program:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000000c0)={'syztnl2\x00', &(0x7f0000000040)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0xf, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x0, 0x0, @private, @local, {[@end, @timestamp_addr={0x44, 0x24, 0x0, 0x1, 0x0, [{@multicast1}, {@loopback}, {@remote}, {@initdev={0xac, 0x1e, 0x0, 0x0}}]}]}}}}})
r0 = getpgid(0x0)
r1 = syz_pidfd_open(r0, 0x0)
r2 = pidfd_getfd(r1, r1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000003000000000000000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r6=>0x0})
close_range(r2, r3, 0x2)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r4, r6, 0x25, 0x0, @void}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r2, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
r7 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$sock_proto_private(r7, 0x8b20, &(0x7f0000000080))
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x6c, r9, 0x5, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x30, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x72, 0x6}, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x6c}}, 0x20000014)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r11=>0xffffffffffffffff})
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r14=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r12, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000040)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r13, @ANYBLOB="cf0400000000000000001300000008000300", @ANYRES32=r14, @ANYBLOB="05001300f001b0730a000600080211000001000006001000800500000600120000000000"], 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r15 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r15, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)

[   68.062507][ T4669] Bluetooth: hci0: command tx timeout
[   68.142773][ T5324] warning: `syz.0.0' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   68.167742][ T5324] ------------[ cut here ]------------
[   68.170250][ T5324] WARNING: CPU: 0 PID: 5324 at ./include/net/mac80211.h:7060 minstrel_ht_update_caps+0x449/0x17e0
[   68.174732][ T5324] Modules linked in:
[   68.176512][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.14.0-rc7-syzkaller-00137-g5fc319360819 #0
[   68.181184][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.185662][ T5324] RIP: 0010:minstrel_ht_update_caps+0x449/0x17e0
[   68.188395][ T5324] Code: da e8 db 2a 93 f9 e9 24 ff ff ff e8 41 ad 26 f6 eb 17 e8 3a ad 26 f6 eb 14 e8 33 ad 26 f6 49 c1 fd 38 eb 0c e8 28 ad 26 f6 90 <0f> 0b 90 45 31 ed 49 bf 00 00 00 00 00 fc ff df 48 8b 3c 24 4c 8b
[   68.196427][ T5324] RSP: 0018:ffffc9000d386ef8 EFLAGS: 00010287
[   68.199367][ T5324] RAX: ffffffff8b9b3358 RBX: 000000000000000c RCX: 0000000000100000
[   68.202709][ T5324] RDX: ffffc9000e37a000 RSI: 0000000000000411 RDI: 0000000000000412
[   68.206194][ T5324] RBP: 0000000000000000 R08: ffffffff8b9b3274 R09: 0000000000000000
[   68.209516][ T5324] R10: ffff888043378000 R11: ffffed100866f549 R12: 1ffff1100a63261c
[   68.213134][ T5324] R13: 0b00000000000000 R14: ffff8880531930e0 R15: 0100000000000000
[   68.216613][ T5324] FS:  00007fdd5883d6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   68.220622][ T5324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.223496][ T5324] CR2: 00007fdd57b7d538 CR3: 0000000043d6a000 CR4: 0000000000352ef0
[   68.227063][ T5324] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.230364][ T5324] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.233593][ T5324] Call Trace:
[   68.235041][ T5324]  <TASK>
[   68.236379][ T5324]  ? __warn+0x165/0x4d0
[   68.238102][ T5324]  ? minstrel_ht_update_caps+0x449/0x17e0
[   68.240517][ T5324]  ? report_bug+0x2b3/0x500
[   68.242485][ T5324]  ? minstrel_ht_update_caps+0x449/0x17e0
[   68.244783][ T5324]  ? handle_bug+0x60/0x90
[   68.246831][ T5324]  ? exc_invalid_op+0x1a/0x50
[   68.248873][ T5324]  ? asm_exc_invalid_op+0x1a/0x20
[   68.250987][ T5324]  ? minstrel_ht_update_caps+0x364/0x17e0
[   68.253319][ T5324]  ? minstrel_ht_update_caps+0x448/0x17e0
[   68.255719][ T5324]  ? minstrel_ht_update_caps+0x449/0x17e0
[   68.258206][ T5324]  ? minstrel_ht_update_caps+0x448/0x17e0
[   68.260654][ T5324]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   68.263025][ T5324]  ? rate_control_rate_init+0x347/0x680
[   68.265438][ T5324]  ? __pfx_minstrel_ht_rate_init+0x10/0x10
[   68.267939][ T5324]  rate_control_rate_init+0x3d8/0x680
[   68.270172][ T5324]  ? rate_control_rate_init+0x135/0x680
[   68.272389][ T5324]  rate_control_rate_init_all_links+0xfc/0x190
[   68.275044][ T5324]  sta_apply_auth_flags+0x1b6/0x410
[   68.277410][ T5324]  sta_apply_parameters+0xe23/0x1550
[   68.279701][ T5324]  ieee80211_add_station+0x3da/0x630
[   68.281965][ T5324]  rdev_add_station+0x11b/0x2b0
[   68.283944][ T5324]  nl80211_new_station+0x1d3d/0x24e0
[   68.286225][ T5324]  ? __pfx_nl80211_new_station+0x10/0x10
[   68.288557][ T5324]  ? netdev_run_todo+0xeac/0xf30
[   68.294534][ T5324]  genl_rcv_msg+0xb1f/0xec0
[   68.297456][ T5324]  ? __pfx_genl_rcv_msg+0x10/0x10
[   68.299838][ T5324]  ? __pfx_lock_acquire+0x10/0x10
[   68.302231][ T5324]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   68.305216][ T5324]  ? __pfx_nl80211_new_station+0x10/0x10
[   68.307589][ T5324]  ? __pfx_nl80211_post_doit+0x10/0x10
[   68.310086][ T5324]  ? __pfx___might_resched+0x10/0x10
[   68.312334][ T5324]  netlink_rcv_skb+0x206/0x480
[   68.314459][ T5324]  ? __pfx_genl_rcv_msg+0x10/0x10
[   68.316941][ T5324]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   68.319283][ T5324]  ? __netlink_deliver_tap+0x7b0/0x7f0
[   68.321540][ T5324]  genl_rcv+0x28/0x40
[   68.323172][ T5324]  netlink_unicast+0x7f6/0x990
[   68.325249][ T5324]  ? __pfx_netlink_unicast+0x10/0x10
[   68.327461][ T5324]  ? __virt_addr_valid+0x45f/0x530
[   68.329608][ T5324]  ? __phys_addr_symbol+0x2f/0x70
[   68.331801][ T5324]  ? __check_object_size+0x47a/0x730
[   68.333937][ T5324]  netlink_sendmsg+0x8de/0xcb0
[   68.335996][ T5324]  ? __pfx_netlink_sendmsg+0x10/0x10
[   68.338150][ T5324]  ? aa_sock_msg_perm+0x91/0x160
[   68.340475][ T5324]  ? __pfx_netlink_sendmsg+0x10/0x10
[   68.342790][ T5324]  __sock_sendmsg+0x221/0x270
[   68.344713][ T5324]  ____sys_sendmsg+0x53a/0x860
[   68.346844][ T5324]  ? __pfx_____sys_sendmsg+0x10/0x10
[   68.349144][ T5324]  __sys_sendmsg+0x269/0x350
[   68.351099][ T5324]  ? __pfx___sys_sendmsg+0x10/0x10
[   68.353234][ T5324]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   68.356092][ T5324]  ? do_syscall_64+0x100/0x230
[   68.358122][ T5324]  ? do_syscall_64+0xb6/0x230
[   68.359998][ T5324]  do_syscall_64+0xf3/0x230
[   68.361802][ T5324]  ? clear_bhb_loop+0x35/0x90
[   68.363671][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.366531][ T5324] RIP: 0033:0x7fdd5798d169
[   68.368908][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.377363][ T5324] RSP: 002b:00007fdd5883d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   68.381539][ T5324] RAX: ffffffffffffffda RBX: 00007fdd57ba5fa0 RCX: 00007fdd5798d169
[   68.384953][ T5324] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 000000000000000b
[   68.388545][ T5324] RBP: 00007fdd57a0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   68.392563][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.396051][ T5324] R13: 0000000000000000 R14: 00007fdd57ba5fa0 R15: 00007fffc0310ef8
[   68.399291][ T5324]  </TASK>
[   68.400660][ T5324] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   68.403867][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.14.0-rc7-syzkaller-00137-g5fc319360819 #0
[   68.408410][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.412759][ T5324] Call Trace:
[   68.414313][ T5324]  <TASK>
[   68.415677][ T5324]  dump_stack_lvl+0x241/0x360
[   68.418009][ T5324]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.420865][ T5324]  ? __pfx__printk+0x10/0x10
[   68.423061][ T5324]  ? vscnprintf+0x5d/0x90
[   68.424838][ T5324]  panic+0x349/0x880
[   68.426688][ T5324]  ? __warn+0x174/0x4d0
[   68.428530][ T5324]  ? __pfx_panic+0x10/0x10
[   68.430520][ T5324]  __warn+0x344/0x4d0
[   68.432751][ T5324]  ? minstrel_ht_update_caps+0x449/0x17e0
[   68.435220][ T5324]  report_bug+0x2b3/0x500
[   68.437101][ T5324]  ? minstrel_ht_update_caps+0x449/0x17e0
[   68.439782][ T5324]  handle_bug+0x60/0x90
[   68.441554][ T5324]  exc_invalid_op+0x1a/0x50
[   68.443456][ T5324]  asm_exc_invalid_op+0x1a/0x20
[   68.445639][ T5324] RIP: 0010:minstrel_ht_update_caps+0x449/0x17e0
[   68.448195][ T5324] Code: da e8 db 2a 93 f9 e9 24 ff ff ff e8 41 ad 26 f6 eb 17 e8 3a ad 26 f6 eb 14 e8 33 ad 26 f6 49 c1 fd 38 eb 0c e8 28 ad 26 f6 90 <0f> 0b 90 45 31 ed 49 bf 00 00 00 00 00 fc ff df 48 8b 3c 24 4c 8b
[   68.455822][ T5324] RSP: 0018:ffffc9000d386ef8 EFLAGS: 00010287
[   68.458763][ T5324] RAX: ffffffff8b9b3358 RBX: 000000000000000c RCX: 0000000000100000
[   68.462240][ T5324] RDX: ffffc9000e37a000 RSI: 0000000000000411 RDI: 0000000000000412
[   68.465418][ T5324] RBP: 0000000000000000 R08: ffffffff8b9b3274 R09: 0000000000000000
[   68.468669][ T5324] R10: ffff888043378000 R11: ffffed100866f549 R12: 1ffff1100a63261c
[   68.471818][ T5324] R13: 0b00000000000000 R14: ffff8880531930e0 R15: 0100000000000000
[   68.475038][ T5324]  ? minstrel_ht_update_caps+0x364/0x17e0
[   68.477426][ T5324]  ? minstrel_ht_update_caps+0x448/0x17e0
[   68.480119][ T5324]  ? minstrel_ht_update_caps+0x448/0x17e0
[   68.482520][ T5324]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   68.485617][ T5324]  ? rate_control_rate_init+0x347/0x680
[   68.487972][ T5324]  ? __pfx_minstrel_ht_rate_init+0x10/0x10
[   68.490799][ T5324]  rate_control_rate_init+0x3d8/0x680
[   68.493243][ T5324]  ? rate_control_rate_init+0x135/0x680
[   68.495879][ T5324]  rate_control_rate_init_all_links+0xfc/0x190
[   68.498999][ T5324]  sta_apply_auth_flags+0x1b6/0x410
[   68.501090][ T5324]  sta_apply_parameters+0xe23/0x1550
[   68.503196][ T5324]  ieee80211_add_station+0x3da/0x630
[   68.505267][ T5324]  rdev_add_station+0x11b/0x2b0
[   68.507207][ T5324]  nl80211_new_station+0x1d3d/0x24e0
[   68.509340][ T5324]  ? __pfx_nl80211_new_station+0x10/0x10
[   68.511591][ T5324]  ? netdev_run_todo+0xeac/0xf30
[   68.513837][ T5324]  genl_rcv_msg+0xb1f/0xec0
[   68.515797][ T5324]  ? __pfx_genl_rcv_msg+0x10/0x10
[   68.518047][ T5324]  ? __pfx_lock_acquire+0x10/0x10
[   68.520149][ T5324]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   68.522489][ T5324]  ? __pfx_nl80211_new_station+0x10/0x10
[   68.524994][ T5324]  ? __pfx_nl80211_post_doit+0x10/0x10
[   68.527359][ T5324]  ? __pfx___might_resched+0x10/0x10
[   68.529603][ T5324]  netlink_rcv_skb+0x206/0x480
[   68.531978][ T5324]  ? __pfx_genl_rcv_msg+0x10/0x10
[   68.535363][ T5324]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   68.537892][ T5324]  ? __netlink_deliver_tap+0x7b0/0x7f0
[   68.540205][ T5324]  genl_rcv+0x28/0x40
[   68.542016][ T5324]  netlink_unicast+0x7f6/0x990
[   68.543993][ T5324]  ? __pfx_netlink_unicast+0x10/0x10
[   68.546327][ T5324]  ? __virt_addr_valid+0x45f/0x530
[   68.548594][ T5324]  ? __phys_addr_symbol+0x2f/0x70
[   68.550680][ T5324]  ? __check_object_size+0x47a/0x730
[   68.552871][ T5324]  netlink_sendmsg+0x8de/0xcb0
[   68.555105][ T5324]  ? __pfx_netlink_sendmsg+0x10/0x10
[   68.557503][ T5324]  ? aa_sock_msg_perm+0x91/0x160
[   68.559864][ T5324]  ? __pfx_netlink_sendmsg+0x10/0x10
[   68.563240][ T5324]  __sock_sendmsg+0x221/0x270
[   68.565535][ T5324]  ____sys_sendmsg+0x53a/0x860
[   68.567674][ T5324]  ? __pfx_____sys_sendmsg+0x10/0x10
[   68.570124][ T5324]  __sys_sendmsg+0x269/0x350
[   68.572059][ T5324]  ? __pfx___sys_sendmsg+0x10/0x10
[   68.574335][ T5324]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   68.577587][ T5324]  ? do_syscall_64+0x100/0x230
[   68.579695][ T5324]  ? do_syscall_64+0xb6/0x230
[   68.581681][ T5324]  do_syscall_64+0xf3/0x230
[   68.583631][ T5324]  ? clear_bhb_loop+0x35/0x90
[   68.585731][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.588318][ T5324] RIP: 0033:0x7fdd5798d169
[   68.590231][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.597875][ T5324] RSP: 002b:00007fdd5883d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   68.601658][ T5324] RAX: ffffffffffffffda RBX: 00007fdd57ba5fa0 RCX: 00007fdd5798d169
[   68.605228][ T5324] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 000000000000000b
[   68.608362][ T5324] RBP: 00007fdd57a0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   68.611562][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.615163][ T5324] R13: 0000000000000000 R14: 00007fdd57ba5fa0 R15: 00007fffc0310ef8
[   68.621484][ T5324]  </TASK>
[   68.623336][ T5324] Kernel Offset: disabled
[   68.625446][ T5324] Rebooting in 86400 seconds..