program:
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x1016c1)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x42, 0x8)
pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000180)={{0xfe, 0x5}, 0x1, 0x1, 0x0, {}, 0xe, 0x7})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0xffff, 0x0, 0x8, 0x800, r0, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x3}, 0x50)
read(r1, &(0x7f0000000540)=""/75, 0x4b)
pselect6(0x99, &(0x7f00000003c0)={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x34, 0x0, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'pimreg\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}]}, 0x34}}, 0x20000004)
sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0x34, 0x0, 0x1, 0x70bd27, 0x25dfdbff, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bridge0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x40001}, 0x8004)
sendmsg$SMC_PNETID_DEL(r2, &(0x7f00000005c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000380)={&(0x7f0000000740)={0x48, 0x0, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'ip6gretap0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'wlan1\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x4014850}, 0x800)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
rt_sigqueueinfo(0x0, 0x9, &(0x7f000000df80)={0x0, 0x0, 0xffffffc0})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0)
write$dsp(r6, &(0x7f0000000400)="a2f0b1ba5bdce46d9268ba8cb92ff9c50869f563ae85960b63ce563a485ac82fce633d4894fa10e557bdca91414642965a6dd5bf55e3673c3f8153756f28aa5497b37a0e80588ea6449be67c037c0efbea0fc588e368f8a8811d680138757afe7c2febc697637e1e442f473edf5b4def55f6aebaae5438983083f0e04bf4c2c02cfaacd99ad8ca5011956d3cd20e499d7c9a32d72e66725b6585c1fbacdbbd6d39a3b05f27678b35", 0xa8)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @objref={{0xb}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_OBJREF_SET_NAME={0x9, 0x4, 'syz1\x00'}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0xb}]}}}]}]}], {0x14}}, 0xc8}}, 0x4004)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}, 0x1, 0x0, 0x0, 0x400c000}, 0x0)
r8 = syz_open_dev$vim2m(&(0x7f0000000000), 0x79, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f0000000040)={0x1, @pix={0x0, 0x0, 0x3132564e}})
sendmsg$NL80211_CMD_JOIN_OCB(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000800)={0x2c, r7, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24004015}, 0x448d0)
r9 = socket$inet_sctp(0x2, 0x5, 0x84)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0)
mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x4, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x8000, 0x0, 0x2, 0x2)
ioctl$sock_inet_SIOCRTMSG(r9, 0x890d, 0x0)
syz_80211_inject_frame(&(0x7f0000000280)=@device_b, &(0x7f0000000700)=ANY=[@ANYBLOB="88a80060371200080211000000ffffffffffffffffff"], 0x1e)

[   85.053060][ T4684] Bluetooth: hci0: command tx timeout
[   85.553335][   T12] ------------[ cut here ]------------
[   85.556285][   T12] intf 08:02:11:00:00:01 [link=0]: bad STA 00:00:00:ff:ff:ff bandwidth 20 MHz (0) > channel config 10 MHz (7)
[   85.562710][ T5345] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   85.573021][   T12] WARNING: CPU: 0 PID: 12 at drivers/net/wireless/virtual/mac80211_hwsim.c:2653 mac80211_hwsim_sta_rc_update+0x6f5/0x860
[   85.578725][   T12] Modules linked in:
[   85.580982][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:0 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[   85.585992][   T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.590397][   T12] Workqueue: events_unbound cfg80211_wiphy_work
[   85.593377][   T12] RIP: 0010:mac80211_hwsim_sta_rc_update+0x6f5/0x860
[   85.596210][   T12] Code: 71 17 00 00 48 c7 c7 c0 ae 2d 8c 48 8b 74 24 28 89 ea 48 8b 4c 24 10 41 89 d8 45 89 f9 41 56 50 e8 d0 df 8f fa 48 83 c4 10 90 <0f> 0b 90 90 e9 0c ff ff ff e8 2d 37 cc fa 90 0f 0b 90 e9 fe fe ff
[   85.605641][   T12] RSP: 0000:ffffc900001e7768 EFLAGS: 00010282
[   85.608274][   T12] RAX: 2fbf679a6b22d100 RBX: 0000000000000014 RCX: ffff88801af1c880
[   85.611726][   T12] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[   85.615225][   T12] RBP: 0000000000000000 R08: ffff88801fc24293 R09: 1ffff11003f84852
[   85.618772][   T12] R10: dffffc0000000000 R11: ffffed1003f84853 R12: 0000000000000000
[   85.623028][   T12] R13: dffffc0000000000 R14: 0000000000000007 R15: 0000000000000000
[   85.626630][   T12] FS:  0000000000000000(0000) GS:ffff88808d21c000(0000) knlGS:0000000000000000
[   85.630404][   T12] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.633478][   T12] CR2: 00007fb4cbdb2fc8 CR3: 0000000042ef0000 CR4: 0000000000352ef0
[   85.637082][   T12] Call Trace:
[   85.638870][   T12]  <TASK>
[   85.640440][   T12]  ? mac80211_hwsim_sta_rc_update+0x73/0x860
[   85.643636][   T12]  mac80211_hwsim_sta_add+0xa3/0x310
[   85.646499][   T12]  drv_sta_state+0x8be/0x1840
[   85.648732][   T12]  sta_info_insert_rcu+0xd32/0x1940
[   85.650967][   T12]  ? sta_info_insert_rcu+0x2ce/0x1940
[   85.653364][   T12]  ieee80211_ocb_work+0x31f/0x580
[   85.655590][   T12]  ? __pfx_ieee80211_ocb_work+0x10/0x10
[   85.657951][   T12]  ? ieee80211_iface_work+0xf14/0xfe0
[   85.660244][   T12]  ? rcu_is_watching+0x15/0xb0
[   85.662286][   T12]  cfg80211_wiphy_work+0x2df/0x460
[   85.664617][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[   85.666975][   T12]  process_scheduled_works+0xade/0x17b0
[   85.669402][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.672037][   T12]  worker_thread+0x8a0/0xda0
[   85.674521][   T12]  kthread+0x70e/0x8a0
[   85.676283][   T12]  ? __pfx_worker_thread+0x10/0x10
[   85.678461][   T12]  ? __pfx_kthread+0x10/0x10
[   85.680382][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.682615][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.684962][   T12]  ? __pfx_kthread+0x10/0x10
[   85.687115][   T12]  ret_from_fork+0x3fc/0x770
[   85.689207][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[   85.691482][   T12]  ? __pfx_kthread+0x10/0x10
[   85.693757][   T12]  ret_from_fork_asm+0x1a/0x30
[   85.695849][   T12]  </TASK>
[   85.697267][   T12] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.700316][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:0 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[   85.707457][   T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.712112][   T12] Workqueue: events_unbound cfg80211_wiphy_work
[   85.714868][   T12] Call Trace:
[   85.716340][   T12]  <TASK>
[   85.717663][   T12]  dump_stack_lvl+0x99/0x250
[   85.719759][   T12]  ? __asan_memcpy+0x40/0x70
[   85.721896][   T12]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.724245][   T12]  ? __pfx__printk+0x10/0x10
[   85.726277][   T12]  panic+0x2db/0x790
[   85.728062][   T12]  ? __pfx_panic+0x10/0x10
[   85.730065][   T12]  ? show_trace_log_lvl+0x4fb/0x550
[   85.732602][   T12]  ? ret_from_fork_asm+0x1a/0x30
[   85.735307][   T12]  __warn+0x31b/0x4b0
[   85.737438][   T12]  ? mac80211_hwsim_sta_rc_update+0x6f5/0x860
[   85.740101][   T12]  ? mac80211_hwsim_sta_rc_update+0x6f5/0x860
[   85.742640][   T12]  report_bug+0x2be/0x4f0
[   85.744496][   T12]  ? mac80211_hwsim_sta_rc_update+0x6f5/0x860
[   85.747032][   T12]  ? mac80211_hwsim_sta_rc_update+0x6f5/0x860
[   85.749492][   T12]  ? mac80211_hwsim_sta_rc_update+0x6f7/0x860
[   85.752014][   T12]  handle_bug+0x84/0x160
[   85.753804][   T12]  exc_invalid_op+0x1a/0x50
[   85.755840][   T12]  asm_exc_invalid_op+0x1a/0x20
[   85.757979][   T12] RIP: 0010:mac80211_hwsim_sta_rc_update+0x6f5/0x860
[   85.760935][   T12] Code: 71 17 00 00 48 c7 c7 c0 ae 2d 8c 48 8b 74 24 28 89 ea 48 8b 4c 24 10 41 89 d8 45 89 f9 41 56 50 e8 d0 df 8f fa 48 83 c4 10 90 <0f> 0b 90 90 e9 0c ff ff ff e8 2d 37 cc fa 90 0f 0b 90 e9 fe fe ff
[   85.768981][   T12] RSP: 0000:ffffc900001e7768 EFLAGS: 00010282
[   85.771497][   T12] RAX: 2fbf679a6b22d100 RBX: 0000000000000014 RCX: ffff88801af1c880
[   85.774681][   T12] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[   85.777915][   T12] RBP: 0000000000000000 R08: ffff88801fc24293 R09: 1ffff11003f84852
[   85.781077][   T12] R10: dffffc0000000000 R11: ffffed1003f84853 R12: 0000000000000000
[   85.784314][   T12] R13: dffffc0000000000 R14: 0000000000000007 R15: 0000000000000000
[   85.787619][   T12]  ? mac80211_hwsim_sta_rc_update+0x73/0x860
[   85.790233][   T12]  mac80211_hwsim_sta_add+0xa3/0x310
[   85.792425][   T12]  drv_sta_state+0x8be/0x1840
[   85.794442][   T12]  sta_info_insert_rcu+0xd32/0x1940
[   85.796613][   T12]  ? sta_info_insert_rcu+0x2ce/0x1940
[   85.798895][   T12]  ieee80211_ocb_work+0x31f/0x580
[   85.801056][   T12]  ? __pfx_ieee80211_ocb_work+0x10/0x10
[   85.803400][   T12]  ? ieee80211_iface_work+0xf14/0xfe0
[   85.805713][   T12]  ? rcu_is_watching+0x15/0xb0
[   85.807759][   T12]  cfg80211_wiphy_work+0x2df/0x460
[   85.810003][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[   85.812456][   T12]  process_scheduled_works+0xade/0x17b0
[   85.814915][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.817847][   T12]  worker_thread+0x8a0/0xda0
[   85.820024][   T12]  kthread+0x70e/0x8a0
[   85.822056][   T12]  ? __pfx_worker_thread+0x10/0x10
[   85.824309][   T12]  ? __pfx_kthread+0x10/0x10
[   85.826446][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.829071][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.831482][   T12]  ? __pfx_kthread+0x10/0x10
[   85.833892][   T12]  ret_from_fork+0x3fc/0x770
[   85.836109][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[   85.838591][   T12]  ? __pfx_kthread+0x10/0x10
[   85.840826][   T12]  ret_from_fork_asm+0x1a/0x30
[   85.842878][   T12]  </TASK>
[   85.844601][   T12] Kernel Offset: disabled
[   85.846541][   T12] Rebooting in 86400 seconds..