program:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000680)=@newtfilter={0x43c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x40c, 0x2, [@TCA_FLOW_POLICE={0x408, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x81, 0xffffffff, 0xda, 0x3, 0x0, 0x2a, 0x100, 0x73d, 0x3509, 0x3, 0x10000, 0x7, 0x1000, 0x9, 0x3, 0x3, 0x882e, 0x8, 0x8, 0x2, 0x800009, 0xfffffffb, 0x2, 0x6, 0x80000000, 0x400, 0x9, 0xffff, 0x7a, 0x5, 0x7, 0x444, 0xffffff40, 0x9, 0x6, 0x8, 0x2, 0x57, 0x0, 0x4, 0x7fff, 0x9, 0xfffffffb, 0x2, 0xcf9f, 0x0, 0x1, 0x8, 0x1, 0x5, 0xfffffff9, 0xf8c800, 0x80000001, 0x6, 0x4, 0x9, 0x8, 0xfffffffd, 0x15, 0x7, 0xc, 0x8, 0x4, 0x3, 0xfffffe00, 0x7, 0x3, 0x800, 0x1, 0x4, 0x2, 0x4, 0x1, 0x801e, 0x7, 0x4, 0x0, 0x8, 0x5, 0x8001, 0x5, 0x1, 0x1000, 0x9, 0x3, 0x7ff, 0xd0, 0x8, 0x0, 0x3, 0x1, 0x9, 0xe, 0x7fff, 0xfffffff8, 0x7, 0x0, 0xb1, 0x3, 0xffffff44, 0x1, 0x8, 0xf, 0x6, 0x556, 0x1, 0x2c, 0x5, 0x80000001, 0x1, 0x0, 0xffffff00, 0x3, 0xffffffff, 0x7, 0x9, 0x1c00, 0x5, 0xa2, 0x3, 0x8, 0x0, 0x5, 0x8001, 0xbfffffff, 0x7, 0x80, 0x7, 0x0, 0x743, 0x5, 0x3, 0x7, 0x200, 0x5, 0x0, 0x8, 0x3, 0x100, 0x2, 0x8, 0x1, 0x1, 0x8, 0xe, 0x5, 0x6, 0x4, 0x7ff, 0x5, 0xfffffffe, 0x7, 0xf80, 0x7, 0x5a, 0x2302, 0xffff, 0x3ff, 0x2, 0x5, 0x1, 0x6, 0x3, 0x401, 0x10401, 0x512d, 0x1, 0xe, 0x2, 0xa3c0, 0x4, 0x8000, 0x10001, 0x15a, 0x6, 0x120000, 0x9, 0x7fffffff, 0x7, 0x9, 0x80000004, 0x5, 0x7e9, 0x48, 0x9, 0x3, 0x0, 0x5, 0x6, 0xf, 0xff, 0xd, 0x6, 0x9, 0x0, 0x200, 0x9, 0xff, 0x4, 0x7, 0x7, 0x8, 0x4, 0x56, 0x4a82, 0xffff0000, 0x7ff, 0x3e1, 0x6, 0x80000000, 0x4c0, 0x5, 0xa, 0x6, 0x2, 0x6, 0x8, 0x48, 0x1a, 0x2000000, 0x1ff, 0x844, 0x6, 0x3ff, 0x2, 0x100, 0x6, 0xffffffff, 0x200, 0xc26, 0x4, 0x5, 0x1, 0x7fff, 0xf, 0x401, 0x401, 0x4, 0x7, 0x3565, 0x2, 0x4, 0xebf, 0x9, 0x1000, 0x1, 0x71f, 0x2, 0x7, 0x6e8, 0x8, 0x0, 0x80000000, 0x6, 0x9, 0x2]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x1}, 0x800)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$unix(0x1, 0x2, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r7 = socket$kcm(0x10, 0x3, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
syz_80211_join_ibss(&(0x7f0000000100)='wlan1\x00', &(0x7f0000000180)=@default_ibss_ssid, 0x6, 0x2)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x50, r6, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x7ff, 0x78}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r9)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r10, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x24, r11, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}, 0x1, 0x0, 0x0, 0x400c000}, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)={0x24, r11, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x971}]}, 0x24}, 0x1, 0x0, 0x0, 0x24004015}, 0x448d0)
syz_80211_inject_frame(&(0x7f0000000280)=@device_b, &(0x7f0000000700)=ANY=[@ANYBLOB="88a80060371200080211000000ffffffffffffffffff"], 0x1e)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r13=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r13, @ANYBLOB="0000000003120100500012800b000100627269646765000040000280080005000100000006002700000000000800010015000800050025000000000008000400000000000c002e"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40)
r14 = socket$nl_route(0x10, 0x3, 0x0)
r15 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r15, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r16=>0x0})
sendmsg$nl_route(r14, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="3c58401d98000d0425bd7000fcdbdf250002fa00", @ANYRES32=r16, @ANYBLOB="01000000000000001c0012800b00010062726964676500000c0002800600270005000000"], 0x3c}}, 0x0)

[   76.611584][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[   76.614465][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[   76.633512][ T4667] Bluetooth: hci0: command tx timeout
[   76.693593][ T5318] netlink: 'syz.0.0': attribute type 10 has an invalid length.
[   76.754760][ T5318] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   76.780610][ T1042] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.784108][ T1042] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.847654][    C0] ------------[ cut here ]------------
[   76.850426][    C0] WARNING: CPU: 0 PID: 15 at net/mac80211/ocb.c:63 ieee80211_ocb_rx_no_sta+0x511/0x5d0
[   76.854795][    C0] Modules linked in:
[   76.856745][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.860973][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.865895][    C0] RIP: 0010:ieee80211_ocb_rx_no_sta+0x511/0x5d0
[   76.868695][    C0] Code: 48 0a 00 00 48 c7 c7 40 88 8a 8c 48 89 de 4c 89 fa 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 85 25 4c f6 e8 00 a7 e4 f6 90 <0f> 0b 90 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 b9 00 00 00
[   76.877323][    C0] RSP: 0018:ffffc9000041f470 EFLAGS: 00010283
[   76.880109][    C0] RAX: ffffffff8adb6c60 RBX: ffff88803fa38d80 RCX: 0000000000040000
[   76.883495][    C0] RDX: ffffc90001041000 RSI: 000000000000005a RDI: 000000000000005b
[   76.886949][    C0] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff8adb6809
[   76.890511][    C0] R10: 000000000000000c R11: 0000000000000002 R12: ffffffff8adb6809
[   76.894073][    C0] R13: 0000000000000000 R14: dffffc0000000000 R15: ffff888051672d8a
[   76.897676][    C0] FS:  0000000000000000(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000
[   76.901733][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.904773][    C0] CR2: 0000200000002280 CR3: 000000004219c000 CR4: 0000000000352ef0
[   76.909031][    C0] Call Trace:
[   76.910643][    C0]  <TASK>
[   76.912332][    C0]  ? ret_from_fork_asm+0x1a/0x30
[   76.914737][    C0]  ieee80211_prepare_and_rx_handle+0x2555/0x6770
[   76.918295][    C0]  ? __pfx_ieee80211_prepare_and_rx_handle+0x10/0x10
[   76.921961][    C0]  ? sta_info_get_bss+0x58/0x390
[   76.924280][    C0]  ? sta_info_get_bss+0x58/0x390
[   76.926626][    C0]  ? sta_info_get_bss+0x58/0x390
[   76.929090][    C0]  ? ieee80211_rx_data_set_sta+0x20f/0x420
[   76.931843][    C0]  ? ieee80211_rx_for_interface+0x545/0x630
[   76.934579][    C0]  ieee80211_rx_list+0x2294/0x2c10
[   76.936964][    C0]  ? __pfx_ieee80211_rx_list+0x10/0x10
[   76.939706][    C0]  ? ieee80211_rx_napi+0xca/0x3d0
[   76.942170][    C0]  ? ieee80211_rx_napi+0xca/0x3d0
[   76.944423][    C0]  ? ieee80211_rx_napi+0xca/0x3d0
[   76.946648][    C0]  ieee80211_rx_napi+0x1a8/0x3d0
[   76.949107][    C0]  ? __pfx_ieee80211_rx_napi+0x10/0x10
[   76.951750][    C0]  ? skb_dequeue+0x10e/0x150
[   76.954060][    C0]  ieee80211_handle_queued_frames+0xe8/0x1f0
[   76.957293][    C0]  tasklet_action_common+0x36c/0x580
[   76.960047][    C0]  ? __pfx_tasklet_action_common+0x10/0x10
[   76.962382][    C0]  ? workqueue_softirq_action+0xd4/0x150
[   76.965183][    C0]  handle_softirqs+0x286/0x870
[   76.967483][    C0]  ? run_ksoftirqd+0x9b/0x100
[   76.969698][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   76.971937][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[   76.974132][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[   76.976406][    C0]  run_ksoftirqd+0x9b/0x100
[   76.978645][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   76.981095][    C0]  smpboot_thread_fn+0x542/0xa60
[   76.983528][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[   76.985886][    C0]  kthread+0x711/0x8a0
[   76.988003][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   76.990558][    C0]  ? __pfx_kthread+0x10/0x10
[   76.992738][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[   76.995081][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.997405][    C0]  ? __pfx_kthread+0x10/0x10
[   76.999454][    C0]  ret_from_fork+0x4bc/0x870
[   77.001639][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[   77.003837][    C0]  ? __pfx_kthread+0x10/0x10
[   77.005869][    C0]  ret_from_fork_asm+0x1a/0x30
[   77.008102][    C0]  </TASK>
[   77.009607][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   77.012782][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) 
[   77.016862][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   77.021638][    C0] Call Trace:
[   77.023171][    C0]  <TASK>
[   77.024553][    C0]  dump_stack_lvl+0x99/0x250
[   77.026652][    C0]  ? __asan_memcpy+0x40/0x70
[   77.028899][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   77.031396][    C0]  ? __pfx__printk+0x10/0x10
[   77.033429][    C0]  vpanic+0x237/0x6d0
[   77.035214][    C0]  ? __pfx_vpanic+0x10/0x10
[   77.037473][    C0]  panic+0xb9/0xc0
[   77.039261][    C0]  ? __pfx_panic+0x10/0x10
[   77.041355][    C0]  __warn+0x31b/0x4b0
[   77.043294][    C0]  ? ieee80211_ocb_rx_no_sta+0x511/0x5d0
[   77.045853][    C0]  ? ieee80211_ocb_rx_no_sta+0x511/0x5d0
[   77.048342][    C0]  report_bug+0x2be/0x4f0
[   77.050220][    C0]  ? ieee80211_ocb_rx_no_sta+0x511/0x5d0
[   77.052609][    C0]  ? ieee80211_ocb_rx_no_sta+0x511/0x5d0
[   77.055042][    C0]  ? ieee80211_ocb_rx_no_sta+0x513/0x5d0
[   77.057623][    C0]  handle_bug+0x84/0x160
[   77.059526][    C0]  exc_invalid_op+0x1a/0x50
[   77.061479][    C0]  asm_exc_invalid_op+0x1a/0x20
[   77.063969][    C0] RIP: 0010:ieee80211_ocb_rx_no_sta+0x511/0x5d0
[   77.066978][    C0] Code: 48 0a 00 00 48 c7 c7 40 88 8a 8c 48 89 de 4c 89 fa 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 85 25 4c f6 e8 00 a7 e4 f6 90 <0f> 0b 90 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 b9 00 00 00
[   77.075188][    C0] RSP: 0018:ffffc9000041f470 EFLAGS: 00010283
[   77.077942][    C0] RAX: ffffffff8adb6c60 RBX: ffff88803fa38d80 RCX: 0000000000040000
[   77.081360][    C0] RDX: ffffc90001041000 RSI: 000000000000005a RDI: 000000000000005b
[   77.084740][    C0] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff8adb6809
[   77.088164][    C0] R10: 000000000000000c R11: 0000000000000002 R12: ffffffff8adb6809
[   77.091660][    C0] R13: 0000000000000000 R14: dffffc0000000000 R15: ffff888051672d8a
[   77.094910][    C0]  ? ieee80211_ocb_rx_no_sta+0xb9/0x5d0
[   77.097110][    C0]  ? ieee80211_ocb_rx_no_sta+0xb9/0x5d0
[   77.099315][    C0]  ? ieee80211_ocb_rx_no_sta+0x510/0x5d0
[   77.101693][    C0]  ? ret_from_fork_asm+0x1a/0x30
[   77.103698][    C0]  ieee80211_prepare_and_rx_handle+0x2555/0x6770
[   77.106252][    C0]  ? __pfx_ieee80211_prepare_and_rx_handle+0x10/0x10
[   77.109114][    C0]  ? sta_info_get_bss+0x58/0x390
[   77.111428][    C0]  ? sta_info_get_bss+0x58/0x390
[   77.113672][    C0]  ? sta_info_get_bss+0x58/0x390
[   77.115916][    C0]  ? ieee80211_rx_data_set_sta+0x20f/0x420
[   77.118656][    C0]  ? ieee80211_rx_for_interface+0x545/0x630
[   77.121413][    C0]  ieee80211_rx_list+0x2294/0x2c10
[   77.123776][    C0]  ? __pfx_ieee80211_rx_list+0x10/0x10
[   77.126202][    C0]  ? ieee80211_rx_napi+0xca/0x3d0
[   77.128273][    C0]  ? ieee80211_rx_napi+0xca/0x3d0
[   77.130345][    C0]  ? ieee80211_rx_napi+0xca/0x3d0
[   77.132592][    C0]  ieee80211_rx_napi+0x1a8/0x3d0
[   77.134887][    C0]  ? __pfx_ieee80211_rx_napi+0x10/0x10
[   77.137479][    C0]  ? skb_dequeue+0x10e/0x150
[   77.139576][    C0]  ieee80211_handle_queued_frames+0xe8/0x1f0
[   77.142292][    C0]  tasklet_action_common+0x36c/0x580
[   77.144597][    C0]  ? __pfx_tasklet_action_common+0x10/0x10
[   77.147244][    C0]  ? workqueue_softirq_action+0xd4/0x150
[   77.149754][    C0]  handle_softirqs+0x286/0x870
[   77.151878][    C0]  ? run_ksoftirqd+0x9b/0x100
[   77.153982][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   77.156551][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[   77.159019][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[   77.161439][    C0]  run_ksoftirqd+0x9b/0x100
[   77.163479][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   77.165915][    C0]  smpboot_thread_fn+0x542/0xa60
[   77.168264][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[   77.170413][    C0]  kthread+0x711/0x8a0
[   77.172233][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   77.174512][    C0]  ? __pfx_kthread+0x10/0x10
[   77.176655][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[   77.179064][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[   77.181395][    C0]  ? __pfx_kthread+0x10/0x10
[   77.183436][    C0]  ret_from_fork+0x4bc/0x870
[   77.185642][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[   77.188243][    C0]  ? __pfx_kthread+0x10/0x10
[   77.190451][    C0]  ret_from_fork_asm+0x1a/0x30
[   77.192517][    C0]  </TASK>
[   77.194263][    C0] Kernel Offset: disabled
[   77.196253][    C0] Rebooting in 86400 seconds..