program:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x64, r2, 0x1, 0x70bd28, 0x25dfdbf9, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x20, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}]]}, 0x64}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) (async)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
r5 = socket$nl_route(0x10, 0x3, 0x0) (async)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) (async)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8007}}, 0x20}}, 0x0)
r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
write$rfkill(r7, &(0x7f0000000340)={0x0, 0x3, 0x2, 0x0, 0x1}, 0x8) (async)
syz_emit_ethernet(0x52, &(0x7f0000000800)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x1c, 0x3a, 0xff, @empty, @mcast2, {[], @ndisc_ns={0x87, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [{0x1, 0x1, "3b229614357b"}]}}}}}}, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84) (async)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0xa0001, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f0000000180)={0xc, 0x0, <r9=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r8, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r9, 0x0, <r10=>0xffffffffffffffff})
r11 = socket$inet6_sctp(0xa, 0x5, 0x84)
r12 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r12, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r13=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_RTOINFO(r11, 0x84, 0x0, &(0x7f00000000c0)={r13, 0x4, 0x2, 0x5}, 0x10) (async)
getsockopt$inet_sctp_SCTP_RTOINFO(r7, 0x84, 0x0, &(0x7f0000000380)={r13, 0xb, 0x41, 0x606e110a}, &(0x7f00000003c0)=0x10)
ioctl$IOMMU_DESTROY$ioas(r8, 0x3b80, &(0x7f0000000040)={0x8, r9}) (async)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write(r10, &(0x7f0000000240)="4053e0da73009edda31cbf85113496e404da61", 0x13)
r14 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140), 0x801, 0x0)
write$rfkill(r14, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)

[   68.538542][ T5304] Bluetooth: hci0: command tx timeout
[   68.607142][ T5320] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   68.689894][ T5318] ------------[ cut here ]------------
[   68.692223][ T5318] syzkaller0: Failed check-sdata-in-driver check, flags: 0x0
[   68.699028][ T5318] WARNING: CPU: 0 PID: 5318 at net/mac80211/driver-ops.c:114 drv_remove_interface+0x35d/0x590
[   68.703055][ T5318] Modules linked in:
[   68.704543][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[   68.708911][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.713091][ T5318] RIP: 0010:drv_remove_interface+0x35d/0x590
[   68.715310][ T5318] Code: 00 48 85 c0 48 0f 44 d9 42 0f b6 44 2d 00 84 c0 0f 85 f3 00 00 00 41 8b 14 24 48 c7 c7 60 4d 27 8d 48 89 de e8 a4 46 2e f6 90 <0f> 0b 90 90 e9 e3 fd ff ff e8 c5 a2 6d f6 c6 05 cf e3 d1 04 01 90
[   68.722987][ T5318] RSP: 0018:ffffc9000d3a7608 EFLAGS: 00010246
[   68.725398][ T5318] RAX: 10b230be87db5e00 RBX: ffff888052b6c120 RCX: ffff888035daa440
[   68.728657][ T5318] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   68.731673][ T5318] RBP: 1ffff1100a56dae5 R08: ffffffff81602a82 R09: 1ffff11003f8519a
[   68.734509][ T5318] R10: dffffc0000000000 R11: ffffed1003f8519b R12: ffff888052b6d728
[   68.737950][ T5318] R13: dffffc0000000000 R14: ffff888043ea8e40 R15: ffff888052b6cd80
[   68.741006][ T5318] FS:  00007f8b819716c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   68.744415][ T5318] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.746952][ T5318] CR2: 0000555a9845eb40 CR3: 00000000338d0000 CR4: 0000000000352ef0
[   68.750370][ T5318] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.753314][ T5318] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.756255][ T5318] Call Trace:
[   68.757875][ T5318]  <TASK>
[   68.758951][ T5318]  ? __warn+0x165/0x4d0
[   68.760476][ T5318]  ? drv_remove_interface+0x35d/0x590
[   68.762381][ T5318]  ? report_bug+0x2b3/0x500
[   68.763971][ T5318]  ? drv_remove_interface+0x35d/0x590
[   68.765817][ T5318]  ? handle_bug+0x60/0x90
[   68.767478][ T5318]  ? exc_invalid_op+0x1a/0x50
[   68.769137][ T5318]  ? asm_exc_invalid_op+0x1a/0x20
[   68.770987][ T5318]  ? __warn_printk+0x292/0x360
[   68.772814][ T5318]  ? drv_remove_interface+0x35d/0x590
[   68.774849][ T5318]  ? drv_remove_interface+0x35c/0x590
[   68.776812][ T5318]  ieee80211_do_stop+0x1b66/0x2370
[   68.779415][ T5318]  ? __pfx_ieee80211_do_stop+0x10/0x10
[   68.782099][ T5318]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   68.784742][ T5318]  ? lockdep_hardirqs_on+0x99/0x150
[   68.787119][ T5318]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   68.790186][ T5318]  ? wiphy_work_cancel+0x1f0/0x3e0
[   68.792622][ T5318]  ieee80211_stop+0x436/0x4a0
[   68.794780][ T5318]  ? __pfx_ieee80211_stop+0x10/0x10
[   68.796916][ T5318]  __dev_close_many+0x219/0x300
[   68.798965][ T5318]  ? __pfx___dev_close_many+0x10/0x10
[   68.801006][ T5318]  ? __pfx___mutex_trylock_common+0x10/0x10
[   68.803253][ T5318]  dev_close_many+0x24e/0x4c0
[   68.805069][ T5318]  ? trace_contention_end+0x3c/0x120
[   68.807512][ T5318]  ? __mutex_lock+0x37f/0xee0
[   68.809509][ T5318]  ? __pfx_dev_close_many+0x10/0x10
[   68.811664][ T5318]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   68.813901][ T5318]  dev_close+0x1c0/0x2c0
[   68.815606][ T5318]  ? __pfx_dev_close+0x10/0x10
[   68.817548][ T5318]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   68.819935][ T5318]  cfg80211_shutdown_all_interfaces+0xbb/0x1d0
[   68.822230][ T5318]  cfg80211_rfkill_set_block+0x2d/0x50
[   68.824755][ T5318]  ? __pfx_cfg80211_rfkill_set_block+0x10/0x10
[   68.827119][ T5318]  rfkill_set_block+0x1f1/0x440
[   68.828943][ T5318]  rfkill_fop_write+0x5b8/0x790
[   68.830769][ T5318]  ? end_current_label_crit_section+0x151/0x180
[   68.833145][ T5318]  ? __pfx_rfkill_fop_write+0x10/0x10
[   68.835177][ T5318]  ? bpf_lsm_file_permission+0x9/0x10
[   68.837389][ T5318]  ? security_file_permission+0x74/0x280
[   68.839564][ T5318]  ? rw_verify_area+0x1c3/0x6f0
[   68.841401][ T5318]  ? __pfx_rfkill_fop_write+0x10/0x10
[   68.843458][ T5318]  vfs_write+0x2a3/0xd30
[   68.845115][ T5318]  ? __pfx_vfs_write+0x10/0x10
[   68.846949][ T5318]  ? __might_fault+0xaa/0x120
[   68.848960][ T5318]  ? __fget_files+0x2a/0x410
[   68.851118][ T5318]  ? __fget_files+0x395/0x410
[   68.853186][ T5318]  ? __fget_files+0x2a/0x410
[   68.854911][ T5318]  ksys_write+0x18f/0x2b0
[   68.856548][ T5318]  ? __pfx_ksys_write+0x10/0x10
[   68.858455][ T5318]  ? do_syscall_64+0x100/0x230
[   68.860133][ T5318]  ? do_syscall_64+0xb6/0x230
[   68.861757][ T5318]  do_syscall_64+0xf3/0x230
[   68.863352][ T5318]  ? clear_bhb_loop+0x35/0x90
[   68.864946][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.867361][ T5318] RIP: 0033:0x7f8b80b85d29
[   68.869062][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.876262][ T5318] RSP: 002b:00007f8b81971038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   68.879613][ T5318] RAX: ffffffffffffffda RBX: 00007f8b80d75fa0 RCX: 00007f8b80b85d29
[   68.882660][ T5318] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 000000000000000d
[   68.885606][ T5318] RBP: 00007f8b80c01b08 R08: 0000000000000000 R09: 0000000000000000
[   68.888644][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.891494][ T5318] R13: 0000000000000000 R14: 00007f8b80d75fa0 R15: 00007ffe0cee4fe8
[   68.894431][ T5318]  </TASK>
[   68.895561][ T5318] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   68.898193][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[   68.901798][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.905750][ T5318] Call Trace:
[   68.906949][ T5318]  <TASK>
[   68.908062][ T5318]  dump_stack_lvl+0x241/0x360
[   68.909958][ T5318]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.911846][ T5318]  ? __pfx__printk+0x10/0x10
[   68.913548][ T5318]  ? _printk+0xd5/0x120
[   68.915113][ T5318]  ? __init_begin+0x41000/0x41000
[   68.917046][ T5318]  ? vscnprintf+0x5d/0x90
[   68.918709][ T5318]  panic+0x349/0x880
[   68.920403][ T5318]  ? __warn+0x174/0x4d0
[   68.921880][ T5318]  ? __pfx_panic+0x10/0x10
[   68.923555][ T5318]  __warn+0x344/0x4d0
[   68.925057][ T5318]  ? drv_remove_interface+0x35d/0x590
[   68.927104][ T5318]  report_bug+0x2b3/0x500
[   68.928819][ T5318]  ? drv_remove_interface+0x35d/0x590
[   68.930754][ T5318]  handle_bug+0x60/0x90
[   68.932318][ T5318]  exc_invalid_op+0x1a/0x50
[   68.934051][ T5318]  asm_exc_invalid_op+0x1a/0x20
[   68.935913][ T5318] RIP: 0010:drv_remove_interface+0x35d/0x590
[   68.938171][ T5318] Code: 00 48 85 c0 48 0f 44 d9 42 0f b6 44 2d 00 84 c0 0f 85 f3 00 00 00 41 8b 14 24 48 c7 c7 60 4d 27 8d 48 89 de e8 a4 46 2e f6 90 <0f> 0b 90 90 e9 e3 fd ff ff e8 c5 a2 6d f6 c6 05 cf e3 d1 04 01 90
[   68.945392][ T5318] RSP: 0018:ffffc9000d3a7608 EFLAGS: 00010246
[   68.947625][ T5318] RAX: 10b230be87db5e00 RBX: ffff888052b6c120 RCX: ffff888035daa440
[   68.950536][ T5318] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   68.953486][ T5318] RBP: 1ffff1100a56dae5 R08: ffffffff81602a82 R09: 1ffff11003f8519a
[   68.956531][ T5318] R10: dffffc0000000000 R11: ffffed1003f8519b R12: ffff888052b6d728
[   68.959466][ T5318] R13: dffffc0000000000 R14: ffff888043ea8e40 R15: ffff888052b6cd80
[   68.962557][ T5318]  ? __warn_printk+0x292/0x360
[   68.964382][ T5318]  ? drv_remove_interface+0x35c/0x590
[   68.966381][ T5318]  ieee80211_do_stop+0x1b66/0x2370
[   68.968317][ T5318]  ? __pfx_ieee80211_do_stop+0x10/0x10
[   68.970320][ T5318]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   68.972581][ T5318]  ? lockdep_hardirqs_on+0x99/0x150
[   68.974576][ T5318]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   68.976920][ T5318]  ? wiphy_work_cancel+0x1f0/0x3e0
[   68.978924][ T5318]  ieee80211_stop+0x436/0x4a0
[   68.980785][ T5318]  ? __pfx_ieee80211_stop+0x10/0x10
[   68.982747][ T5318]  __dev_close_many+0x219/0x300
[   68.984628][ T5318]  ? __pfx___dev_close_many+0x10/0x10
[   68.986669][ T5318]  ? __pfx___mutex_trylock_common+0x10/0x10
[   68.988909][ T5318]  dev_close_many+0x24e/0x4c0
[   68.990754][ T5318]  ? trace_contention_end+0x3c/0x120
[   68.992824][ T5318]  ? __mutex_lock+0x37f/0xee0
[   68.994691][ T5318]  ? __pfx_dev_close_many+0x10/0x10
[   68.996765][ T5318]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   68.998991][ T5318]  dev_close+0x1c0/0x2c0
[   69.000616][ T5318]  ? __pfx_dev_close+0x10/0x10
[   69.002447][ T5318]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   69.004664][ T5318]  cfg80211_shutdown_all_interfaces+0xbb/0x1d0
[   69.006950][ T5318]  cfg80211_rfkill_set_block+0x2d/0x50
[   69.008923][ T5318]  ? __pfx_cfg80211_rfkill_set_block+0x10/0x10
[   69.011168][ T5318]  rfkill_set_block+0x1f1/0x440
[   69.012911][ T5318]  rfkill_fop_write+0x5b8/0x790
[   69.014797][ T5318]  ? end_current_label_crit_section+0x151/0x180
[   69.017179][ T5318]  ? __pfx_rfkill_fop_write+0x10/0x10
[   69.019154][ T5318]  ? bpf_lsm_file_permission+0x9/0x10
[   69.021149][ T5318]  ? security_file_permission+0x74/0x280
[   69.023265][ T5318]  ? rw_verify_area+0x1c3/0x6f0
[   69.025084][ T5318]  ? __pfx_rfkill_fop_write+0x10/0x10
[   69.027051][ T5318]  vfs_write+0x2a3/0xd30
[   69.028719][ T5318]  ? __pfx_vfs_write+0x10/0x10
[   69.030485][ T5318]  ? __might_fault+0xaa/0x120
[   69.032227][ T5318]  ? __fget_files+0x2a/0x410
[   69.033927][ T5318]  ? __fget_files+0x395/0x410
[   69.035664][ T5318]  ? __fget_files+0x2a/0x410
[   69.037443][ T5318]  ksys_write+0x18f/0x2b0
[   69.039147][ T5318]  ? __pfx_ksys_write+0x10/0x10
[   69.040797][ T5318]  ? do_syscall_64+0x100/0x230
[   69.042561][ T5318]  ? do_syscall_64+0xb6/0x230
[   69.044390][ T5318]  do_syscall_64+0xf3/0x230
[   69.046167][ T5318]  ? clear_bhb_loop+0x35/0x90
[   69.048000][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.050263][ T5318] RIP: 0033:0x7f8b80b85d29
[   69.052040][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.059372][ T5318] RSP: 002b:00007f8b81971038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   69.062719][ T5318] RAX: ffffffffffffffda RBX: 00007f8b80d75fa0 RCX: 00007f8b80b85d29
[   69.065695][ T5318] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 000000000000000d
[   69.068759][ T5318] RBP: 00007f8b80c01b08 R08: 0000000000000000 R09: 0000000000000000
[   69.071754][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.074783][ T5318] R13: 0000000000000000 R14: 00007f8b80d75fa0 R15: 00007ffe0cee4fe8
[   69.077842][ T5318]  </TASK>
[   69.079255][ T5318] Kernel Offset: disabled
[   69.080875][ T5318] Rebooting in 86400 seconds..