program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x50, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}]}]]}, 0x50}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r5, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$unix(0x1, 0x2, 0x0) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x50, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}]}]]}, 0x50}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) (async)
close(r4) (async)
socket$inet_sctp(0x2, 0x1, 0x84) (async)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) (async)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) (async)
write$rfkill(r5, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) (async)

[   70.059702][ T4665] Bluetooth: hci0: command tx timeout
[   70.272150][ T5326] ------------[ cut here ]------------
[   70.274231][ T5326] syzkaller0: Failed check-sdata-in-driver check, flags: 0x0
[   70.287954][ T5326] WARNING: CPU: 0 PID: 5326 at net/mac80211/driver-ops.c:114 drv_remove_interface+0x35d/0x590
[   70.292547][ T5326] Modules linked in:
[   70.293936][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.13.0-rc7-syzkaller-00191-gfda5e3f28400 #0
[   70.297403][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.301476][ T5326] RIP: 0010:drv_remove_interface+0x35d/0x590
[   70.303715][ T5326] Code: 00 48 85 c0 48 0f 44 d9 42 0f b6 44 2d 00 84 c0 0f 85 f3 00 00 00 41 8b 14 24 48 c7 c7 c0 7f 27 8d 48 89 de e8 e4 0e 2e f6 90 <0f> 0b 90 90 e9 e3 fd ff ff e8 15 69 6d f6 c6 05 0f de d1 04 01 90
[   70.311360][ T5326] RSP: 0018:ffffc9000d327608 EFLAGS: 00010246
[   70.313735][ T5326] RAX: f1bdcde2b53bf000 RBX: ffff888052d48120 RCX: ffff888000c24880
[   70.316686][ T5326] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   70.319891][ T5326] RBP: 1ffff1100a5a92e5 R08: ffffffff81602ac2 R09: 1ffff11003f8519a
[   70.322828][ T5326] R10: dffffc0000000000 R11: ffffed1003f8519b R12: ffff888052d49728
[   70.325678][ T5326] R13: dffffc0000000000 R14: ffff888030b20e40 R15: ffff888052d48d80
[   70.328389][ T5326] FS:  00007fb96682b6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   70.331444][ T5326] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   70.333879][ T5326] CR2: 00007f50e0c79ba8 CR3: 0000000042c78000 CR4: 0000000000352ef0
[   70.336684][ T5326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   70.339674][ T5326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   70.342779][ T5326] Call Trace:
[   70.344138][ T5326]  <TASK>
[   70.345303][ T5326]  ? __warn+0x165/0x4d0
[   70.346837][ T5326]  ? drv_remove_interface+0x35d/0x590
[   70.349027][ T5326]  ? report_bug+0x2b3/0x500
[   70.350805][ T5326]  ? drv_remove_interface+0x35d/0x590
[   70.352866][ T5326]  ? handle_bug+0x60/0x90
[   70.354543][ T5326]  ? exc_invalid_op+0x1a/0x50
[   70.356364][ T5326]  ? asm_exc_invalid_op+0x1a/0x20
[   70.358216][ T5326]  ? __warn_printk+0x292/0x360
[   70.360100][ T5326]  ? drv_remove_interface+0x35d/0x590
[   70.362088][ T5326]  ? drv_remove_interface+0x35c/0x590
[   70.364119][ T5326]  ieee80211_do_stop+0x1b66/0x2370
[   70.365964][ T5326]  ? __pfx_ieee80211_do_stop+0x10/0x10
[   70.367935][ T5326]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   70.370182][ T5326]  ? lockdep_hardirqs_on+0x99/0x150
[   70.372114][ T5326]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   70.374411][ T5326]  ? wiphy_work_cancel+0x1f0/0x3e0
[   70.376281][ T5326]  ieee80211_stop+0x436/0x4a0
[   70.378006][ T5326]  ? __pfx_ieee80211_stop+0x10/0x10
[   70.380058][ T5326]  __dev_close_many+0x219/0x300
[   70.381924][ T5326]  ? __pfx___dev_close_many+0x10/0x10
[   70.383970][ T5326]  ? __pfx___mutex_trylock_common+0x10/0x10
[   70.386103][ T5326]  dev_close_many+0x24e/0x4c0
[   70.387888][ T5326]  ? trace_contention_end+0x3c/0x120
[   70.390041][ T5326]  ? __mutex_lock+0x37f/0xee0
[   70.391858][ T5326]  ? __pfx_dev_close_many+0x10/0x10
[   70.393781][ T5326]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   70.396117][ T5326]  dev_close+0x1c0/0x2c0
[   70.397685][ T5326]  ? __pfx_dev_close+0x10/0x10
[   70.399611][ T5326]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   70.401582][ T5326]  cfg80211_shutdown_all_interfaces+0xbb/0x1d0
[   70.403685][ T5326]  cfg80211_rfkill_set_block+0x2d/0x50
[   70.405897][ T5326]  ? __pfx_cfg80211_rfkill_set_block+0x10/0x10
[   70.408100][ T5326]  rfkill_set_block+0x1f1/0x440
[   70.409996][ T5326]  rfkill_fop_write+0x5b8/0x790
[   70.411780][ T5326]  ? end_current_label_crit_section+0x151/0x180
[   70.413941][ T5326]  ? __pfx_rfkill_fop_write+0x10/0x10
[   70.415870][ T5326]  ? bpf_lsm_file_permission+0x9/0x10
[   70.417827][ T5326]  ? security_file_permission+0x74/0x280
[   70.420025][ T5326]  ? rw_verify_area+0x1c3/0x6f0
[   70.421811][ T5326]  ? __pfx_rfkill_fop_write+0x10/0x10
[   70.423793][ T5326]  vfs_write+0x2a3/0xd30
[   70.425396][ T5326]  ? __pfx_vfs_write+0x10/0x10
[   70.427173][ T5326]  ? __might_fault+0xaa/0x120
[   70.429166][ T5326]  ? __fget_files+0x2a/0x410
[   70.431163][ T5326]  ? __fget_files+0x395/0x410
[   70.433357][ T5326]  ? __fget_files+0x2a/0x410
[   70.435485][ T5326]  ksys_write+0x18f/0x2b0
[   70.437340][ T5326]  ? __pfx_ksys_write+0x10/0x10
[   70.439217][ T5326]  ? do_syscall_64+0x100/0x230
[   70.440954][ T5326]  ? do_syscall_64+0xb6/0x230
[   70.442746][ T5326]  do_syscall_64+0xf3/0x230
[   70.444493][ T5326]  ? clear_bhb_loop+0x35/0x90
[   70.446338][ T5326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.448652][ T5326] RIP: 0033:0x7fb965985d29
[   70.450247][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.457088][ T5326] RSP: 002b:00007fb96682b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   70.460178][ T5326] RAX: ffffffffffffffda RBX: 00007fb965b75fa0 RCX: 00007fb965985d29
[   70.463016][ T5326] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000006
[   70.465783][ T5326] RBP: 00007fb965a01b08 R08: 0000000000000000 R09: 0000000000000000
[   70.468784][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   70.471920][ T5326] R13: 0000000000000000 R14: 00007fb965b75fa0 R15: 00007ffe4af27f18
[   70.474890][ T5326]  </TASK>
[   70.476100][ T5326] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   70.479447][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.13.0-rc7-syzkaller-00191-gfda5e3f28400 #0
[   70.484074][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.488566][ T5326] Call Trace:
[   70.489637][ T5326]  <TASK>
[   70.490648][ T5326]  dump_stack_lvl+0x241/0x360
[   70.492371][ T5326]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.494300][ T5326]  ? __pfx__printk+0x10/0x10
[   70.496025][ T5326]  ? _printk+0xd5/0x120
[   70.497548][ T5326]  ? __init_begin+0x41000/0x41000
[   70.499493][ T5326]  ? vscnprintf+0x5d/0x90
[   70.501129][ T5326]  panic+0x349/0x880
[   70.502498][ T5326]  ? __warn+0x174/0x4d0
[   70.504001][ T5326]  ? __pfx_panic+0x10/0x10
[   70.505611][ T5326]  __warn+0x344/0x4d0
[   70.507060][ T5326]  ? drv_remove_interface+0x35d/0x590
[   70.508989][ T5326]  report_bug+0x2b3/0x500
[   70.510486][ T5326]  ? drv_remove_interface+0x35d/0x590
[   70.512427][ T5326]  handle_bug+0x60/0x90
[   70.513954][ T5326]  exc_invalid_op+0x1a/0x50
[   70.515681][ T5326]  asm_exc_invalid_op+0x1a/0x20
[   70.517619][ T5326] RIP: 0010:drv_remove_interface+0x35d/0x590
[   70.519898][ T5326] Code: 00 48 85 c0 48 0f 44 d9 42 0f b6 44 2d 00 84 c0 0f 85 f3 00 00 00 41 8b 14 24 48 c7 c7 c0 7f 27 8d 48 89 de e8 e4 0e 2e f6 90 <0f> 0b 90 90 e9 e3 fd ff ff e8 15 69 6d f6 c6 05 0f de d1 04 01 90
[   70.527446][ T5326] RSP: 0018:ffffc9000d327608 EFLAGS: 00010246
[   70.530070][ T5326] RAX: f1bdcde2b53bf000 RBX: ffff888052d48120 RCX: ffff888000c24880
[   70.533422][ T5326] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   70.536637][ T5326] RBP: 1ffff1100a5a92e5 R08: ffffffff81602ac2 R09: 1ffff11003f8519a
[   70.540358][ T5326] R10: dffffc0000000000 R11: ffffed1003f8519b R12: ffff888052d49728
[   70.544028][ T5326] R13: dffffc0000000000 R14: ffff888030b20e40 R15: ffff888052d48d80
[   70.547189][ T5326]  ? __warn_printk+0x292/0x360
[   70.548878][ T5326]  ? drv_remove_interface+0x35c/0x590
[   70.550756][ T5326]  ieee80211_do_stop+0x1b66/0x2370
[   70.552556][ T5326]  ? __pfx_ieee80211_do_stop+0x10/0x10
[   70.554590][ T5326]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   70.556937][ T5326]  ? lockdep_hardirqs_on+0x99/0x150
[   70.558892][ T5326]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   70.561212][ T5326]  ? wiphy_work_cancel+0x1f0/0x3e0
[   70.562824][ T5326]  ieee80211_stop+0x436/0x4a0
[   70.564511][ T5326]  ? __pfx_ieee80211_stop+0x10/0x10
[   70.566452][ T5326]  __dev_close_many+0x219/0x300
[   70.568244][ T5326]  ? __pfx___dev_close_many+0x10/0x10
[   70.570167][ T5326]  ? __pfx___mutex_trylock_common+0x10/0x10
[   70.572450][ T5326]  dev_close_many+0x24e/0x4c0
[   70.574131][ T5326]  ? trace_contention_end+0x3c/0x120
[   70.576110][ T5326]  ? __mutex_lock+0x37f/0xee0
[   70.577840][ T5326]  ? __pfx_dev_close_many+0x10/0x10
[   70.579745][ T5326]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   70.582049][ T5326]  dev_close+0x1c0/0x2c0
[   70.583691][ T5326]  ? __pfx_dev_close+0x10/0x10
[   70.585411][ T5326]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   70.587675][ T5326]  cfg80211_shutdown_all_interfaces+0xbb/0x1d0
[   70.590041][ T5326]  cfg80211_rfkill_set_block+0x2d/0x50
[   70.592283][ T5326]  ? __pfx_cfg80211_rfkill_set_block+0x10/0x10
[   70.594656][ T5326]  rfkill_set_block+0x1f1/0x440
[   70.596525][ T5326]  rfkill_fop_write+0x5b8/0x790
[   70.598361][ T5326]  ? end_current_label_crit_section+0x151/0x180
[   70.600786][ T5326]  ? __pfx_rfkill_fop_write+0x10/0x10
[   70.602834][ T5326]  ? bpf_lsm_file_permission+0x9/0x10
[   70.604899][ T5326]  ? security_file_permission+0x74/0x280
[   70.606927][ T5326]  ? rw_verify_area+0x1c3/0x6f0
[   70.608762][ T5326]  ? __pfx_rfkill_fop_write+0x10/0x10
[   70.610744][ T5326]  vfs_write+0x2a3/0xd30
[   70.612425][ T5326]  ? __pfx_vfs_write+0x10/0x10
[   70.614263][ T5326]  ? __might_fault+0xaa/0x120
[   70.616093][ T5326]  ? __fget_files+0x2a/0x410
[   70.617911][ T5326]  ? __fget_files+0x395/0x410
[   70.619755][ T5326]  ? __fget_files+0x2a/0x410
[   70.621461][ T5326]  ksys_write+0x18f/0x2b0
[   70.623144][ T5326]  ? __pfx_ksys_write+0x10/0x10
[   70.624956][ T5326]  ? do_syscall_64+0x100/0x230
[   70.626725][ T5326]  ? do_syscall_64+0xb6/0x230
[   70.628594][ T5326]  do_syscall_64+0xf3/0x230
[   70.630118][ T5326]  ? clear_bhb_loop+0x35/0x90
[   70.631985][ T5326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.634242][ T5326] RIP: 0033:0x7fb965985d29
[   70.635814][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.642384][ T5326] RSP: 002b:00007fb96682b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   70.645064][ T5326] RAX: ffffffffffffffda RBX: 00007fb965b75fa0 RCX: 00007fb965985d29
[   70.647833][ T5326] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000006
[   70.650606][ T5326] RBP: 00007fb965a01b08 R08: 0000000000000000 R09: 0000000000000000
[   70.653474][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   70.656351][ T5326] R13: 0000000000000000 R14: 00007fb965b75fa0 R15: 00007ffe4af27f18
[   70.659268][ T5326]  </TASK>
[   70.660712][ T5326] Kernel Offset: disabled
[   70.662411][ T5326] Rebooting in 86400 seconds..