program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r1=>0x0})
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0xb, 0x0, 0x0, 0x10, 0x0, 0x70bd25, 0x25dfdbff, [@sadb_x_kmaddress={0x7, 0x19, 0x0, @in6={0xa, 0x4e23, 0x5, @loopback}, @in={0x2, 0x4e21, @private=0xa010101}}, @sadb_x_kmaddress={0x7, 0x19, 0x0, @in={0x2, 0x4e24, @multicast2}, @in6={0xa, 0x4e23, 0xfffffff8, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3}}]}, 0x80}}, 0x40)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_queued\x00', 0x0, 0x0)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), r0)
sendmsg$IPVS_CMD_GET_DEST(r4, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0x24, r5, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xe4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x10}]}, 0x24}, 0x1, 0x0, 0x0, 0x14}, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r7, @ANYBLOB="080005000b0000003b8cd0cef12f7d69d72b197ecf0d23245a08658cabbcb9060280254d8beb7422360a324d0112a157098d288095d3e6074ef0da8b35667ac251c1f906eed9a9604f0f3a68d8072507334011d6f5ca1b14bbaf0c269e408c2f8c6e05849fe57630ae75f207000000f58c4b7e51ba41816ea84ff11d59d8ff33155452f5bf7af17baadc509387c37a42fc9b0870d603ea87bcff9a1de1e1a38cbc95c37a3c9778e1cc44b180d4d53b52e341ed16a5eabf1012bbedd95e87c22579697f5962786d078c95154ede25481b3aec386a916f7f83eaa811249f75496313c494b902d11ee96a77d4ac219f01e080796cd962643a51d0f5e4ed4113eb5b13c08bf442afb50064845baeb29b8712627283882369"], 0x24}, 0x1, 0x0, 0x0, 0x400c000}, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)={0x24, r6, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x971}]}, 0x24}, 0x1, 0x0, 0x0, 0x24004015}, 0x448d0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x0, 0x6, 0xa, 0x1}]})
syz_80211_inject_frame(&(0x7f0000000280)=@device_b, &(0x7f0000000700)=ANY=[@ANYBLOB="88a80900070211000000ffffffffffffffffffffffff0c00870516808c81"], 0x1e)

[   86.479372][ T5310] Bluetooth: hci0: command tx timeout
[   86.561410][ T1040] ------------[ cut here ]------------
[   86.563882][ T1040] WARNING: CPU: 0 PID: 1040 at net/mac80211/sta_info.c:749 sta_info_insert_rcu+0x32e/0x1940
[   86.568534][ T1040] Modules linked in:
[   86.570419][ T1040] CPU: 0 UID: 0 PID: 1040 Comm: kworker/u4:8 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) 
[   86.575573][ T1040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.581132][ T1040] Workqueue: events_unbound cfg80211_wiphy_work
[   86.584363][ T1040] RIP: 0010:sta_info_insert_rcu+0x32e/0x1940
[   86.586954][ T1040] Code: 00 00 00 e8 d4 15 d1 f6 84 c0 49 bc 00 00 00 00 00 fc ff df 0f 84 bd 00 00 00 e8 bd 4e ea f6 e9 16 01 00 00 e8 b3 4e ea f6 90 <0f> 0b 90 41 be ea ff ff ff 4c 8b 3c 24 4c 89 fe e8 bd c9 ff ff e8
[   86.595102][ T1040] RSP: 0018:ffffc900025b7888 EFLAGS: 00010293
[   86.597738][ T1040] RAX: ffffffff8ad60d8d RBX: 000000000000ffff RCX: ffff888035542440
[   86.601312][ T1040] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   86.604955][ T1040] RBP: 00000000ffeeffff R08: ffff888052b25737 R09: 1ffff1100a564ae6
[   86.608478][ T1040] R10: dffffc0000000000 R11: ffffed100a564ae7 R12: 00000000ffffffff
[   86.612037][ T1040] R13: dffffc0000000000 R14: ffff888052b24d80 R15: 0000000000000001
[   86.615480][ T1040] FS:  0000000000000000(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000
[   86.619556][ T1040] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.622372][ T1040] CR2: 00007feeaef84170 CR3: 0000000042ca7000 CR4: 0000000000352ef0
[   86.625836][ T1040] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   86.629469][ T1040] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   86.632883][ T1040] Call Trace:
[   86.634383][ T1040]  <TASK>
[   86.635739][ T1040]  ? rate_control_rate_init+0x163/0x6e0
[   86.638314][ T1040]  ? rate_control_rate_init+0x163/0x6e0
[   86.640721][ T1040]  ieee80211_ocb_work+0x31f/0x580
[   86.642929][ T1040]  ? __pfx_ieee80211_ocb_work+0x10/0x10
[   86.645328][ T1040]  ? ieee80211_iface_work+0xf14/0xfe0
[   86.648114][ T1040]  ? rcu_is_watching+0x15/0xb0
[   86.650414][ T1040]  cfg80211_wiphy_work+0x2df/0x460
[   86.653139][ T1040]  ? process_scheduled_works+0x9ef/0x17b0
[   86.655905][ T1040]  process_scheduled_works+0xae1/0x17b0
[   86.658605][ T1040]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.661477][ T1040]  worker_thread+0x8a0/0xda0
[   86.663520][ T1040]  kthread+0x70e/0x8a0
[   86.665345][ T1040]  ? __pfx_worker_thread+0x10/0x10
[   86.667667][ T1040]  ? __pfx_kthread+0x10/0x10
[   86.669755][ T1040]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.672064][ T1040]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.673955][ T1040]  ? __pfx_kthread+0x10/0x10
[   86.675720][ T1040]  ret_from_fork+0x3f9/0x770
[   86.677718][ T1040]  ? __pfx_ret_from_fork+0x10/0x10
[   86.679856][ T1040]  ? __pfx_kthread+0x10/0x10
[   86.681650][ T1040]  ret_from_fork_asm+0x1a/0x30
[   86.683861][ T1040]  </TASK>
[   86.685043][ T1040] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   86.687964][ T1040] CPU: 0 UID: 0 PID: 1040 Comm: kworker/u4:8 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) 
[   86.692932][ T1040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.697696][ T1040] Workqueue: events_unbound cfg80211_wiphy_work
[   86.700605][ T1040] Call Trace:
[   86.702089][ T1040]  <TASK>
[   86.703392][ T1040]  dump_stack_lvl+0x99/0x250
[   86.705446][ T1040]  ? __asan_memcpy+0x40/0x70
[   86.707573][ T1040]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.709909][ T1040]  ? __pfx__printk+0x10/0x10
[   86.711928][ T1040]  panic+0x2db/0x790
[   86.713674][ T1040]  ? __pfx_panic+0x10/0x10
[   86.715635][ T1040]  ? show_trace_log_lvl+0x4fb/0x550
[   86.718019][ T1040]  ? ret_from_fork_asm+0x1a/0x30
[   86.720127][ T1040]  __warn+0x31b/0x4b0
[   86.721889][ T1040]  ? sta_info_insert_rcu+0x32e/0x1940
[   86.724113][ T1040]  ? sta_info_insert_rcu+0x32e/0x1940
[   86.726429][ T1040]  report_bug+0x2be/0x4f0
[   86.728285][ T1040]  ? sta_info_insert_rcu+0x32e/0x1940
[   86.731015][ T1040]  ? sta_info_insert_rcu+0x32e/0x1940
[   86.733412][ T1040]  ? sta_info_insert_rcu+0x330/0x1940
[   86.735678][ T1040]  handle_bug+0x84/0x160
[   86.737631][ T1040]  exc_invalid_op+0x1a/0x50
[   86.739580][ T1040]  asm_exc_invalid_op+0x1a/0x20
[   86.741692][ T1040] RIP: 0010:sta_info_insert_rcu+0x32e/0x1940
[   86.744267][ T1040] Code: 00 00 00 e8 d4 15 d1 f6 84 c0 49 bc 00 00 00 00 00 fc ff df 0f 84 bd 00 00 00 e8 bd 4e ea f6 e9 16 01 00 00 e8 b3 4e ea f6 90 <0f> 0b 90 41 be ea ff ff ff 4c 8b 3c 24 4c 89 fe e8 bd c9 ff ff e8
[   86.752131][ T1040] RSP: 0018:ffffc900025b7888 EFLAGS: 00010293
[   86.754719][ T1040] RAX: ffffffff8ad60d8d RBX: 000000000000ffff RCX: ffff888035542440
[   86.758137][ T1040] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   86.761647][ T1040] RBP: 00000000ffeeffff R08: ffff888052b25737 R09: 1ffff1100a564ae6
[   86.764869][ T1040] R10: dffffc0000000000 R11: ffffed100a564ae7 R12: 00000000ffffffff
[   86.768053][ T1040] R13: dffffc0000000000 R14: ffff888052b24d80 R15: 0000000000000001
[   86.771309][ T1040]  ? sta_info_insert_rcu+0x32d/0x1940
[   86.773730][ T1040]  ? sta_info_insert_rcu+0x32d/0x1940
[   86.776176][ T1040]  ? rate_control_rate_init+0x163/0x6e0
[   86.778600][ T1040]  ? rate_control_rate_init+0x163/0x6e0
[   86.781034][ T1040]  ieee80211_ocb_work+0x31f/0x580
[   86.783333][ T1040]  ? __pfx_ieee80211_ocb_work+0x10/0x10
[   86.785767][ T1040]  ? ieee80211_iface_work+0xf14/0xfe0
[   86.788236][ T1040]  ? rcu_is_watching+0x15/0xb0
[   86.790387][ T1040]  cfg80211_wiphy_work+0x2df/0x460
[   86.792608][ T1040]  ? process_scheduled_works+0x9ef/0x17b0
[   86.795015][ T1040]  process_scheduled_works+0xae1/0x17b0
[   86.797468][ T1040]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.800179][ T1040]  worker_thread+0x8a0/0xda0
[   86.802185][ T1040]  kthread+0x70e/0x8a0
[   86.803961][ T1040]  ? __pfx_worker_thread+0x10/0x10
[   86.806089][ T1040]  ? __pfx_kthread+0x10/0x10
[   86.808048][ T1040]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.810278][ T1040]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.812448][ T1040]  ? __pfx_kthread+0x10/0x10
[   86.814451][ T1040]  ret_from_fork+0x3f9/0x770
[   86.816396][ T1040]  ? __pfx_ret_from_fork+0x10/0x10
[   86.818602][ T1040]  ? __pfx_kthread+0x10/0x10
[   86.820611][ T1040]  ret_from_fork_asm+0x1a/0x30
[   86.822794][ T1040]  </TASK>
[   86.824502][ T1040] Kernel Offset: disabled
[   86.826283][ T1040] Rebooting in 86400 seconds..