program:
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000000c0)={'syztnl2\x00', &(0x7f0000000040)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0xf, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x0, 0x0, @private, @local, {[@end, @timestamp_addr={0x44, 0x24, 0x0, 0x1, 0x0, [{@multicast1}, {@loopback}, {@remote}, {@initdev={0xac, 0x1e, 0x0, 0x0}}]}]}}}}})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$sock_proto_private(r0, 0x8b20, &(0x7f0000000080))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x68, r2, 0x5, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x2c, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @val={0x6, 0x2, 0x800}, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x68}}, 0x20000014)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r4=>0xffffffffffffffff})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r5, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000040)={0x40, r6, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x5, 0x13, [{0x16, 0x1}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

[   75.471541][ T5315] Bluetooth: hci0: command tx timeout
[   75.559585][ T5337] warning: `syz.0.0' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   75.659512][ T5337] ------------[ cut here ]------------
[   75.662547][ T5337] intf 08:02:11:00:00:00 [link=0]: bad STA 08:02:11:00:00:01 bandwidth 20 MHz (0) > channel config 5 MHz (6)
[   75.667792][ T5337] WARNING: drivers/net/wireless/virtual/mac80211_hwsim.c:2696 at mac80211_hwsim_sta_rc_update+0x696/0x860, CPU#0: syz.0.0/5337
[   75.674263][ T5337] Modules linked in:
[   75.676165][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.680692][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.685635][ T5337] RIP: 0010:mac80211_hwsim_sta_rc_update+0x6f4/0x860
[   75.688663][ T5337] Code: 85 d2 00 00 00 45 8b 36 44 89 f7 e8 a6 20 00 00 48 8b 7c 24 28 48 8b 74 24 30 89 ea 48 8b 4c 24 10 41 89 d8 45 89 f9 41 56 50 <67> 48 0f b9 3a 48 83 c4 10 e9 08 ff ff ff e8 f9 f5 ef fa 90 0f 0b
[   75.697635][ T5337] RSP: 0018:ffffc9000ae2eec0 EFLAGS: 00010283
[   75.700421][ T5337] RAX: 0000000000000005 RBX: 0000000000000014 RCX: ffff888042234ec0
[   75.703836][ T5337] RDX: 0000000000000000 RSI: ffff888011516fd2 RDI: ffffffff8f8eda40
[   75.707453][ T5337] RBP: 0000000000000000 R08: 0000000000000014 R09: 0000000000000000
[   75.710904][ T5337] R10: 000000000000000d R11: 0000000000000002 R12: 0000000000000000
[   75.714620][ T5337] R13: dffffc0000000000 R14: 0000000000000006 R15: 0000000000000000
[   75.718368][ T5337] FS:  00007f8e60b406c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000
[   75.722465][ T5337] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.725429][ T5337] CR2: 0000200000001080 CR3: 0000000043e21000 CR4: 0000000000352ef0
[   75.728991][ T5337] Call Trace:
[   75.730229][ T5337]  <TASK>
[   75.731386][ T5337]  ? mac80211_hwsim_sta_rc_update+0x73/0x860
[   75.733700][ T5337]  mac80211_hwsim_sta_add+0xa4/0x350
[   75.735964][ T5337]  drv_sta_state+0x86a/0x1770
[   75.737880][ T5337]  sta_info_insert_rcu+0x1712/0x2760
[   75.739560][ T5337]  ? sta_info_insert_rcu+0x2d2/0x2760
[   75.741386][ T5337]  ? ieee80211_add_station+0x4f1/0x6a0
[   75.743588][ T5337]  sta_info_insert+0x16/0xc0
[   75.745550][ T5337]  rdev_add_station+0xfc/0x270
[   75.747776][ T5337]  nl80211_new_station+0x1755/0x1b70
[   75.750135][ T5337]  ? __pfx_nl80211_new_station+0x10/0x10
[   75.752545][ T5337]  ? netdev_run_todo+0xe1b/0xea0
[   75.754640][ T5337]  ? nl80211_pre_doit+0x4f1/0x930
[   75.756767][ T5337]  genl_family_rcv_msg_doit+0x215/0x300
[   75.759344][ T5337]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   75.761986][ T5337]  ? bpf_lsm_capable+0x9/0x20
[   75.764096][ T5337]  ? security_capable+0x7e/0x2e0
[   75.766337][ T5337]  genl_rcv_msg+0x60e/0x790
[   75.768385][ T5337]  ? __pfx_genl_rcv_msg+0x10/0x10
[   75.770612][ T5337]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   75.773140][ T5337]  ? __pfx_nl80211_new_station+0x10/0x10
[   75.775530][ T5337]  ? __pfx_nl80211_post_doit+0x10/0x10
[   75.777943][ T5337]  ? __asan_memcpy+0x40/0x70
[   75.780129][ T5337]  ? __pfx_ref_tracker_free+0x10/0x10
[   75.782842][ T5337]  ? __skb_clone+0x63/0x7a0
[   75.785032][ T5337]  netlink_rcv_skb+0x208/0x470
[   75.787097][ T5337]  ? __pfx_genl_rcv_msg+0x10/0x10
[   75.789113][ T5337]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   75.791600][ T5337]  ? genl_rcv+0x19/0x40
[   75.793399][ T5337]  ? down_read+0x274/0x2e0
[   75.795268][ T5337]  ? genl_rcv+0xd/0x40
[   75.796897][ T5337]  genl_rcv+0x28/0x40
[   75.798569][ T5337]  netlink_unicast+0x82f/0x9e0
[   75.800542][ T5337]  ? __pfx_netlink_unicast+0x10/0x10
[   75.802742][ T5337]  ? __alloc_skb+0x198/0x3a0
[   75.804571][ T5337]  ? netlink_sendmsg+0x642/0xb30
[   75.806582][ T5337]  ? skb_put+0x11b/0x210
[   75.808328][ T5337]  netlink_sendmsg+0x805/0xb30
[   75.810261][ T5337]  ? __pfx_netlink_sendmsg+0x10/0x10
[   75.812610][ T5337]  ? aa_sock_msg_perm+0xf1/0x1b0
[   75.814682][ T5337]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   75.816907][ T5337]  ? __pfx_netlink_sendmsg+0x10/0x10
[   75.818956][ T5337]  __sock_sendmsg+0x21c/0x270
[   75.820643][ T5337]  ____sys_sendmsg+0x505/0x820
[   75.822645][ T5337]  ? __pfx_____sys_sendmsg+0x10/0x10
[   75.824832][ T5337]  ? import_iovec+0x74/0xa0
[   75.826621][ T5337]  ___sys_sendmsg+0x21f/0x2a0
[   75.828610][ T5337]  ? __pfx____sys_sendmsg+0x10/0x10
[   75.830895][ T5337]  ? futex_wait+0x285/0x360
[   75.832992][ T5337]  ? __fget_files+0x2a/0x420
[   75.834941][ T5337]  ? __fget_files+0x3a0/0x420
[   75.837030][ T5337]  __x64_sys_sendmsg+0x19b/0x260
[   75.839253][ T5337]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   75.841672][ T5337]  ? rcu_is_watching+0x15/0xb0
[   75.843787][ T5337]  do_syscall_64+0xec/0xf80
[   75.845706][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.848391][ T5337]  ? trace_irq_disable+0x37/0x100
[   75.850593][ T5337]  ? clear_bhb_loop+0x60/0xb0
[   75.852913][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.855585][ T5337] RIP: 0033:0x7f8e5fd8f7c9
[   75.857597][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.865541][ T5337] RSP: 002b:00007f8e60b40038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   75.869255][ T5337] RAX: ffffffffffffffda RBX: 00007f8e5ffe5fa0 RCX: 00007f8e5fd8f7c9
[   75.873067][ T5337] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000007
[   75.876647][ T5337] RBP: 00007f8e5fe13f91 R08: 0000000000000000 R09: 0000000000000000
[   75.880259][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.884738][ T5337] R13: 00007f8e5ffe6038 R14: 00007f8e5ffe5fa0 R15: 00007ffe9f75d318
[   75.888280][ T5337]  </TASK>
[   75.889751][ T5337] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   75.892876][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.896781][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.901326][ T5337] Call Trace:
[   75.902782][ T5337]  <TASK>
[   75.904109][ T5337]  vpanic+0x1e0/0x670
[   75.905879][ T5337]  panic+0xb9/0xc0
[   75.907633][ T5337]  ? __pfx_panic+0x10/0x10
[   75.909362][ T5337]  __warn+0x317/0x4b0
[   75.911024][ T5337]  ? mac80211_hwsim_sta_rc_update+0x696/0x860
[   75.913693][ T5337]  ? mac80211_hwsim_sta_rc_update+0x696/0x860
[   75.916422][ T5337]  __report_bug+0x288/0x500
[   75.918436][ T5337]  ? mac80211_hwsim_sta_rc_update+0x696/0x860
[   75.921179][ T5337]  ? __pfx___report_bug+0x10/0x10
[   75.923427][ T5337]  ? check_path+0x21/0x40
[   75.925156][ T5337]  report_bug_entry+0x19a/0x290
[   75.927201][ T5337]  ? mac80211_hwsim_sta_rc_update+0x6f4/0x860
[   75.929839][ T5337]  ? mac80211_hwsim_sta_rc_update+0x6f9/0x860
[   75.932510][ T5337]  handle_bug+0xca/0x200
[   75.934320][ T5337]  exc_invalid_op+0x1a/0x50
[   75.936325][ T5337]  asm_exc_invalid_op+0x1a/0x20
[   75.938484][ T5337] RIP: 0010:mac80211_hwsim_sta_rc_update+0x6f4/0x860
[   75.941399][ T5337] Code: 85 d2 00 00 00 45 8b 36 44 89 f7 e8 a6 20 00 00 48 8b 7c 24 28 48 8b 74 24 30 89 ea 48 8b 4c 24 10 41 89 d8 45 89 f9 41 56 50 <67> 48 0f b9 3a 48 83 c4 10 e9 08 ff ff ff e8 f9 f5 ef fa 90 0f 0b
[   75.949580][ T5337] RSP: 0018:ffffc9000ae2eec0 EFLAGS: 00010283
[   75.952121][ T5337] RAX: 0000000000000005 RBX: 0000000000000014 RCX: ffff888042234ec0
[   75.955341][ T5337] RDX: 0000000000000000 RSI: ffff888011516fd2 RDI: ffffffff8f8eda40
[   75.958654][ T5337] RBP: 0000000000000000 R08: 0000000000000014 R09: 0000000000000000
[   75.962070][ T5337] R10: 000000000000000d R11: 0000000000000002 R12: 0000000000000000
[   75.965453][ T5337] R13: dffffc0000000000 R14: 0000000000000006 R15: 0000000000000000
[   75.968634][ T5337]  ? mac80211_hwsim_sta_rc_update+0x73/0x860
[   75.971111][ T5337]  mac80211_hwsim_sta_add+0xa4/0x350
[   75.973333][ T5337]  drv_sta_state+0x86a/0x1770
[   75.975318][ T5337]  sta_info_insert_rcu+0x1712/0x2760
[   75.977757][ T5337]  ? sta_info_insert_rcu+0x2d2/0x2760
[   75.980083][ T5337]  ? ieee80211_add_station+0x4f1/0x6a0
[   75.982436][ T5337]  sta_info_insert+0x16/0xc0
[   75.984346][ T5337]  rdev_add_station+0xfc/0x270
[   75.986376][ T5337]  nl80211_new_station+0x1755/0x1b70
[   75.988670][ T5337]  ? __pfx_nl80211_new_station+0x10/0x10
[   75.991125][ T5337]  ? netdev_run_todo+0xe1b/0xea0
[   75.993329][ T5337]  ? nl80211_pre_doit+0x4f1/0x930
[   75.995563][ T5337]  genl_family_rcv_msg_doit+0x215/0x300
[   75.998034][ T5337]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   76.000715][ T5337]  ? bpf_lsm_capable+0x9/0x20
[   76.002818][ T5337]  ? security_capable+0x7e/0x2e0
[   76.004968][ T5337]  genl_rcv_msg+0x60e/0x790
[   76.007151][ T5337]  ? __pfx_genl_rcv_msg+0x10/0x10
[   76.009267][ T5337]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   76.011522][ T5337]  ? __pfx_nl80211_new_station+0x10/0x10
[   76.014007][ T5337]  ? __pfx_nl80211_post_doit+0x10/0x10
[   76.016465][ T5337]  ? __asan_memcpy+0x40/0x70
[   76.018488][ T5337]  ? __pfx_ref_tracker_free+0x10/0x10
[   76.020853][ T5337]  ? __skb_clone+0x63/0x7a0
[   76.022623][ T5337]  netlink_rcv_skb+0x208/0x470
[   76.024491][ T5337]  ? __pfx_genl_rcv_msg+0x10/0x10
[   76.026533][ T5337]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   76.028763][ T5337]  ? genl_rcv+0x19/0x40
[   76.030835][ T5337]  ? down_read+0x274/0x2e0
[   76.033072][ T5337]  ? genl_rcv+0xd/0x40
[   76.034893][ T5337]  genl_rcv+0x28/0x40
[   76.036551][ T5337]  netlink_unicast+0x82f/0x9e0
[   76.038446][ T5337]  ? __pfx_netlink_unicast+0x10/0x10
[   76.040530][ T5337]  ? __alloc_skb+0x198/0x3a0
[   76.042428][ T5337]  ? netlink_sendmsg+0x642/0xb30
[   76.044420][ T5337]  ? skb_put+0x11b/0x210
[   76.046141][ T5337]  netlink_sendmsg+0x805/0xb30
[   76.048173][ T5337]  ? __pfx_netlink_sendmsg+0x10/0x10
[   76.050505][ T5337]  ? aa_sock_msg_perm+0xf1/0x1b0
[   76.052701][ T5337]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   76.055030][ T5337]  ? __pfx_netlink_sendmsg+0x10/0x10
[   76.057292][ T5337]  __sock_sendmsg+0x21c/0x270
[   76.059326][ T5337]  ____sys_sendmsg+0x505/0x820
[   76.061290][ T5337]  ? __pfx_____sys_sendmsg+0x10/0x10
[   76.063612][ T5337]  ? import_iovec+0x74/0xa0
[   76.065624][ T5337]  ___sys_sendmsg+0x21f/0x2a0
[   76.067719][ T5337]  ? __pfx____sys_sendmsg+0x10/0x10
[   76.070037][ T5337]  ? futex_wait+0x285/0x360
[   76.072015][ T5337]  ? __fget_files+0x2a/0x420
[   76.073934][ T5337]  ? __fget_files+0x3a0/0x420
[   76.076010][ T5337]  __x64_sys_sendmsg+0x19b/0x260
[   76.078275][ T5337]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   76.080684][ T5337]  ? rcu_is_watching+0x15/0xb0
[   76.082769][ T5337]  do_syscall_64+0xec/0xf80
[   76.084764][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.087454][ T5337]  ? trace_irq_disable+0x37/0x100
[   76.089499][ T5337]  ? clear_bhb_loop+0x60/0xb0
[   76.091217][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.093270][ T5337] RIP: 0033:0x7f8e5fd8f7c9
[   76.095125][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.103444][ T5337] RSP: 002b:00007f8e60b40038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   76.107068][ T5337] RAX: ffffffffffffffda RBX: 00007f8e5ffe5fa0 RCX: 00007f8e5fd8f7c9
[   76.110574][ T5337] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000007
[   76.114106][ T5337] RBP: 00007f8e5fe13f91 R08: 0000000000000000 R09: 0000000000000000
[   76.117653][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.121140][ T5337] R13: 00007f8e5ffe6038 R14: 00007f8e5ffe5fa0 R15: 00007ffe9f75d318
[   76.124502][ T5337]  </TASK>
[   76.126235][ T5337] Kernel Offset: disabled
[   76.128165][ T5337] Rebooting in 86400 seconds..