program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x54, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x60}, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}]}]]}, 0x54}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r7, &(0x7f0000000640)="000a18000600600009eb5500000b000100aa34745a1945da08e815b218b175e62e90d9c5596d3ef4ddaae57cdcf90884", 0x30, 0x4000000, &(0x7f0000000380)={0x11, 0xe56930649afa540, r6, 0x1, 0xd8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x14)

[   84.620096][ T5287] Bluetooth: hci0: command tx timeout
[   84.692233][ T5327] ------------[ cut here ]------------
[   84.694746][ T5327] hwsim_get_chanwidth(bw) > hwsim_get_chanwidth(confbw)
[   84.694755][ T5327] WARNING: drivers/net/wireless/virtual/mac80211_hwsim_main.c:2248 at mac80211_hwsim_tx+0x1ab4/0x2500, CPU#0: syz.0.0/5327
[   84.704220][ T5327] Modules linked in:
[   84.706192][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   84.710496][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   84.715297][ T5327] RIP: 0010:mac80211_hwsim_tx+0x1ab4/0x2500
[   84.717721][ T5327] Code: c6 05 b8 a0 09 09 01 48 c7 c7 60 1a 7a 8c be 6b 08 00 00 48 c7 c2 a0 1b 7a 8c e8 f7 2e 90 fa e9 ff ee ff ff e8 2d 45 b4 fa 90 <0f> 0b 90 49 bc 00 00 00 00 00 fc ff df e9 dd fe ff ff e8 15 45 b4
[   84.726502][ T5327] RSP: 0018:ffffc90003d9f040 EFLAGS: 00010287
[   84.729119][ T5327] RAX: ffffffff8711ec63 RBX: 0000000000000000 RCX: 0000000000100000
[   84.732512][ T5327] RDX: ffffc90020001000 RSI: 000000000000021c RDI: 000000000000021d
[   84.736134][ T5327] RBP: ffffc90003d9f1d0 R08: ffff888000a88000 R09: 000000000000000e
[   84.740241][ T5327] R10: 000000000000000d R11: 0000000000000002 R12: 0000000000000014
[   84.743851][ T5327] R13: ffff8880127cb530 R14: 00000000000000a0 R15: 0000000000000030
[   84.747414][ T5327] FS:  00007f4e663976c0(0000) GS:ffff88808c852000(0000) knlGS:0000000000000000
[   84.751760][ T5327] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.754766][ T5327] CR2: 0000200000002280 CR3: 0000000012c67000 CR4: 0000000000352ef0
[   84.757727][ T5327] Call Trace:
[   84.758975][ T5327]  <TASK>
[   84.760168][ T5327]  ? rcu_is_watching+0x15/0xb0
[   84.762264][ T5327]  ? lock_release+0x4b/0x3c0
[   84.764309][ T5327]  ? lock_release+0x4b/0x3c0
[   84.767143][ T5327]  ? do_raw_spin_lock+0x12b/0x2f0
[   84.770046][ T5327]  ? __pfx_mac80211_hwsim_tx+0x10/0x10
[   84.772796][ T5327]  ? rcu_is_watching+0x15/0xb0
[   84.775154][ T5327]  ? rcu_is_watching+0x15/0xb0
[   84.777560][ T5327]  ieee80211_tx_frags+0x3df/0x890
[   84.781831][ T5327]  ? __pfx_ieee80211_tx_frags+0x10/0x10
[   84.784862][ T5327]  __ieee80211_tx+0x267/0x580
[   84.787075][ T5327]  ieee80211_tx+0x312/0x4b0
[   84.789015][ T5327]  ? __pfx_ieee80211_tx+0x10/0x10
[   84.791177][ T5327]  ? ieee80211_xmit+0x2e5/0x3c0
[   84.793351][ T5327]  ieee80211_monitor_start_xmit+0xb33/0x1280
[   84.796411][ T5327]  ? ieee80211_monitor_start_xmit+0x5ea/0x1280
[   84.799516][ T5327]  ? __pfx_ieee80211_monitor_start_xmit+0x10/0x10
[   84.802606][ T5327]  dev_hard_start_xmit+0x2cd/0x830
[   84.804864][ T5327]  __dev_queue_xmit+0x1435/0x37f0
[   84.806994][ T5327]  ? lock_acquire+0x5f/0x350
[   84.808982][ T5327]  ? lock_release+0x4b/0x3c0
[   84.811234][ T5327]  ? __dev_queue_xmit+0x29b/0x37f0
[   84.813664][ T5327]  ? __might_fault+0xcb/0x130
[   84.815838][ T5327]  ? _copy_from_iter+0x21b/0x1660
[   84.818159][ T5327]  ? skb_set_owner_w+0x263/0x3d0
[   84.820360][ T5327]  ? __pfx___dev_queue_xmit+0x10/0x10
[   84.822886][ T5327]  ? __pfx__copy_from_iter+0x10/0x10
[   84.825517][ T5327]  ? packet_parse_headers+0x4c5/0x7a0
[   84.827895][ T5327]  ? packet_parse_headers+0x571/0x7a0
[   84.830285][ T5327]  ? __pfx_packet_parse_headers+0x10/0x10
[   84.832762][ T5327]  ? packet_xmit+0x68/0x330
[   84.834806][ T5327]  ? skb_put+0x112/0x210
[   84.836853][ T5327]  packet_sendmsg+0x3d95/0x5040
[   84.839362][ T5327]  ? futex_unqueue+0x22/0x240
[   84.841651][ T5327]  ? __pfx_aa_label_sk_perm+0x10/0x10
[   84.843997][ T5327]  ? futex_unqueue+0x211/0x240
[   84.846021][ T5327]  ? __pfx___futex_wait+0x10/0x10
[   84.848136][ T5327]  ? __pfx_futex_wake_mark+0x10/0x10
[   84.850667][ T5327]  ? __futex_hash+0x416/0x750
[   84.852993][ T5327]  ? __pfx_packet_sendmsg+0x10/0x10
[   84.855640][ T5327]  ? aa_sk_perm+0x6d5/0x900
[   84.857740][ T5327]  ? lock_acquire+0x5f/0x350
[   84.859974][ T5327]  ? __pfx_aa_sk_perm+0x10/0x10
[   84.862104][ T5327]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[   84.864822][ T5327]  ? lock_release+0x4b/0x3c0
[   84.867202][ T5327]  ? __might_fault+0xaf/0x130
[   84.869740][ T5327]  ? aa_sock_msg_perm+0xf1/0x1b0
[   84.872232][ T5327]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   84.874485][ T5327]  ? __pfx_packet_sendmsg+0x10/0x10
[   84.876659][ T5327]  __sys_sendto+0x626/0x6c0
[   84.878566][ T5327]  ? __pfx___sys_sendto+0x10/0x10
[   84.880959][ T5327]  ? rcu_is_watching+0x15/0xb0
[   84.883445][ T5327]  __x64_sys_sendto+0xde/0x100
[   84.885787][ T5327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.888411][ T5327]  do_syscall_64+0x174/0x580
[   84.890534][ T5327]  ? trace_irq_disable+0x3b/0x140
[   84.892542][ T5327]  ? clear_bhb_loop+0x40/0x90
[   84.894676][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.898030][ T5327] RIP: 0033:0x7f4e6559ce59
[   84.900546][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   84.908901][ T5327] RSP: 002b:00007f4e66396fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   84.913570][ T5327] RAX: ffffffffffffffda RBX: 00007f4e65815fa0 RCX: 00007f4e6559ce59
[   84.916979][ T5327] RDX: 0000000000000030 RSI: 0000200000000640 RDI: 0000000000000007
[   84.920532][ T5327] RBP: 00007f4e65632e6f R08: 0000200000000380 R09: 0000000000000014
[   84.924569][ T5327] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000000
[   84.928218][ T5327] R13: 00007f4e65816038 R14: 00007f4e65815fa0 R15: 00007ffd791d2f18
[   84.931856][ T5327]  </TASK>
[   84.933350][ T5327] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   84.936532][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   84.940596][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   84.945465][ T5327] Call Trace:
[   84.947083][ T5327]  <TASK>
[   84.948457][ T5327]  vpanic+0x56c/0xa60
[   84.950159][ T5327]  ? __pfx__printk+0x10/0x10
[   84.952197][ T5327]  ? __pfx_vpanic+0x10/0x10
[   84.954188][ T5327]  ? is_bpf_text_address+0x292/0x2b0
[   84.956710][ T5327]  ? is_bpf_text_address+0x26/0x2b0
[   84.958963][ T5327]  panic+0xc5/0xd0
[   84.960496][ T5327]  ? __pfx_panic+0x10/0x10
[   84.962206][ T5327]  __warn+0x315/0x4c0
[   84.963914][ T5327]  ? mac80211_hwsim_tx+0x1ab4/0x2500
[   84.966536][ T5327]  ? mac80211_hwsim_tx+0x1ab4/0x2500
[   84.969033][ T5327]  __report_bug+0x331/0x530
[   84.971294][ T5327]  ? mac80211_hwsim_tx+0x1ab4/0x2500
[   84.973458][ T5327]  ? __pfx___report_bug+0x10/0x10
[   84.975627][ T5327]  ? ieee80211_encrypt_tx_skb+0x2fc/0x3f0
[   84.978322][ T5327]  ? __pfx___skb_flow_dissect+0x10/0x10
[   84.980956][ T5327]  ? mac80211_hwsim_tx+0x1ab4/0x2500
[   84.983438][ T5327]  report_bug+0x16a/0x220
[   84.985364][ T5327]  ? mac80211_hwsim_tx+0x1ab4/0x2500
[   84.987662][ T5327]  ? mac80211_hwsim_tx+0x1ab6/0x2500
[   84.990124][ T5327]  handle_bug+0x9c/0x200
[   84.992079][ T5327]  exc_invalid_op+0x1a/0x50
[   84.993999][ T5327]  asm_exc_invalid_op+0x1a/0x20
[   84.996052][ T5327] RIP: 0010:mac80211_hwsim_tx+0x1ab4/0x2500
[   84.998834][ T5327] Code: c6 05 b8 a0 09 09 01 48 c7 c7 60 1a 7a 8c be 6b 08 00 00 48 c7 c2 a0 1b 7a 8c e8 f7 2e 90 fa e9 ff ee ff ff e8 2d 45 b4 fa 90 <0f> 0b 90 49 bc 00 00 00 00 00 fc ff df e9 dd fe ff ff e8 15 45 b4
[   85.007620][ T5327] RSP: 0018:ffffc90003d9f040 EFLAGS: 00010287
[   85.010547][ T5327] RAX: ffffffff8711ec63 RBX: 0000000000000000 RCX: 0000000000100000
[   85.014600][ T5327] RDX: ffffc90020001000 RSI: 000000000000021c RDI: 000000000000021d
[   85.018073][ T5327] RBP: ffffc90003d9f1d0 R08: ffff888000a88000 R09: 000000000000000e
[   85.021443][ T5327] R10: 000000000000000d R11: 0000000000000002 R12: 0000000000000014
[   85.025055][ T5327] R13: ffff8880127cb530 R14: 00000000000000a0 R15: 0000000000000030
[   85.028890][ T5327]  ? mac80211_hwsim_tx+0x1ab3/0x2500
[   85.031194][ T5327]  ? rcu_is_watching+0x15/0xb0
[   85.033257][ T5327]  ? lock_release+0x4b/0x3c0
[   85.035660][ T5327]  ? lock_release+0x4b/0x3c0
[   85.037869][ T5327]  ? do_raw_spin_lock+0x12b/0x2f0
[   85.040108][ T5327]  ? __pfx_mac80211_hwsim_tx+0x10/0x10
[   85.042414][ T5327]  ? rcu_is_watching+0x15/0xb0
[   85.044489][ T5327]  ? rcu_is_watching+0x15/0xb0
[   85.046617][ T5327]  ieee80211_tx_frags+0x3df/0x890
[   85.049091][ T5327]  ? __pfx_ieee80211_tx_frags+0x10/0x10
[   85.052139][ T5327]  __ieee80211_tx+0x267/0x580
[   85.054217][ T5327]  ieee80211_tx+0x312/0x4b0
[   85.056191][ T5327]  ? __pfx_ieee80211_tx+0x10/0x10
[   85.058377][ T5327]  ? ieee80211_xmit+0x2e5/0x3c0
[   85.060445][ T5327]  ieee80211_monitor_start_xmit+0xb33/0x1280
[   85.063130][ T5327]  ? ieee80211_monitor_start_xmit+0x5ea/0x1280
[   85.066303][ T5327]  ? __pfx_ieee80211_monitor_start_xmit+0x10/0x10
[   85.069268][ T5327]  dev_hard_start_xmit+0x2cd/0x830
[   85.071396][ T5327]  __dev_queue_xmit+0x1435/0x37f0
[   85.073487][ T5327]  ? lock_acquire+0x5f/0x350
[   85.075654][ T5327]  ? lock_release+0x4b/0x3c0
[   85.078055][ T5327]  ? __dev_queue_xmit+0x29b/0x37f0
[   85.080593][ T5327]  ? __might_fault+0xcb/0x130
[   85.082797][ T5327]  ? _copy_from_iter+0x21b/0x1660
[   85.084915][ T5327]  ? skb_set_owner_w+0x263/0x3d0
[   85.087285][ T5327]  ? __pfx___dev_queue_xmit+0x10/0x10
[   85.089683][ T5327]  ? __pfx__copy_from_iter+0x10/0x10
[   85.092558][ T5327]  ? packet_parse_headers+0x4c5/0x7a0
[   85.094993][ T5327]  ? packet_parse_headers+0x571/0x7a0
[   85.097264][ T5327]  ? __pfx_packet_parse_headers+0x10/0x10
[   85.099517][ T5327]  ? packet_xmit+0x68/0x330
[   85.101474][ T5327]  ? skb_put+0x112/0x210
[   85.103488][ T5327]  packet_sendmsg+0x3d95/0x5040
[   85.106014][ T5327]  ? futex_unqueue+0x22/0x240
[   85.108289][ T5327]  ? __pfx_aa_label_sk_perm+0x10/0x10
[   85.110375][ T5327]  ? futex_unqueue+0x211/0x240
[   85.112328][ T5327]  ? __pfx___futex_wait+0x10/0x10
[   85.114492][ T5327]  ? __pfx_futex_wake_mark+0x10/0x10
[   85.116832][ T5327]  ? __futex_hash+0x416/0x750
[   85.119319][ T5327]  ? __pfx_packet_sendmsg+0x10/0x10
[   85.121858][ T5327]  ? aa_sk_perm+0x6d5/0x900
[   85.124030][ T5327]  ? lock_acquire+0x5f/0x350
[   85.125991][ T5327]  ? __pfx_aa_sk_perm+0x10/0x10
[   85.127999][ T5327]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[   85.130644][ T5327]  ? lock_release+0x4b/0x3c0
[   85.132796][ T5327]  ? __might_fault+0xaf/0x130
[   85.135246][ T5327]  ? aa_sock_msg_perm+0xf1/0x1b0
[   85.137499][ T5327]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   85.139746][ T5327]  ? __pfx_packet_sendmsg+0x10/0x10
[   85.141961][ T5327]  __sys_sendto+0x626/0x6c0
[   85.144021][ T5327]  ? __pfx___sys_sendto+0x10/0x10
[   85.146552][ T5327]  ? rcu_is_watching+0x15/0xb0
[   85.149052][ T5327]  __x64_sys_sendto+0xde/0x100
[   85.151465][ T5327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.154028][ T5327]  do_syscall_64+0x174/0x580
[   85.156028][ T5327]  ? trace_irq_disable+0x3b/0x140
[   85.158290][ T5327]  ? clear_bhb_loop+0x40/0x90
[   85.160450][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.163227][ T5327] RIP: 0033:0x7f4e6559ce59
[   85.165243][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.173861][ T5327] RSP: 002b:00007f4e66396fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   85.177512][ T5327] RAX: ffffffffffffffda RBX: 00007f4e65815fa0 RCX: 00007f4e6559ce59
[   85.181094][ T5327] RDX: 0000000000000030 RSI: 0000200000000640 RDI: 0000000000000007
[   85.184597][ T5327] RBP: 00007f4e65632e6f R08: 0000200000000380 R09: 0000000000000014
[   85.188107][ T5327] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000000
[   85.191650][ T5327] R13: 00007f4e65816038 R14: 00007f4e65815fa0 R15: 00007ffd791d2f18
[   85.195412][ T5327]  </TASK>
[   85.197343][ T5327] Kernel Offset: disabled
[   85.199280][ T5327] Rebooting in 86400 seconds..