program:
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4055}, 0x0)
syz_usb_connect_ath9k(0x3, 0x0, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f0000000240)=@device_b, &(0x7f0000000000)=ANY=[@ANYBLOB="80000000080211000001080211000000aa09b799c0d70000000000000000000064000110000602020202020201010b"], 0xb5)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x28800)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newlink={0x40, 0x10, 0x401, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, 0x0, 0xd07, 0x1a001}, [@IFLA_IFNAME={0x14, 0x3, 'wlan1\x00'}, @IFLA_ADDRESS={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x5336ae46a3975501}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4010}, 0x0)

[   84.974081][ T4684] Bluetooth: hci0: command tx timeout
[   85.048983][ T5345] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   85.084180][ T5345] wlan1: No basic rates, using min rate instead
[   85.095747][ T5345] wlan1: authenticate with aa:09:b7:99:c0:d7 (local address=08:02:11:00:00:01)
[   85.099501][ T5345] wlan1: send auth to aa:09:b7:99:c0:d7 (try 1/3)
[   85.109399][   T31] wlan1: send auth to aa:09:b7:99:c0:d7 (try 2/3)
[   85.115523][   T31] wlan1: send auth to aa:09:b7:99:c0:d7 (try 3/3)
[   85.126985][   T31] wlan1: authentication with aa:09:b7:99:c0:d7 timed out
[   85.133900][   T31] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000029: 0000 [#1] SMP KASAN NOPTI
[   85.139259][   T31] KASAN: null-ptr-deref in range [0x0000000000000148-0x000000000000014f]
[   85.142710][   T31] CPU: 0 UID: 0 PID: 31 Comm: kworker/u4:2 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[   85.146898][   T31] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.151341][   T31] Workqueue: events_unbound cfg80211_wiphy_work
[   85.154215][   T31] RIP: 0010:kasan_byte_accessible+0x12/0x30
[   85.157089][   T31] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e
[   85.165584][   T31] RSP: 0018:ffffc90000527400 EFLAGS: 00010202
[   85.168173][   T31] RAX: dffffc0000000000 RBX: ffffffff8b713286 RCX: 2d92e5a69db96f00
[   85.171550][   T31] RDX: 0000000000000000 RSI: ffffffff8b713286 RDI: 0000000000000029
[   85.174874][   T31] RBP: ffffffff824067f0 R08: 0000000000000001 R09: 0000000000000000
[   85.178248][   T31] R10: dffffc0000000000 R11: ffffed10089a5018 R12: 0000000000000000
[   85.181895][   T31] R13: 0000000000000148 R14: 0000000000000148 R15: 0000000000000001
[   85.185525][   T31] FS:  0000000000000000(0000) GS:ffff88808d218000(0000) knlGS:0000000000000000
[   85.189227][   T31] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.191959][   T31] CR2: 00007f92d4186170 CR3: 0000000012211000 CR4: 0000000000352ef0
[   85.195445][   T31] Call Trace:
[   85.196962][   T31]  <TASK>
[   85.198292][   T31]  __kasan_check_byte+0x12/0x40
[   85.200483][   T31]  lock_acquire+0x8d/0x360
[   85.202445][   T31]  down_write+0x96/0x1f0
[   85.204406][   T31]  ? simple_recursive_removal+0x90/0x690
[   85.206794][   T31]  ? __pfx_down_write+0x10/0x10
[   85.208841][   T31]  ? do_raw_spin_unlock+0x4d/0x240
[   85.211039][   T31]  simple_recursive_removal+0x90/0x690
[   85.213224][   T31]  ? mntput+0x65/0xc0
[   85.215059][   T31]  ? __pfx_remove_one+0x10/0x10
[   85.217332][   T31]  debugfs_remove+0x5b/0x70
[   85.219559][   T31]  ieee80211_sta_debugfs_remove+0x40/0x70
[   85.222314][   T31]  __sta_info_destroy_part2+0x352/0x450
[   85.224688][   T31]  sta_info_destroy_addr+0xf5/0x140
[   85.226900][   T31]  ieee80211_destroy_auth_data+0x12d/0x260
[   85.229393][   T31]  ieee80211_sta_work+0x11cf/0x3600
[   85.231476][   T31]  ? __lock_acquire+0xab9/0xd20
[   85.233464][   T31]  ? do_raw_spin_lock+0x121/0x290
[   85.235648][   T31]  ? __lock_acquire+0xab9/0xd20
[   85.237756][   T31]  ? __pfx_ieee80211_sta_work+0x10/0x10
[   85.240687][   T31]  ? do_raw_spin_lock+0x121/0x290
[   85.243352][   T31]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   85.246216][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.248125][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   85.250565][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   85.253486][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   85.256018][   T31]  ? skb_dequeue+0x10e/0x150
[   85.258040][   T31]  ? ieee80211_iface_work+0xcdb/0xfe0
[   85.260654][   T31]  ? ieee80211_iface_work+0xeef/0xfe0
[   85.263124][   T31]  ? rcu_is_watching+0x15/0xb0
[   85.265362][   T31]  cfg80211_wiphy_work+0x2df/0x460
[   85.267792][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[   85.270114][   T31]  process_scheduled_works+0xae1/0x17b0
[   85.272427][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.275593][   T31]  worker_thread+0x8a0/0xda0
[   85.278703][   T31]  kthread+0x70e/0x8a0
[   85.281009][   T31]  ? __pfx_worker_thread+0x10/0x10
[   85.283754][   T31]  ? __pfx_kthread+0x10/0x10
[   85.285931][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.288217][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.290493][   T31]  ? __pfx_kthread+0x10/0x10
[   85.292769][   T31]  ret_from_fork+0x3fc/0x770
[   85.295419][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[   85.298192][   T31]  ? __pfx_kthread+0x10/0x10
[   85.300759][   T31]  ret_from_fork_asm+0x1a/0x30
[   85.303247][   T31]  </TASK>
[   85.304423][   T31] Modules linked in:
[   85.306357][   T31] ---[ end trace 0000000000000000 ]---
[   85.315892][   T31] RIP: 0010:kasan_byte_accessible+0x12/0x30
[   85.318652][   T31] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e
[   85.325733][   T31] RSP: 0018:ffffc90000527400 EFLAGS: 00010202
[   85.327928][   T31] RAX: dffffc0000000000 RBX: ffffffff8b713286 RCX: 2d92e5a69db96f00
[   85.331321][   T31] RDX: 0000000000000000 RSI: ffffffff8b713286 RDI: 0000000000000029
[   85.335689][   T31] RBP: ffffffff824067f0 R08: 0000000000000001 R09: 0000000000000000
[   85.339546][   T31] R10: dffffc0000000000 R11: ffffed10089a5018 R12: 0000000000000000
[   85.343982][   T31] R13: 0000000000000148 R14: 0000000000000148 R15: 0000000000000001
[   85.347567][   T31] FS:  0000000000000000(0000) GS:ffff88808d218000(0000) knlGS:0000000000000000
[   85.351264][   T31] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.354421][   T31] CR2: 00007f92d4186170 CR3: 0000000012211000 CR4: 0000000000352ef0
[   85.357736][   T31] Kernel panic - not syncing: Fatal exception
[   85.360340][   T31] Kernel Offset: disabled
[   85.362165][   T31] Rebooting in 86400 seconds..