# https://syzkaller.appspot.com/bug?id=b97ec15bfe317ac1ddccb41f2a913d4f7a31c6d7
# See https://goo.gl/kgGztJ for information about syzkaller reproducers.
#{"repeat":true,"procs":6,"slowdown":1,"sandbox":"none","sandbox_arg":0,"tun":true,"netdev":true,"resetnet":true,"cgroups":true,"binfmt_misc":true,"close_fds":true,"usb":true,"vhci":true,"wifi":true,"ieee802154":true,"sysctl":true,"swap":true,"tmpdir":true,"segv":true,"callcomments":true}
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x20000, 0x0) (async)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="04038eaa"], 0xd) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)={0x80040}, 0x18) (async)
r2 = socket$packet(0x11, 0x3, 0x300) (async)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000380)={&(0x7f0000000740)={0x180, r3, 0x20, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_TX_RATES={0x16c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x34, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0xfd, 0x3, 0x6, 0xffff, 0x1, 0xfff8, 0x5]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_LEGACY={0x14, 0x1, [0x30, 0x5a, 0x1, 0x6, 0xc, 0x6, 0x1b, 0xb, 0x5, 0x30, 0x5, 0x2, 0x6, 0x2, 0x53, 0x36]}]}, @NL80211_BAND_2GHZ={0x18, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x4e, 0x100, 0x40, 0x2, 0xa03, 0xb, 0x1]}}]}, @NL80211_BAND_5GHZ={0x4c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0x8, 0x1, [0x12, 0xc, 0x24, 0xc]}, @NL80211_TXRATE_LEGACY={0x22, 0x1, [0x4, 0x12, 0x2, 0xb, 0x6, 0x1, 0x36, 0x4, 0x60, 0x6c, 0x36, 0x9, 0x16, 0x6c, 0x0, 0x5, 0x3, 0x2, 0x60, 0x6c, 0x18, 0x12, 0x3, 0x60, 0x3, 0x7a, 0x2, 0x9, 0x0, 0x24]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xda62, 0x9, 0x3, 0x75, 0x101, 0x8001, 0x9, 0x7ff]}}]}, @NL80211_BAND_6GHZ={0x84, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x3d, 0x2, [{0x0, 0x8}, {0x4, 0x6}, {0x4, 0x2}, {0x1, 0x8}, {0x3, 0x6}, {0x4, 0x9}, {0x6, 0x3}, {0x0, 0x8}, {0x4, 0xa}, {0x6, 0x9}, {0x5, 0xa}, {0x2, 0x9}, {0x4, 0x9}, {0x7}, {0x7, 0x7}, {0x1, 0x6}, {0x7, 0x4}, {0x0, 0x4}, {0x2}, {0x5, 0xa}, {0x0, 0x9}, {0x1, 0x6}, {0x7, 0x5}, {0x5}, {0x1}, {0x1, 0x9}, {0x1, 0x2}, {0x1, 0x7}, {0x6, 0x7}, {0x0, 0x2}, {0x5}, {0x2, 0x3}, {0x1, 0x2}, {0x6, 0x7}, {0x2}, {0x3, 0x8}, {0x4, 0x1}, {0x0, 0x5}, {0x4, 0x5}, {0x3, 0x4}, {0x4, 0x6}, {0x4, 0x4}, {0x1, 0x4}, {0x0, 0x9}, {0x7, 0x8}, {0x5, 0x7}, {0x2, 0x8}, {0x0, 0x2}, {0x3, 0x3}, {0x3, 0x4}, {0x3, 0x7}, {0x5, 0x5}, {0x5, 0x1}, {0x4, 0xa}, {0x4, 0x3}, {0x2, 0x7}, {0x6, 0x6}]}, @NL80211_TXRATE_LEGACY={0x23, 0x1, [0x4, 0x1b, 0x24, 0x6, 0x14, 0x9, 0x30, 0x3, 0x5, 0x16, 0x36, 0x2, 0x5, 0x1b, 0x30, 0x4, 0x36, 0x9, 0x15, 0x6c, 0x18, 0x3, 0x5, 0x48, 0x36, 0x48, 0x4, 0x3, 0x1b, 0x1b, 0x24]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x9, 0x7fff, 0x9, 0x0, 0x1, 0x4, 0x4]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_60GHZ={0x4c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x0, 0x640, 0x3c, 0x8, 0x9, 0x21, 0x6]}}, @NL80211_TXRATE_LEGACY={0x13, 0x1, [0x24, 0x30, 0xc, 0x30, 0x12, 0x12, 0x12, 0x1, 0x2, 0x24, 0x16, 0xc, 0x2, 0xb, 0x60]}, @NL80211_TXRATE_HT={0x16, 0x2, [{0x3, 0x1}, {0x4, 0x5}, {0x1, 0x5}, {0x5, 0x5}, {0x4, 0x8}, {0x2, 0x1}, {0x7, 0x7}, {0x6, 0x1}, {}, {0x6, 0x9}, {0x0, 0x5}, {0x7, 0x4}, {0x0, 0x4}, {0x4, 0x7}, {0x3, 0x2}, {0x1}, {0x1, 0x4}, {0x5}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}]}]}, 0x180}, 0x1, 0x0, 0x0, 0x20008800}, 0x8000) (async)
sendmmsg(r2, &(0x7f0000005740)=[{{&(0x7f00000000c0)=@qipcrtr={0x2a, 0x8}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1}}], 0x1, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="05002dbd700000000000060000000a00e800ff73ffffffff0000280017800400040004004100040004001edcd3b4040006000400040004000100040004000400050008001780040001000800178004000200"], 0x58}, 0x1, 0x0, 0x0, 0x5}, 0x4000800)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4) (async)
bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) (async)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
sendto$inet6(r4, 0x0, 0x0, 0x20004011, &(0x7f0000000180)={0xa, 0x4e20, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8001}, 0x1c)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
ioprio_get$pid(0x2, 0x0) (async)
socket$unix(0x1, 0x2, 0x0) (async)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r6, 0xc0045627, &(0x7f0000000100)=0x3) (async)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r6, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x63c, 0x1, 0x2, 0xd59f83, 0x19f2, 0x3f, 0x19ef, 0x3, 0x4, 0x2800, 0x2800, 0x2, 0xba2, 0x0, 0x38, {0x8, 0xffffffff}, 0xd1, 0x9}}) (async)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x9006}, 0x4) (async)