program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000040)=@device_b, &(0x7f0000000280)=ANY=[@ANYBLOB="50000000080211000001ffffffffffff0802110000000000000000000000000064000100000602020202020201010b"], 0x48)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000001c0)={'bridge0\x00', <r7=>0x0})
setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r6, &(0x7f0000000100)="3f031c000302140006001e00890000004a1b7880610cc94500008100"/38, 0x26, 0x0, &(0x7f0000000540)={0xc9, 0x8100, r7, 0x1, 0x1}, 0x14)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f00000021c0)=ANY=[@ANYBLOB="b00000000802110000010802110000000802110000001000000002"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000080211000001080211000000080211000000200004a000000c0001"], 0x3c)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r9=>0x0})
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TDLS_MGMT(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010000000000000000005200000008000300", @ANYRES32=r9, @ANYBLOB="06004800000000000a00060008a911000000000005008800020000001b002a007e153d14000802110000000e00000001010000b20000000005008900000000007e0008a0998780a2540015f2042ae06d41080feff68228c93f394d08da186aadd9bae56f798ec8aa7e57fa7efbc8cfe725113dc056611f98d59806e6c9c1f0202b58bd81c32cbff3c9c3cd10922bff928c748cb1287ceaca5a66938c0bb916acc714e83088cc129c081a03a3f056d722"], 0x5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

[   68.865804][ T5304] Bluetooth: hci0: command tx timeout
[   68.945529][ T5319] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   68.974755][ T5316] wlan1: No basic rates, using min rate instead
[   68.978944][ T5316] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[   68.984580][ T5316] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[   69.003260][   T72] wlan1: authenticated
[   69.005176][ T5316] wlan1: associating to AP 08:02:11:00:00:00 with corrupt probe response
[   69.009015][ T5319] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   69.014105][   T72] wlan1: associate with 08:02:11:00:00:00 (try 1/3)
[   69.018871][   T72] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0xa004 status=0 aid=12)
[   69.024212][   T72] wlan1: No basic rates, using min rate instead
[   69.027173][   T72] wlan1: associated
[   69.029058][ T5319] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   69.036616][ T5319] ------------[ cut here ]------------
[   69.039051][ T5319] WARNING: CPU: 0 PID: 5319 at net/mac80211/tdls.c:611 ieee80211_tdls_build_mgmt_packet_data+0x2f07/0x3bd0
[   69.044276][ T5319] Modules linked in:
[   69.046053][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted 6.14.0-rc4-syzkaller-00248-g03d38806a902 #0
[   69.050049][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.053927][ T5319] RIP: 0010:ieee80211_tdls_build_mgmt_packet_data+0x2f07/0x3bd0
[   69.056644][ T5319] Code: 0f 0b 90 e9 75 f6 ff ff e8 e6 38 2d f6 90 0f 0b 90 e9 76 fe ff ff e8 d8 38 2d f6 90 0f 0b 90 e9 68 fe ff ff e8 ca 38 2d f6 90 <0f> 0b 90 e9 5a fe ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 32
[   69.063483][ T5319] RSP: 0018:ffffc9000d22f0c0 EFLAGS: 00010287
[   69.066067][ T5319] RAX: ffffffff8b948656 RBX: ffff888040870d80 RCX: 0000000000100000
[   69.070670][ T5319] RDX: ffffc9000edca000 RSI: 0000000000000310 RDI: 0000000000000311
[   69.073763][ T5319] RBP: ffffc9000d22f260 R08: ffffffff903cf077 R09: 1ffffffff2079e0e
[   69.076616][ T5319] R10: dffffc0000000000 R11: fffffbfff2079e0f R12: ffff8880432b5dc0
[   69.079554][ T5319] R13: dffffc0000000000 R14: ffff888040328e40 R15: 0000000000000000
[   69.082968][ T5319] FS:  00007fbdff2066c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   69.086790][ T5319] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.089488][ T5319] CR2: 00004000000021c0 CR3: 00000000406a2000 CR4: 0000000000352ef0
[   69.092631][ T5319] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   69.095655][ T5319] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   69.098883][ T5319] Call Trace:
[   69.100515][ T5319]  <TASK>
[   69.102153][ T5319]  ? __warn+0x165/0x4d0
[   69.104574][ T5319]  ? ieee80211_tdls_build_mgmt_packet_data+0x2f07/0x3bd0
[   69.107775][ T5319]  ? report_bug+0x2b3/0x500
[   69.109561][ T5319]  ? ieee80211_tdls_build_mgmt_packet_data+0x2f07/0x3bd0
[   69.112536][ T5319]  ? handle_bug+0x60/0x90
[   69.114215][ T5319]  ? exc_invalid_op+0x1a/0x50
[   69.115854][ T5319]  ? asm_exc_invalid_op+0x1a/0x20
[   69.117728][ T5319]  ? ieee80211_tdls_build_mgmt_packet_data+0x2f06/0x3bd0
[   69.120207][ T5319]  ? ieee80211_tdls_build_mgmt_packet_data+0x2f07/0x3bd0
[   69.123531][ T5319]  ? ieee80211_tdls_build_mgmt_packet_data+0xe8/0x3bd0
[   69.127199][ T5319]  ? __pfx_ieee80211_tdls_build_mgmt_packet_data+0x10/0x10
[   69.130338][ T5319]  ? __pfx_lock_release+0x10/0x10
[   69.132388][ T5319]  ? ieee80211_tdls_prep_mgmt_packet+0x3b/0x860
[   69.134810][ T5319]  ? __pfx_lock_release+0x10/0x10
[   69.136756][ T5319]  ? sta_info_get+0x50/0x2b0
[   69.138662][ T5319]  ? ieee80211_tdls_prep_mgmt_packet+0x3b/0x860
[   69.141176][ T5319]  ieee80211_tdls_prep_mgmt_packet+0x3b6/0x860
[   69.143807][ T5319]  ? ieee80211_tdls_prep_mgmt_packet+0x3b/0x860
[   69.146436][ T5319]  ieee80211_tdls_mgmt+0x8cf/0x10a0
[   69.148659][ T5319]  nl80211_tdls_mgmt+0x4d8/0x770
[   69.150618][ T5319]  genl_rcv_msg+0xb1f/0xec0
[   69.152790][ T5319]  ? __pfx_genl_rcv_msg+0x10/0x10
[   69.154919][ T5319]  ? __pfx_lock_acquire+0x10/0x10
[   69.156579][ T5319]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   69.158638][ T5319]  ? __pfx_nl80211_tdls_mgmt+0x10/0x10
[   69.160834][ T5319]  ? __pfx_nl80211_post_doit+0x10/0x10
[   69.163482][ T5319]  ? __pfx___might_resched+0x10/0x10
[   69.166004][ T5319]  netlink_rcv_skb+0x206/0x480
[   69.168495][ T5319]  ? __pfx_genl_rcv_msg+0x10/0x10
[   69.170571][ T5319]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   69.172710][ T5319]  ? __netlink_deliver_tap+0x7b0/0x7f0
[   69.174897][ T5319]  genl_rcv+0x28/0x40
[   69.176367][ T5319]  netlink_unicast+0x7f6/0x990
[   69.178563][ T5319]  ? __pfx_netlink_unicast+0x10/0x10
[   69.181780][ T5319]  ? __virt_addr_valid+0x45f/0x530
[   69.185074][ T5319]  ? __phys_addr_symbol+0x2f/0x70
[   69.187347][ T5319]  ? __check_object_size+0x47a/0x730
[   69.189370][ T5319]  netlink_sendmsg+0x8de/0xcb0
[   69.191160][ T5319]  ? __pfx_netlink_sendmsg+0x10/0x10
[   69.193504][ T5319]  ? aa_sock_msg_perm+0x91/0x160
[   69.195526][ T5319]  ? __pfx_netlink_sendmsg+0x10/0x10
[   69.197518][ T5319]  __sock_sendmsg+0x221/0x270
[   69.199458][ T5319]  ____sys_sendmsg+0x53a/0x860
[   69.201559][ T5319]  ? __pfx_____sys_sendmsg+0x10/0x10
[   69.204260][ T5319]  ? __fget_files+0x2a/0x410
[   69.206489][ T5319]  ? __fget_files+0x2a/0x410
[   69.208434][ T5319]  __sys_sendmsg+0x269/0x350
[   69.210424][ T5319]  ? __pfx___sys_sendmsg+0x10/0x10
[   69.212508][ T5319]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.214826][ T5319]  ? do_syscall_64+0x100/0x230
[   69.216684][ T5319]  ? do_syscall_64+0xb6/0x230
[   69.218589][ T5319]  do_syscall_64+0xf3/0x230
[   69.220647][ T5319]  ? clear_bhb_loop+0x35/0x90
[   69.223133][ T5319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.225717][ T5319] RIP: 0033:0x7fbdfe38d169
[   69.227527][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.235050][ T5319] RSP: 002b:00007fbdff206038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   69.238846][ T5319] RAX: ffffffffffffffda RBX: 00007fbdfe5a5fa0 RCX: 00007fbdfe38d169
[   69.243474][ T5319] RDX: 0000000000000000 RSI: 0000400000000000 RDI: 0000000000000006
[   69.246926][ T5319] RBP: 00007fbdfe40e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.250067][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.253244][ T5319] R13: 0000000000000000 R14: 00007fbdfe5a5fa0 R15: 00007ffe1561b708
[   69.256651][ T5319]  </TASK>
[   69.258353][ T5319] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   69.262197][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted 6.14.0-rc4-syzkaller-00248-g03d38806a902 #0
[   69.265994][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.270228][ T5319] Call Trace:
[   69.271540][ T5319]  <TASK>
[   69.272659][ T5319]  dump_stack_lvl+0x241/0x360
[   69.274412][ T5319]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.276392][ T5319]  ? __pfx__printk+0x10/0x10
[   69.278291][ T5319]  ? _printk+0xd5/0x120
[   69.280086][ T5319]  ? __init_begin+0x41000/0x41000
[   69.282192][ T5319]  ? vscnprintf+0x5d/0x90
[   69.283997][ T5319]  panic+0x349/0x880
[   69.285619][ T5319]  ? __warn+0x174/0x4d0
[   69.287317][ T5319]  ? __pfx_panic+0x10/0x10
[   69.289035][ T5319]  __warn+0x344/0x4d0
[   69.290532][ T5319]  ? ieee80211_tdls_build_mgmt_packet_data+0x2f07/0x3bd0
[   69.293224][ T5319]  report_bug+0x2b3/0x500
[   69.295287][ T5319]  ? ieee80211_tdls_build_mgmt_packet_data+0x2f07/0x3bd0
[   69.298629][ T5319]  handle_bug+0x60/0x90
[   69.300412][ T5319]  exc_invalid_op+0x1a/0x50
[   69.302281][ T5319]  asm_exc_invalid_op+0x1a/0x20
[   69.304142][ T5319] RIP: 0010:ieee80211_tdls_build_mgmt_packet_data+0x2f07/0x3bd0
[   69.306853][ T5319] Code: 0f 0b 90 e9 75 f6 ff ff e8 e6 38 2d f6 90 0f 0b 90 e9 76 fe ff ff e8 d8 38 2d f6 90 0f 0b 90 e9 68 fe ff ff e8 ca 38 2d f6 90 <0f> 0b 90 e9 5a fe ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 32
[   69.314770][ T5319] RSP: 0018:ffffc9000d22f0c0 EFLAGS: 00010287
[   69.317674][ T5319] RAX: ffffffff8b948656 RBX: ffff888040870d80 RCX: 0000000000100000
[   69.320613][ T5319] RDX: ffffc9000edca000 RSI: 0000000000000310 RDI: 0000000000000311
[   69.323541][ T5319] RBP: ffffc9000d22f260 R08: ffffffff903cf077 R09: 1ffffffff2079e0e
[   69.326354][ T5319] R10: dffffc0000000000 R11: fffffbfff2079e0f R12: ffff8880432b5dc0
[   69.329587][ T5319] R13: dffffc0000000000 R14: ffff888040328e40 R15: 0000000000000000
[   69.332654][ T5319]  ? ieee80211_tdls_build_mgmt_packet_data+0x2f06/0x3bd0
[   69.336073][ T5319]  ? ieee80211_tdls_build_mgmt_packet_data+0xe8/0x3bd0
[   69.339540][ T5319]  ? __pfx_ieee80211_tdls_build_mgmt_packet_data+0x10/0x10
[   69.342292][ T5319]  ? __pfx_lock_release+0x10/0x10
[   69.344224][ T5319]  ? ieee80211_tdls_prep_mgmt_packet+0x3b/0x860
[   69.346677][ T5319]  ? __pfx_lock_release+0x10/0x10
[   69.348603][ T5319]  ? sta_info_get+0x50/0x2b0
[   69.350368][ T5319]  ? ieee80211_tdls_prep_mgmt_packet+0x3b/0x860
[   69.352594][ T5319]  ieee80211_tdls_prep_mgmt_packet+0x3b6/0x860
[   69.355312][ T5319]  ? ieee80211_tdls_prep_mgmt_packet+0x3b/0x860
[   69.358557][ T5319]  ieee80211_tdls_mgmt+0x8cf/0x10a0
[   69.361598][ T5319]  nl80211_tdls_mgmt+0x4d8/0x770
[   69.363840][ T5319]  genl_rcv_msg+0xb1f/0xec0
[   69.365383][ T5319]  ? __pfx_genl_rcv_msg+0x10/0x10
[   69.367290][ T5319]  ? __pfx_lock_acquire+0x10/0x10
[   69.369166][ T5319]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   69.371184][ T5319]  ? __pfx_nl80211_tdls_mgmt+0x10/0x10
[   69.373145][ T5319]  ? __pfx_nl80211_post_doit+0x10/0x10
[   69.375164][ T5319]  ? __pfx___might_resched+0x10/0x10
[   69.377168][ T5319]  netlink_rcv_skb+0x206/0x480
[   69.379089][ T5319]  ? __pfx_genl_rcv_msg+0x10/0x10
[   69.381545][ T5319]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   69.384384][ T5319]  ? __netlink_deliver_tap+0x7b0/0x7f0
[   69.386846][ T5319]  genl_rcv+0x28/0x40
[   69.388728][ T5319]  netlink_unicast+0x7f6/0x990
[   69.390663][ T5319]  ? __pfx_netlink_unicast+0x10/0x10
[   69.392735][ T5319]  ? __virt_addr_valid+0x45f/0x530
[   69.394934][ T5319]  ? __phys_addr_symbol+0x2f/0x70
[   69.396942][ T5319]  ? __check_object_size+0x47a/0x730
[   69.399025][ T5319]  netlink_sendmsg+0x8de/0xcb0
[   69.400895][ T5319]  ? __pfx_netlink_sendmsg+0x10/0x10
[   69.403137][ T5319]  ? aa_sock_msg_perm+0x91/0x160
[   69.405068][ T5319]  ? __pfx_netlink_sendmsg+0x10/0x10
[   69.407063][ T5319]  __sock_sendmsg+0x221/0x270
[   69.409071][ T5319]  ____sys_sendmsg+0x53a/0x860
[   69.411012][ T5319]  ? __pfx_____sys_sendmsg+0x10/0x10
[   69.412978][ T5319]  ? __fget_files+0x2a/0x410
[   69.414757][ T5319]  ? __fget_files+0x2a/0x410
[   69.416923][ T5319]  __sys_sendmsg+0x269/0x350
[   69.419140][ T5319]  ? __pfx___sys_sendmsg+0x10/0x10
[   69.421761][ T5319]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.424558][ T5319]  ? do_syscall_64+0x100/0x230
[   69.426387][ T5319]  ? do_syscall_64+0xb6/0x230
[   69.428331][ T5319]  do_syscall_64+0xf3/0x230
[   69.430177][ T5319]  ? clear_bhb_loop+0x35/0x90
[   69.432015][ T5319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.434228][ T5319] RIP: 0033:0x7fbdfe38d169
[   69.435966][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.444842][ T5319] RSP: 002b:00007fbdff206038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   69.448554][ T5319] RAX: ffffffffffffffda RBX: 00007fbdfe5a5fa0 RCX: 00007fbdfe38d169
[   69.451798][ T5319] RDX: 0000000000000000 RSI: 0000400000000000 RDI: 0000000000000006
[   69.454822][ T5319] RBP: 00007fbdfe40e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.458036][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.461097][ T5319] R13: 0000000000000000 R14: 00007fbdfe5a5fa0 R15: 00007ffe1561b708
[   69.464342][ T5319]  </TASK>
[   69.466001][ T5319] Kernel Offset: disabled
[   69.468437][ T5319] Rebooting in 86400 seconds..