x0) 19:27:49 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x2e, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:27:49 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{0xe}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:27:49 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="7d49e563e1b700"/23], 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f0000000040), &(0x7f0000000180)=@mgmt_frame=@disassoc={@wo_ht={{0x0, 0x0, 0xa, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x9}, @device_a, @device_a, @random="21611e2ffd43", {0xa, 0x2}}, 0x16, @val={0x8c, 0x18, {0x284, "a8bbafdf6959", @long="5903c288c396f60fdf0e097fb8bcb270"}}}, 0x34) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:27:50 executing program 2: syz_mount_image$xfs(&(0x7f00000033c0), &(0x7f0000003400)='./file0\x00', 0x0, 0x0, &(0x7f0000003540), 0x0, &(0x7f0000003580)={[{@filestreams}]}) [ 2692.254087][T19546] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2692.258647][T19546] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2692.285305][T19549] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2692.293664][T18488] wlan1: authenticate with 08:02:11:00:00:00 [ 2692.294041][T18488] wlan1: bad VHT capabilities, disabling VHT [ 2692.294052][T18488] wlan1: Invalid HE elem, Disable HE [ 2692.295073][T18488] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 2692.310664][ T4346] wlan1: authenticated [ 2692.310945][T19546] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2692.311035][T18488] mac80211_hwsim hwsim45 wlan1: disabling HT/VHT/HE as WMM/QoS is not supported by the AP [ 2692.313436][ T4346] wlan1: associate with 08:02:11:00:00:00 (try 1/3) 19:27:50 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) (rerun: 32) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="7d49e563e1b700"/23], 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async, rerun: 32) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async, rerun: 32) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f0000000040), &(0x7f0000000180)=@mgmt_frame=@disassoc={@wo_ht={{0x0, 0x0, 0xa, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x9}, @device_a, @device_a, @random="21611e2ffd43", {0xa, 0x2}}, 0x16, @val={0x8c, 0x18, {0x284, "a8bbafdf6959", @long="5903c288c396f60fdf0e097fb8bcb270"}}}, 0x34) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2692.344697][T19553] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2692.362819][T19546] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2692.364314][ T42] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 2692.364904][ T42] wlan1: associated [ 2692.366882][T19546] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:27:50 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x6b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:27:50 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2692.397008][T19549] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2692.479084][T19555] XFS (loop2): Invalid superblock magic number 19:27:50 executing program 2: syz_mount_image$xfs(&(0x7f00000033c0), &(0x7f0000003400)='./file0\x00', 0x0, 0x0, &(0x7f0000003540), 0x0, &(0x7f0000003580)={[{@filestreams}]}) [ 2692.914850][T19574] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:27:50 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="7d49e563e1b700"/23], 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async) syz_80211_inject_frame(&(0x7f0000000040), &(0x7f0000000180)=@mgmt_frame=@disassoc={@wo_ht={{0x0, 0x0, 0xa, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x9}, @device_a, @device_a, @random="21611e2ffd43", {0xa, 0x2}}, 0x16, @val={0x8c, 0x18, {0x284, "a8bbafdf6959", @long="5903c288c396f60fdf0e097fb8bcb270"}}}, 0x34) (async) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 2692.968596][T19581] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2693.020294][T19574] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2693.078310][T19582] XFS (loop2): Invalid superblock magic number 19:27:59 executing program 1: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)) ioctl$PPPIOCSFLAGS1(r0, 0x4010744d, 0x0) 19:27:59 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{0xf, 0x2}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:27:59 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) r3 = syz_open_dev$vcsa(&(0x7f0000000000), 0x7ff, 0x200201) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r6, @ANYBLOB="01edff00e200000004003b1c210008000300", @ANYRES32=r5, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) sendmsg$NL80211_CMD_LEAVE_MESH(r3, &(0x7f00000005c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r1, 0x400, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x24044804) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x80, 0x0, 0x100, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x65}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x16}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x19}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x51}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x54}]}, 0x80}, 0x1, 0x0, 0x0, 0x8011}, 0x4040000) sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000940)={0x688, 0x0, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9c1, 0x79}}}}, [@NL80211_ATTR_BEACON_TAIL={0x341, 0xf, [@dsss={0x3, 0x1, 0xa}, @peer_mgmt={0x75, 0x14, {0x1, 0x7, @void, @void, @val="425397a56ed0fc8846bdf15a059f9bf7"}}, @gcr_ga={0xbd, 0x6, @broadcast}, @fast_bss_trans={0x37, 0x77, {0x9, 0x2, "c7421d6a31f0d3e80ed2182e941928c6", "ee20ba33479f399675c864fc94b40619e8a3aaa485d565e3ee40bfa98e07c46b", "120bf4750865ef2ff64f3a575db2fd58031f736eb91b6e7b18701b4c2a31f1e7", [{0x3, 0x1a, "9e89a114dfb18d7bea8f7e1ffb3c6b3418612fd769a6c58c9437"}, {0x2, 0x7, "5c0cf5f1d46bc4"}]}}, @perr={0x84, 0xee, {0x3f, 0xe, [@not_ext={{}, @device_b, 0xe9, "", 0x8}, @ext={{}, @device_b, 0x1f, @device_b, 0x16}, @not_ext={{}, @device_b, 0x7, "", 0x26}, @not_ext={{}, @broadcast, 0x4a02, "", 0x1}, @ext={{}, @device_a, 0x3, @broadcast, 0x32}, @ext={{}, @device_b, 0x10000, @device_b, 0x36}, @ext={{}, @device_b, 0x1, @device_b, 0x12}, @ext={{}, @device_a, 0x6, @device_a, 0x4}, @ext={{}, @device_a, 0x100, @device_a, 0x2c}, @ext={{}, @device_a, 0x2, @device_a, 0x11}, @ext={{}, @device_a, 0xff, @device_a, 0x29}, @not_ext={{}, @broadcast, 0x0, "", 0x2d}, @ext={{}, @broadcast, 0xeb, @broadcast, 0x2c}, @not_ext={{}, @broadcast, 0x2, "", 0x21}]}}, @random_vendor={0xdd, 0xcb, "b824b29c966f7d78c40cf0f1ba400a2c2737fead014eea7e326d94d7fa738ca866b013ee88baeeb0205581ed396317a8033eb81e12f7ae261af3566fedfcfd2cad050ee70ba64cd77c8d3662d80a6d8551390cedb8d275aa4d567dcdbb362089ccf99401579251284b94e7e1673a5da47266702fa36e844c74d795383a3208c9e19a0cf19167b38bf901118fcb5a403579c5bd0a71c011a22ddd77f283ee6882d359603df9ba290c0a5b2d0be024ac64a37108b1431463f9c41da4cc1e765845b660ee6fcd51f264d23528"}, @mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0xa, 0x20}}, @tim={0x5, 0xd0, {0x40, 0x7b, 0xb9, "760a49f4d9b379e642a679c5716937a8635f7cbdae879fc1da44deca6b5878513435327ab44da727223af589470f0f56f25dfc347a90348e5adb576e9d59688ad9992b54ac7532ddc7f74a90933dcd044bd7ecb7cc5b29bc9a81f57f41ab82ca1db9d29c9215a0da2d8984279d1703804bfb391e88689690895b761b1df14d65e20aabe48b22789b82da95c6addf022d04327e9bd2a98e523a0788f819b1270434c18f7d3abb9c1e8e4d30cec0d23bcda5a861f5ed7e67f0e1ac26dc2fba211fcf369f05d18d4edfe4c1c523f9"}}, @sec_chan_ofs={0x3e, 0x1}, @gcr_ga={0xbd, 0x6}]}, @NL80211_ATTR_IE={0x23a, 0x2a, [@tim={0x5, 0xdd, {0x1, 0x5f, 0x8f, "f03505deab38e5dd71b9134b8562111caaea49da8e01da61663e2a04114b901575ab3fe32479d90b1bef465d496133b4f2fdc3f0254498b3988a4b57b4e5efcfd75ae034e440d38c9f1b484250fb16109e1aa1485941f671c7eb161d757aca536c5ed99d6adc74f8987b116f3b9822d15f4374c2dad0890ab06df1cbd84b0af336b33a18df924c9b7cd5c431f7d7bae9351bb4169b9e71671d67f56eda9c44e2b5521173b2a87093673b582c58aad1eeb4bc5c7587e73c5e1b4942fdbbeb1528c9dadf2e038ebef09e520c461362dee294fdb66001fdd23e8d90"}}, @mesh_id={0x72, 0x6}, @mic={0x8c, 0x10, {0x27, "85359bbf0068", @short="8b3b59d03b184c8d"}}, @tim={0x5, 0x5a, {0x6, 0x58, 0x4, "9f574fd134487abb3f99a7b32f631de681adba64e7c3b756c6962f76a4b12b8bc87fb17e0ab034bd4265249937de35c1417cd5365108776fcd742b52b6064f443e93224dee52a1ef0961192d6d5170b4edf0944cce3375"}}, @sec_chan_ofs={0x3e, 0x1, 0x1}, @peer_mgmt={0x75, 0x16, {0x1, 0xc0c, @val=0xffff, @void, @val="e643000d7e85a8845b613a1a88d6e28c"}}, @supported_rates={0x1, 0x3, [{0x4, 0x1}, {0x6c, 0x1}, {0x1b, 0x1}]}, @random_vendor={0xdd, 0xbf, "085c772f9789ba10e5181009ddbba0c6cc0d1a75beb1bade7bb95b8c13e58eb6568d910f9cfd6bfc9447e95c73ed5b7edd1f952ddc448d1bbea289ee32b5e06537c9c333e793833a95de7660593332feb4c8cd456adf16e4415a0a629447bfa30784fd47b944bfb3af6a9debbf84e2ea853cb6b74dbf357411963b875b536f36d51d91f6214f8872b0a4bb61f68951c606e3173c7fce0d29acd2378931940f4a8902c7f1511282f4304c27ee3f8ae6809cf616fe0c3f37170d03d340cf8ac8"}]}, @NL80211_ATTR_IE_PROBE_RESP={0xaa, 0x7f, [@tim={0x5, 0xa4, {0x3f, 0xc9, 0xa1, "7b35d246dec05f9a28efdd55e088b840a20ea627f12ace35163a657109060ea98567e8becb1b9445fa11c733f867c7efcbb0a28b7c381444f59a00f6cc2fd3c0e899148d299191a5582569f565f5f75a4ca82890bb53e84d644cf8d11820132fe55bc4915551ecb7bbda0f91979e8f704bfa819af139918f7495219c50dfb01dc5b2bf747d74fb70b4e36e34baf51245e8c853339accea1be7db2a4e427513b167"}}]}, @NL80211_ATTR_BEACON_TAIL={0x34, 0xf, [@ht={0x2d, 0x1a, {0x300, 0x2, 0x3, 0x0, {0x10001, 0x7, 0x0, 0x4, 0x0, 0x1, 0x1, 0x2}, 0x800, 0x101, 0x6}}, @link_id={0x65, 0x12, {@initial, @device_b, @broadcast}}]}]}, 0x688}, 0x1, 0x0, 0x0, 0x40000c0}, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x50, 0x0, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$NL80211_CMD_DEL_PMK(r0, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x50, 0x0, 0x2, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x79}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x4010}, 0x10) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:27:59 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:27:59 executing program 3: syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0xffffffffffffffea, 0x0, 0x0, 0x0) syz_mount_image$msdos(0x0, &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='workdir=./file1,lowerdir=./file0,upperdir=./bus,nfs_export=on']) lchown(&(0x7f0000000000)='./bus/file0\x00', 0x0, 0x0) 19:27:59 executing program 2: syz_mount_image$xfs(&(0x7f00000033c0), &(0x7f0000003400)='./file0\x00', 0x0, 0x0, &(0x7f0000003540), 0x0, &(0x7f0000003580)={[{@filestreams}]}) [ 2701.538108][T19602] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2701.566102][T19605] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2701.592568][T19609] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2701.622175][T19605] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2701.645131][T19602] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2701.654166][T19606] XFS (loop2): Invalid superblock magic number 19:27:59 executing program 3: syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0xffffffffffffffea, 0x0, 0x0, 0x0) syz_mount_image$msdos(0x0, &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='workdir=./file1,lowerdir=./file0,upperdir=./bus,nfs_export=on']) lchown(&(0x7f0000000000)='./bus/file0\x00', 0x0, 0x0) [ 2701.714759][T19605] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 19:27:59 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{0xf, 0x3}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) 19:27:59 executing program 2: syz_mount_image$xfs(&(0x7f00000033c0), &(0x7f0000003400)='./file0\x00', 0x0, 0x0, &(0x7f0000003540), 0x0, &(0x7f0000003580)={[{@filestreams}]}) 19:27:59 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x2, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:27:59 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async, rerun: 32) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (rerun: 32) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) r3 = syz_open_dev$vcsa(&(0x7f0000000000), 0x7ff, 0x200201) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r6, @ANYBLOB="01edff00e200000004003b1c210008000300", @ANYRES32=r5, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) (async) sendmsg$NL80211_CMD_LEAVE_MESH(r3, &(0x7f00000005c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r1, 0x400, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x24044804) (async) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async, rerun: 32) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) (async, rerun: 32) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x80, 0x0, 0x100, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x65}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x16}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x39}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x19}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x51}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x54}]}, 0x80}, 0x1, 0x0, 0x0, 0x8011}, 0x4040000) (async) sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000940)={0x688, 0x0, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9c1, 0x79}}}}, [@NL80211_ATTR_BEACON_TAIL={0x341, 0xf, [@dsss={0x3, 0x1, 0xa}, @peer_mgmt={0x75, 0x14, {0x1, 0x7, @void, @void, @val="425397a56ed0fc8846bdf15a059f9bf7"}}, @gcr_ga={0xbd, 0x6, @broadcast}, @fast_bss_trans={0x37, 0x77, {0x9, 0x2, "c7421d6a31f0d3e80ed2182e941928c6", "ee20ba33479f399675c864fc94b40619e8a3aaa485d565e3ee40bfa98e07c46b", "120bf4750865ef2ff64f3a575db2fd58031f736eb91b6e7b18701b4c2a31f1e7", [{0x3, 0x1a, "9e89a114dfb18d7bea8f7e1ffb3c6b3418612fd769a6c58c9437"}, {0x2, 0x7, "5c0cf5f1d46bc4"}]}}, @perr={0x84, 0xee, {0x3f, 0xe, [@not_ext={{}, @device_b, 0xe9, "", 0x8}, @ext={{}, @device_b, 0x1f, @device_b, 0x16}, @not_ext={{}, @device_b, 0x7, "", 0x26}, @not_ext={{}, @broadcast, 0x4a02, "", 0x1}, @ext={{}, @device_a, 0x3, @broadcast, 0x32}, @ext={{}, @device_b, 0x10000, @device_b, 0x36}, @ext={{}, @device_b, 0x1, @device_b, 0x12}, @ext={{}, @device_a, 0x6, @device_a, 0x4}, @ext={{}, @device_a, 0x100, @device_a, 0x2c}, @ext={{}, @device_a, 0x2, @device_a, 0x11}, @ext={{}, @device_a, 0xff, @device_a, 0x29}, @not_ext={{}, @broadcast, 0x0, "", 0x2d}, @ext={{}, @broadcast, 0xeb, @broadcast, 0x2c}, @not_ext={{}, @broadcast, 0x2, "", 0x21}]}}, @random_vendor={0xdd, 0xcb, "b824b29c966f7d78c40cf0f1ba400a2c2737fead014eea7e326d94d7fa738ca866b013ee88baeeb0205581ed396317a8033eb81e12f7ae261af3566fedfcfd2cad050ee70ba64cd77c8d3662d80a6d8551390cedb8d275aa4d567dcdbb362089ccf99401579251284b94e7e1673a5da47266702fa36e844c74d795383a3208c9e19a0cf19167b38bf901118fcb5a403579c5bd0a71c011a22ddd77f283ee6882d359603df9ba290c0a5b2d0be024ac64a37108b1431463f9c41da4cc1e765845b660ee6fcd51f264d23528"}, @mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0xa, 0x20}}, @tim={0x5, 0xd0, {0x40, 0x7b, 0xb9, "760a49f4d9b379e642a679c5716937a8635f7cbdae879fc1da44deca6b5878513435327ab44da727223af589470f0f56f25dfc347a90348e5adb576e9d59688ad9992b54ac7532ddc7f74a90933dcd044bd7ecb7cc5b29bc9a81f57f41ab82ca1db9d29c9215a0da2d8984279d1703804bfb391e88689690895b761b1df14d65e20aabe48b22789b82da95c6addf022d04327e9bd2a98e523a0788f819b1270434c18f7d3abb9c1e8e4d30cec0d23bcda5a861f5ed7e67f0e1ac26dc2fba211fcf369f05d18d4edfe4c1c523f9"}}, @sec_chan_ofs={0x3e, 0x1}, @gcr_ga={0xbd, 0x6}]}, @NL80211_ATTR_IE={0x23a, 0x2a, [@tim={0x5, 0xdd, {0x1, 0x5f, 0x8f, "f03505deab38e5dd71b9134b8562111caaea49da8e01da61663e2a04114b901575ab3fe32479d90b1bef465d496133b4f2fdc3f0254498b3988a4b57b4e5efcfd75ae034e440d38c9f1b484250fb16109e1aa1485941f671c7eb161d757aca536c5ed99d6adc74f8987b116f3b9822d15f4374c2dad0890ab06df1cbd84b0af336b33a18df924c9b7cd5c431f7d7bae9351bb4169b9e71671d67f56eda9c44e2b5521173b2a87093673b582c58aad1eeb4bc5c7587e73c5e1b4942fdbbeb1528c9dadf2e038ebef09e520c461362dee294fdb66001fdd23e8d90"}}, @mesh_id={0x72, 0x6}, @mic={0x8c, 0x10, {0x27, "85359bbf0068", @short="8b3b59d03b184c8d"}}, @tim={0x5, 0x5a, {0x6, 0x58, 0x4, "9f574fd134487abb3f99a7b32f631de681adba64e7c3b756c6962f76a4b12b8bc87fb17e0ab034bd4265249937de35c1417cd5365108776fcd742b52b6064f443e93224dee52a1ef0961192d6d5170b4edf0944cce3375"}}, @sec_chan_ofs={0x3e, 0x1, 0x1}, @peer_mgmt={0x75, 0x16, {0x1, 0xc0c, @val=0xffff, @void, @val="e643000d7e85a8845b613a1a88d6e28c"}}, @supported_rates={0x1, 0x3, [{0x4, 0x1}, {0x6c, 0x1}, {0x1b, 0x1}]}, @random_vendor={0xdd, 0xbf, "085c772f9789ba10e5181009ddbba0c6cc0d1a75beb1bade7bb95b8c13e58eb6568d910f9cfd6bfc9447e95c73ed5b7edd1f952ddc448d1bbea289ee32b5e06537c9c333e793833a95de7660593332feb4c8cd456adf16e4415a0a629447bfa30784fd47b944bfb3af6a9debbf84e2ea853cb6b74dbf357411963b875b536f36d51d91f6214f8872b0a4bb61f68951c606e3173c7fce0d29acd2378931940f4a8902c7f1511282f4304c27ee3f8ae6809cf616fe0c3f37170d03d340cf8ac8"}]}, @NL80211_ATTR_IE_PROBE_RESP={0xaa, 0x7f, [@tim={0x5, 0xa4, {0x3f, 0xc9, 0xa1, "7b35d246dec05f9a28efdd55e088b840a20ea627f12ace35163a657109060ea98567e8becb1b9445fa11c733f867c7efcbb0a28b7c381444f59a00f6cc2fd3c0e899148d299191a5582569f565f5f75a4ca82890bb53e84d644cf8d11820132fe55bc4915551ecb7bbda0f91979e8f704bfa819af139918f7495219c50dfb01dc5b2bf747d74fb70b4e36e34baf51245e8c853339accea1be7db2a4e427513b167"}}]}, @NL80211_ATTR_BEACON_TAIL={0x34, 0xf, [@ht={0x2d, 0x1a, {0x300, 0x2, 0x3, 0x0, {0x10001, 0x7, 0x0, 0x4, 0x0, 0x1, 0x1, 0x2}, 0x800, 0x101, 0x6}}, @link_id={0x65, 0x12, {@initial, @device_b, @broadcast}}]}]}, 0x688}, 0x1, 0x0, 0x0, 0x40000c0}, 0x0) (async, rerun: 32) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x50, 0x0, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) (async, rerun: 32) sendmsg$NL80211_CMD_DEL_PMK(r0, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x50, 0x0, 0x2, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x79}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x4010}, 0x10) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 19:27:59 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{0xf, 0x4}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {@wo_ht={{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0) [ 2702.108370][T19625] XFS (loop2): Invalid superblock magic number [ 2702.155641][T19635] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2702.217088][T19635] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2702.268864][T19635] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2702.326313][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2702.327960][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2702.338508][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2702.339712][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2702.349547][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2703.186568][ T42] wlan1: deauthenticating from 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING) [ 2703.325174][ T42] device hsr_slave_0 left promiscuous mode [ 2703.325830][ T42] device hsr_slave_1 left promiscuous mode [ 2703.326566][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2703.326597][ T42] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2703.328904][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2703.328932][ T42] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2703.331122][ T42] device bridge_slave_1 left promiscuous mode [ 2703.331262][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 2703.332905][ T42] device bridge_slave_0 left promiscuous mode [ 2703.332992][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 2703.377058][ T42] device veth1_macvtap left promiscuous mode [ 2703.377118][ T42] device veth0_macvtap left promiscuous mode [ 2703.377253][ T42] device veth1_vlan left promiscuous mode [ 2703.377344][ T42] device veth0_vlan left promiscuous mode [ 2703.628801][ T42] team0 (unregistering): Port device team_slave_1 removed [ 2703.641328][ T42] team0 (unregistering): Port device team_slave_0 removed [ 2703.660264][ T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2703.674499][ T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2703.757262][ T42] bond0 (unregistering): Released all slaves [ 2704.883375][T17333] Bluetooth: hci2: command 0x0406 tx timeout [ 2705.453006][ T49] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 2705.463224][ T49] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 2705.464152][ T49] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 2705.464918][ T49] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 2705.465449][ T49] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 2705.465715][ T49] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 2705.586684][T19648] chnl_net:caif_netlink_parms(): no params data found [ 2705.649382][T19648] bridge0: port 1(bridge_slave_0) entered blocking state [ 2705.649458][T19648] bridge0: port 1(bridge_slave_0) entered disabled state [ 2705.650149][T19648] device bridge_slave_0 entered promiscuous mode [ 2705.651570][T19648] bridge0: port 2(bridge_slave_1) entered blocking state [ 2705.651637][T19648] bridge0: port 2(bridge_slave_1) entered disabled state [ 2705.652383][T19648] device bridge_slave_1 entered promiscuous mode [ 2705.708049][T19648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2705.709637][T19648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2705.750506][T19648] team0: Port device team_slave_0 added [ 2705.752454][T19648] team0: Port device team_slave_1 added [ 2705.778437][T19648] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2705.778452][T19648] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2705.778477][T19648] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2705.779697][T19648] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2705.779709][T19648] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2705.779733][T19648] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2705.880077][T19648] device hsr_slave_0 entered promiscuous mode [ 2705.880674][T19648] device hsr_slave_1 entered promiscuous mode [ 2705.881051][T19648] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2705.881066][T19648] Cannot create hsr debugfs directory [ 2705.988713][T19648] bridge0: port 2(bridge_slave_1) entered blocking state [ 2705.988796][T19648] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2705.989040][T19648] bridge0: port 1(bridge_slave_0) entered blocking state [ 2705.989131][T19648] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2706.046016][T19648] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2706.053679][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2706.055117][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 2706.055953][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 2706.057716][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2706.091836][T19648] 8021q: adding VLAN 0 to HW filter on device team0 [ 2706.110689][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2706.111058][T18488] bridge0: port 1(bridge_slave_0) entered blocking state [ 2706.111094][T18488] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2706.134540][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2706.135035][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 2706.135092][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2706.154462][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2706.155410][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2706.175752][T18488] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2706.181298][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2706.188199][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2706.196065][T19648] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2706.218744][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2706.218896][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2706.226349][T19648] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2706.485675][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2706.500298][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2706.501082][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2706.501640][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2706.505946][T19648] device veth0_vlan entered promiscuous mode [ 2706.512445][T19648] device veth1_vlan entered promiscuous mode [ 2706.532694][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 2706.534599][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 2706.535485][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2706.541541][T19648] device veth0_macvtap entered promiscuous mode [ 2706.546147][T19648] device veth1_macvtap entered promiscuous mode [ 2706.557350][T19648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2706.557370][T19648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2706.557380][T19648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2706.557393][T19648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2706.557406][T19648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2706.557420][T19648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2706.557433][T19648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2706.557448][T19648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2706.557458][T19648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2706.557472][T19648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2706.559264][T19648] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2706.559386][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2706.562103][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 2706.569138][T19648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2706.569158][T19648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2706.569167][T19648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2706.569181][T19648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2706.569195][T19648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2706.569209][T19648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2706.569221][T19648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2706.569236][T19648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2706.569246][T19648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2706.569260][T19648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2706.570828][T19648] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2706.577637][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 2706.577637][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 2706.627350][T19648] ieee80211 phy47: Selected rate control algorithm 'minstrel_ht' [ 2706.686931][T19648] ieee80211 phy48: Selected rate control algorithm 'minstrel_ht' [ 2706.693681][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2706.693699][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2706.715143][T17362] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2706.715163][T17362] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2706.726638][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 2706.727474][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2706.977598][T19669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2706.981433][T19669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2706.982862][T19669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2706.988882][T19669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2706.990055][T19669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2706.991114][T19669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2706.992196][T19669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2706.993636][T19669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2707.012056][T19669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2707.014336][T19669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2707.015680][T19669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2707.016847][ C0] ================================================================== [ 2707.016858][ C0] BUG: KASAN: use-after-free in ieee80211_scan_rx+0x850/0x860 [ 2707.017027][ C0] Read of size 4 at addr ffff88802145da2c by task ksoftirqd/0/15 [ 2707.017051][ C0] [ 2707.017058][ C0] CPU: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 5.19.0-rc1-syzkaller-00303-g7a68065eb9cd #0 [ 2707.017088][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2707.017104][ C0] Call Trace: [ 2707.017112][ C0] [ 2707.017121][ C0] dump_stack_lvl+0xcd/0x134 [ 2707.017155][ C0] print_address_description.constprop.0.cold+0xeb/0x467 [ 2707.017213][ C0] ? ieee80211_scan_rx+0x850/0x860 [ 2707.017247][ C0] kasan_report.cold+0xf4/0x1c6 [ 2707.017276][ C0] ? ieee80211_scan_rx+0x850/0x860 [ 2707.017307][ C0] ieee80211_scan_rx+0x850/0x860 [ 2707.017342][ C0] ieee80211_rx_list+0x1fff/0x2760 [ 2707.017396][ C0] ? ieee80211_prepare_and_rx_handle+0x5260/0x5260 [ 2707.017425][ C0] ? lock_release+0x780/0x780 [ 2707.017456][ C0] ? skb_dequeue+0x125/0x180 [ 2707.017484][ C0] ieee80211_rx_napi+0xdb/0x3d0 [ 2707.017507][ C0] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 2707.017537][ C0] ? ieee80211_rx_list+0x2760/0x2760 [ 2707.017560][ C0] ? lockdep_hardirqs_on+0x79/0x100 [ 2707.017583][ C0] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 2707.017609][ C0] ieee80211_tasklet_handler+0xd4/0x130 [ 2707.017634][ C0] tasklet_action_common.constprop.0+0x201/0x2e0 [ 2707.017709][ C0] __do_softirq+0x29b/0x9c2 [ 2707.017738][ C0] ? __irq_exit_rcu+0x180/0x180 [ 2707.017758][ C0] run_ksoftirqd+0x2d/0x60 [ 2707.017781][ C0] smpboot_thread_fn+0x645/0x9c0 [ 2707.017841][ C0] ? sort_range+0x30/0x30 [ 2707.017867][ C0] kthread+0x2e9/0x3a0 [ 2707.017887][ C0] ? kthread_complete_and_exit+0x40/0x40 [ 2707.017911][ C0] ret_from_fork+0x1f/0x30 [ 2707.017950][ C0] [ 2707.017958][ C0] [ 2707.017962][ C0] Allocated by task 19668: [ 2707.017974][ C0] kasan_save_stack+0x1e/0x40 [ 2707.018000][ C0] __kasan_kmalloc+0xa6/0xd0 [ 2707.018021][ C0] __kmalloc+0x209/0x4d0 [ 2707.018043][ C0] cfg80211_conn_scan+0x195/0x1000 [ 2707.018105][ C0] cfg80211_connect+0x15d0/0x2020 [ 2707.018131][ C0] nl80211_connect+0x1682/0x22e0 [ 2707.018172][ C0] genl_family_rcv_msg_doit+0x228/0x320 [ 2707.018197][ C0] genl_rcv_msg+0x328/0x580 [ 2707.018217][ C0] netlink_rcv_skb+0x153/0x420 [ 2707.018236][ C0] genl_rcv+0x24/0x40 [ 2707.018255][ C0] netlink_unicast+0x543/0x7f0 [ 2707.018275][ C0] netlink_sendmsg+0x917/0xe10 [ 2707.018294][ C0] sock_sendmsg+0xcf/0x120 [ 2707.018311][ C0] ____sys_sendmsg+0x6eb/0x810 [ 2707.018329][ C0] ___sys_sendmsg+0xf3/0x170 [ 2707.018349][ C0] __x64_sys_sendmsg+0x132/0x220 [ 2707.018370][ C0] do_syscall_64+0x35/0xb0 [ 2707.018396][ C0] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 2707.018421][ C0] [ 2707.018425][ C0] Freed by task 19646: [ 2707.018434][ C0] kasan_save_stack+0x1e/0x40 [ 2707.018456][ C0] kasan_set_track+0x21/0x30 [ 2707.018477][ C0] kasan_set_free_info+0x20/0x30 [ 2707.018501][ C0] ____kasan_slab_free+0x13d/0x180 [ 2707.018532][ C0] kfree+0x113/0x310 [ 2707.018551][ C0] ___cfg80211_scan_done+0x482/0x970 [ 2707.018574][ C0] __cfg80211_scan_done+0x2c/0x40 [ 2707.018596][ C0] process_one_work+0x996/0x1610 [ 2707.018618][ C0] worker_thread+0x665/0x1080 [ 2707.018639][ C0] kthread+0x2e9/0x3a0 [ 2707.018661][ C0] ret_from_fork+0x1f/0x30 [ 2707.018684][ C0] [ 2707.018688][ C0] Last potentially related work creation: [ 2707.018694][ C0] kasan_save_stack+0x1e/0x40 [ 2707.018716][ C0] __kasan_record_aux_stack+0x7e/0x90 [ 2707.018742][ C0] call_rcu+0x99/0x790 [ 2707.018780][ C0] fib_release_info+0x634/0x8d0 [ 2707.018815][ C0] fib_table_flush+0x4de/0x9b0 [ 2707.018850][ C0] fib_flush+0x91/0x120 [ 2707.018872][ C0] fib_netdev_event+0x3c1/0x680 [ 2707.018896][ C0] notifier_call_chain+0xb5/0x200 [ 2707.018918][ C0] call_netdevice_notifiers_info+0xb5/0x130 [ 2707.018947][ C0] dev_close_many+0x2ff/0x630 [ 2707.018969][ C0] unregister_netdevice_many+0x3ff/0x1890 [ 2707.018995][ C0] ip_tunnel_delete_nets+0x39f/0x5b0 [ 2707.019019][ C0] ops_exit_list+0x125/0x170 [ 2707.019041][ C0] cleanup_net+0x4ea/0xb00 [ 2707.019063][ C0] process_one_work+0x996/0x1610 [ 2707.019083][ C0] worker_thread+0x665/0x1080 [ 2707.019102][ C0] kthread+0x2e9/0x3a0 [ 2707.019118][ C0] ret_from_fork+0x1f/0x30 [ 2707.019139][ C0] [ 2707.019142][ C0] Second to last potentially related work creation: [ 2707.019149][ C0] kasan_save_stack+0x1e/0x40 [ 2707.019171][ C0] __kasan_record_aux_stack+0x7e/0x90 [ 2707.019196][ C0] kvfree_call_rcu+0x74/0x990 [ 2707.019215][ C0] ip_ma_put+0x112/0x170 [ 2707.019235][ C0] __ip_mc_dec_group+0x426/0x510 [ 2707.019256][ C0] inetdev_event+0x923/0x15d0 [ 2707.019275][ C0] notifier_call_chain+0xb5/0x200 [ 2707.019295][ C0] call_netdevice_notifiers_info+0xb5/0x130 [ 2707.019317][ C0] dev_close_many+0x2ff/0x630 [ 2707.019338][ C0] unregister_netdevice_many+0x3ff/0x1890 [ 2707.019362][ C0] ip6_tnl_exit_batch_net+0x5f5/0x890 [ 2707.019431][ C0] ops_exit_list+0x125/0x170 [ 2707.019455][ C0] cleanup_net+0x4ea/0xb00 [ 2707.019477][ C0] process_one_work+0x996/0x1610 [ 2707.019498][ C0] worker_thread+0x665/0x1080 [ 2707.019518][ C0] kthread+0x2e9/0x3a0 [ 2707.019535][ C0] ret_from_fork+0x1f/0x30 [ 2707.019557][ C0] [ 2707.019561][ C0] The buggy address belongs to the object at ffff88802145da00 [ 2707.019561][ C0] which belongs to the cache kmalloc-256 of size 256 [ 2707.019580][ C0] The buggy address is located 44 bytes inside of [ 2707.019580][ C0] 256-byte region [ffff88802145da00, ffff88802145db00) [ 2707.019601][ C0] [ 2707.019611][ C0] The buggy address belongs to the physical page: [ 2707.019621][ C0] page:ffffea0000851740 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2145d [ 2707.019645][ C0] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 2707.019688][ C0] raw: 00fff00000000200 ffffea0001ed1dc8 ffffea0001c73cc8 ffff888011840500 [ 2707.019710][ C0] raw: 0000000000000000 ffff88802145d000 0000000100000008 0000000000000000 [ 2707.019722][ C0] page dumped because: kasan: bad access detected [ 2707.019732][ C0] page_owner tracks the page as allocated [ 2707.019738][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 3644, tgid 3644 (syz-executor.0), ts 127611864757, free_ts 127411745454 [ 2707.019777][ C0] get_page_from_freelist+0x1290/0x3b70 [ 2707.019804][ C0] __alloc_pages+0x1c7/0x510 [ 2707.019822][ C0] cache_grow_begin+0x75/0x350 [ 2707.019842][ C0] cache_alloc_refill+0x27f/0x380 [ 2707.019863][ C0] __kmalloc+0x3b3/0x4d0 [ 2707.019882][ C0] fib_create_info+0xdbe/0x4ac0 [ 2707.019906][ C0] fib_table_insert+0x19a/0x1bd0 [ 2707.019931][ C0] fib_magic+0x455/0x540 [ 2707.019951][ C0] fib_add_ifaddr+0x16b/0x540 [ 2707.019973][ C0] fib_inetaddr_event+0x162/0x2a0 [ 2707.019996][ C0] notifier_call_chain+0xb5/0x200 [ 2707.020017][ C0] blocking_notifier_call_chain+0x67/0x90 [ 2707.020039][ C0] __inet_insert_ifa+0x919/0xbd0 [ 2707.020057][ C0] inet_rtm_newaddr+0x54d/0x980 [ 2707.020076][ C0] rtnetlink_rcv_msg+0x43a/0xc90 [ 2707.020146][ C0] netlink_rcv_skb+0x153/0x420 [ 2707.020167][ C0] page last free stack trace: [ 2707.020173][ C0] free_pcp_prepare+0x549/0xd20 [ 2707.020223][ C0] free_unref_page+0x19/0x6a0 [ 2707.020243][ C0] slabs_destroy+0x89/0xc0 [ 2707.020265][ C0] ___cache_free+0x34e/0x670 [ 2707.020287][ C0] qlist_free_all+0x4f/0x1b0 [ 2707.020305][ C0] kasan_quarantine_reduce+0x180/0x200 [ 2707.020326][ C0] __kasan_slab_alloc+0x97/0xb0 [ 2707.020350][ C0] kmem_cache_alloc_node+0x2ea/0x590 [ 2707.020372][ C0] __alloc_skb+0x215/0x340 [ 2707.020390][ C0] netlink_sendmsg+0x9a2/0xe10 [ 2707.020409][ C0] sock_sendmsg+0xcf/0x120 [ 2707.020426][ C0] __sys_sendto+0x21a/0x320 [ 2707.020444][ C0] __x64_sys_sendto+0xdd/0x1b0 [ 2707.020464][ C0] do_syscall_64+0x35/0xb0 [ 2707.020489][ C0] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 2707.020514][ C0] [ 2707.020518][ C0] Memory state around the buggy address: [ 2707.020527][ C0] ffff88802145d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2707.020542][ C0] ffff88802145d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2707.020557][ C0] >ffff88802145da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2707.020568][ C0] ^ [ 2707.020578][ C0] ffff88802145da80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2707.020592][ C0] ffff88802145db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2707.020604][ C0] ================================================================== [ 2707.020670][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 2707.020686][ C0] CPU: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 5.19.0-rc1-syzkaller-00303-g7a68065eb9cd #0 [ 2707.020715][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2707.020730][ C0] Call Trace: [ 2707.020737][ C0] [ 2707.020745][ C0] dump_stack_lvl+0xcd/0x134 [ 2707.020771][ C0] panic+0x2d7/0x636 [ 2707.020803][ C0] ? panic_print_sys_info.part.0+0x10b/0x10b [ 2707.020829][ C0] ? asm_sysvec_call_function_single+0x1b/0x20 [ 2707.020861][ C0] ? ieee80211_scan_rx+0x850/0x860 [ 2707.020889][ C0] end_report.part.0+0x3f/0x7c [ 2707.020911][ C0] kasan_report.cold+0x93/0x1c6 [ 2707.020934][ C0] ? ieee80211_scan_rx+0x850/0x860 [ 2707.020961][ C0] ieee80211_scan_rx+0x850/0x860 [ 2707.020989][ C0] ieee80211_rx_list+0x1fff/0x2760 [ 2707.021014][ C0] ? ieee80211_prepare_and_rx_handle+0x5260/0x5260 [ 2707.021041][ C0] ? lock_release+0x780/0x780 [ 2707.021068][ C0] ? skb_dequeue+0x125/0x180 [ 2707.021089][ C0] ieee80211_rx_napi+0xdb/0x3d0 [ 2707.021112][ C0] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 2707.021138][ C0] ? ieee80211_rx_list+0x2760/0x2760 [ 2707.021163][ C0] ? lockdep_hardirqs_on+0x79/0x100 [ 2707.021186][ C0] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 2707.021212][ C0] ieee80211_tasklet_handler+0xd4/0x130 [ 2707.021237][ C0] tasklet_action_common.constprop.0+0x201/0x2e0 [ 2707.021263][ C0] __do_softirq+0x29b/0x9c2 [ 2707.021293][ C0] ? __irq_exit_rcu+0x180/0x180 [ 2707.021315][ C0] run_ksoftirqd+0x2d/0x60 [ 2707.021336][ C0] smpboot_thread_fn+0x645/0x9c0 [ 2707.021364][ C0] ? sort_range+0x30/0x30 [ 2707.021390][ C0] kthread+0x2e9/0x3a0 [ 2707.021410][ C0] ? kthread_complete_and_exit+0x40/0x40 [ 2707.021434][ C0] ret_from_fork+0x1f/0x30 [ 2707.021461][ C0] [ 2707.021637][ C0] Kernel Offset: disabled