program:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000540)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41000}, 0x94)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_REG(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000380)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)

[   74.648284][ T5296] Bluetooth: hci0: command tx timeout
[   74.716463][ T5317] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   74.727113][ T5317] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   74.742503][ T5317] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   74.752903][ T5295] ------------[ cut here ]------------
[   74.755020][ T5295] WARNING: CPU: 0 PID: 5295 at net/mac80211/mlme.c:1129 ieee80211_prep_channel+0x49d2/0x6130
[   74.759829][ T5295] Modules linked in:
[   74.761686][ T5295] CPU: 0 UID: 0 PID: 5295 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT(full) 
[   74.765746][ T5295] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.770174][ T5295] Workqueue: events cfg80211_conn_work
[   74.772595][ T5295] RIP: 0010:ieee80211_prep_channel+0x49d2/0x6130
[   74.775368][ T5295] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 65 e7 49 f7 48 83 3b 00 0f 84 96 04 00 00 e8 16 bf e2 f6 eb 3c e8 0f bf e2 f6 90 <0f> 0b 90 e9 26 01 00 00 e8 01 bf e2 f6 c6 05 d8 51 ab 04 01 48 c7
[   74.783459][ T5295] RSP: 0018:ffffc9000d18eb00 EFLAGS: 00010293
[   74.786050][ T5295] RAX: ffffffff8adce491 RBX: 0000000000000000 RCX: ffff888000de0000
[   74.789441][ T5295] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   74.792672][ T5295] RBP: ffffc9000d18eee0 R08: ffff888000de0000 R09: 000000000000000e
[   74.795847][ T5295] R10: 000000000000000d R11: 0000000000000000 R12: dffffc0000000000
[   74.799363][ T5295] R13: 1ffff1100a447501 R14: ffffc9000d18edb0 R15: ffff88805223a808
[   74.802802][ T5295] FS:  0000000000000000(0000) GS:ffff88808d306000(0000) knlGS:0000000000000000
[   74.806621][ T5295] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   74.809812][ T5295] CR2: 00007fa9fcfb8558 CR3: 000000004295d000 CR4: 0000000000352ef0
[   74.813307][ T5295] Call Trace:
[   74.815053][ T5295]  <TASK>
[   74.816475][ T5295]  ? ieee80211_prep_channel+0x20c/0x6130
[   74.819001][ T5295]  ? __pfx_get_page_from_freelist+0x10/0x10
[   74.821691][ T5295]  ? __pfx_ieee80211_prep_channel+0x10/0x10
[   74.824246][ T5295]  ? __lruvec_stat_mod_folio+0x6f/0x2e0
[   74.826434][ T5295]  ? ieee80211_prep_connection+0x545/0x13f0
[   74.828346][ T5295]  ieee80211_prep_connection+0xdd9/0x13f0
[   74.830552][ T5295]  ? ieee80211_prep_connection+0x545/0x13f0
[   74.832826][ T5295]  ieee80211_mgd_auth+0xee6/0x1770
[   74.834935][ T5295]  ? __lock_acquire+0xab9/0xd20
[   74.837644][ T5295]  ? lockdep_hardirqs_on+0x9c/0x150
[   74.839830][ T5295]  ? __pfx_ieee80211_mgd_auth+0x10/0x10
[   74.841870][ T5295]  ? rcu_is_watching+0x15/0xb0
[   74.843840][ T5295]  cfg80211_mlme_auth+0x62f/0x9c0
[   74.845929][ T5295]  cfg80211_conn_do_work+0x501/0xd10
[   74.848253][ T5295]  ? __pfx_cfg80211_conn_do_work+0x10/0x10
[   74.851151][ T5295]  ? __schedule+0x17ae/0x4cc0
[   74.853478][ T5295]  ? cfg80211_conn_work+0x298/0x460
[   74.855775][ T5295]  cfg80211_conn_work+0x2c0/0x460
[   74.857720][ T5295]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   74.860294][ T5295]  ? __pfx_cfg80211_conn_work+0x10/0x10
[   74.862440][ T5295]  ? stack_trace_save+0x9c/0xe0
[   74.864405][ T5295]  ? __pfx_stack_trace_save+0x10/0x10
[   74.866650][ T5295]  ? check_path+0x21/0x40
[   74.868365][ T5295]  ? lockdep_unlock+0x89/0x120
[   74.870516][ T5295]  ? validate_chain+0x897/0x2140
[   74.872614][ T5295]  ? __lock_acquire+0xab9/0xd20
[   74.874826][ T5295]  ? process_scheduled_works+0x9ef/0x17b0
[   74.877011][ T5295]  ? _raw_spin_unlock_irq+0x23/0x50
[   74.878828][ T5295]  ? process_scheduled_works+0x9ef/0x17b0
[   74.880904][ T5295]  ? process_scheduled_works+0x9ef/0x17b0
[   74.883120][ T5295]  process_scheduled_works+0xae1/0x17b0
[   74.885252][ T5295]  ? __pfx_process_scheduled_works+0x10/0x10
[   74.887669][ T5295]  worker_thread+0x8a0/0xda0
[   74.889786][ T5295]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   74.892204][ T5295]  ? __kthread_parkme+0x7b/0x200
[   74.894148][ T5295]  kthread+0x711/0x8a0
[   74.895553][ T5295]  ? __pfx_worker_thread+0x10/0x10
[   74.897554][ T5295]  ? __pfx_kthread+0x10/0x10
[   74.899512][ T5295]  ? _raw_spin_unlock_irq+0x23/0x50
[   74.901495][ T5295]  ? lockdep_hardirqs_on+0x9c/0x150
[   74.903557][ T5295]  ? __pfx_kthread+0x10/0x10
[   74.905539][ T5295]  ret_from_fork+0x4bc/0x870
[   74.907248][ T5295]  ? __pfx_ret_from_fork+0x10/0x10
[   74.908957][ T5295]  ? __pfx_kthread+0x10/0x10
[   74.911059][ T5295]  ret_from_fork_asm+0x1a/0x30
[   74.913139][ T5295]  </TASK>
[   74.914456][ T5295] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   74.917667][ T5295] CPU: 0 UID: 0 PID: 5295 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT(full) 
[   74.921417][ T5295] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.926103][ T5295] Workqueue: events cfg80211_conn_work
[   74.928517][ T5295] Call Trace:
[   74.929909][ T5295]  <TASK>
[   74.931318][ T5295]  dump_stack_lvl+0x99/0x250
[   74.933416][ T5295]  ? __asan_memcpy+0x40/0x70
[   74.935299][ T5295]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.937502][ T5295]  ? __pfx__printk+0x10/0x10
[   74.939496][ T5295]  vpanic+0x237/0x6d0
[   74.941175][ T5295]  ? __pfx_vpanic+0x10/0x10
[   74.943032][ T5295]  panic+0xb9/0xc0
[   74.944753][ T5295]  ? __pfx_panic+0x10/0x10
[   74.946536][ T5295]  __warn+0x31b/0x4b0
[   74.948366][ T5295]  ? ieee80211_prep_channel+0x49d2/0x6130
[   74.950828][ T5295]  ? ieee80211_prep_channel+0x49d2/0x6130
[   74.953457][ T5295]  report_bug+0x2be/0x4f0
[   74.955302][ T5295]  ? ieee80211_prep_channel+0x49d2/0x6130
[   74.957742][ T5295]  ? ieee80211_prep_channel+0x49d2/0x6130
[   74.960153][ T5295]  ? ieee80211_prep_channel+0x49d4/0x6130
[   74.962486][ T5295]  handle_bug+0x84/0x160
[   74.964320][ T5295]  exc_invalid_op+0x1a/0x50
[   74.966295][ T5295]  asm_exc_invalid_op+0x1a/0x20
[   74.968355][ T5295] RIP: 0010:ieee80211_prep_channel+0x49d2/0x6130
[   74.970987][ T5295] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 65 e7 49 f7 48 83 3b 00 0f 84 96 04 00 00 e8 16 bf e2 f6 eb 3c e8 0f bf e2 f6 90 <0f> 0b 90 e9 26 01 00 00 e8 01 bf e2 f6 c6 05 d8 51 ab 04 01 48 c7
[   74.978752][ T5295] RSP: 0018:ffffc9000d18eb00 EFLAGS: 00010293
[   74.981246][ T5295] RAX: ffffffff8adce491 RBX: 0000000000000000 RCX: ffff888000de0000
[   74.984538][ T5295] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   74.987743][ T5295] RBP: ffffc9000d18eee0 R08: ffff888000de0000 R09: 000000000000000e
[   74.990663][ T5295] R10: 000000000000000d R11: 0000000000000000 R12: dffffc0000000000
[   74.993900][ T5295] R13: 1ffff1100a447501 R14: ffffc9000d18edb0 R15: ffff88805223a808
[   74.997301][ T5295]  ? ieee80211_prep_channel+0x49d1/0x6130
[   74.999606][ T5295]  ? ieee80211_prep_channel+0x20c/0x6130
[   75.002129][ T5295]  ? __pfx_get_page_from_freelist+0x10/0x10
[   75.004686][ T5295]  ? __pfx_ieee80211_prep_channel+0x10/0x10
[   75.006832][ T5295]  ? __lruvec_stat_mod_folio+0x6f/0x2e0
[   75.009119][ T5295]  ? ieee80211_prep_connection+0x545/0x13f0
[   75.011339][ T5295]  ieee80211_prep_connection+0xdd9/0x13f0
[   75.013745][ T5295]  ? ieee80211_prep_connection+0x545/0x13f0
[   75.016341][ T5295]  ieee80211_mgd_auth+0xee6/0x1770
[   75.018602][ T5295]  ? __lock_acquire+0xab9/0xd20
[   75.020751][ T5295]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.023090][ T5295]  ? __pfx_ieee80211_mgd_auth+0x10/0x10
[   75.025444][ T5295]  ? rcu_is_watching+0x15/0xb0
[   75.027520][ T5295]  cfg80211_mlme_auth+0x62f/0x9c0
[   75.029639][ T5295]  cfg80211_conn_do_work+0x501/0xd10
[   75.031812][ T5295]  ? __pfx_cfg80211_conn_do_work+0x10/0x10
[   75.034253][ T5295]  ? __schedule+0x17ae/0x4cc0
[   75.036365][ T5295]  ? cfg80211_conn_work+0x298/0x460
[   75.038727][ T5295]  cfg80211_conn_work+0x2c0/0x460
[   75.040909][ T5295]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   75.043613][ T5295]  ? __pfx_cfg80211_conn_work+0x10/0x10
[   75.046074][ T5295]  ? stack_trace_save+0x9c/0xe0
[   75.048227][ T5295]  ? __pfx_stack_trace_save+0x10/0x10
[   75.050685][ T5295]  ? check_path+0x21/0x40
[   75.052559][ T5295]  ? lockdep_unlock+0x89/0x120
[   75.054681][ T5295]  ? validate_chain+0x897/0x2140
[   75.056751][ T5295]  ? __lock_acquire+0xab9/0xd20
[   75.058713][ T5295]  ? process_scheduled_works+0x9ef/0x17b0
[   75.060947][ T5295]  ? _raw_spin_unlock_irq+0x23/0x50
[   75.063030][ T5295]  ? process_scheduled_works+0x9ef/0x17b0
[   75.065447][ T5295]  ? process_scheduled_works+0x9ef/0x17b0
[   75.067800][ T5295]  process_scheduled_works+0xae1/0x17b0
[   75.070239][ T5295]  ? __pfx_process_scheduled_works+0x10/0x10
[   75.072692][ T5295]  worker_thread+0x8a0/0xda0
[   75.074324][ T5295]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.077055][ T5295]  ? __kthread_parkme+0x7b/0x200
[   75.079283][ T5295]  kthread+0x711/0x8a0
[   75.081072][ T5295]  ? __pfx_worker_thread+0x10/0x10
[   75.083352][ T5295]  ? __pfx_kthread+0x10/0x10
[   75.085202][ T5295]  ? _raw_spin_unlock_irq+0x23/0x50
[   75.087166][ T5295]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.089208][ T5295]  ? __pfx_kthread+0x10/0x10
[   75.091010][ T5295]  ret_from_fork+0x4bc/0x870
[   75.092868][ T5295]  ? __pfx_ret_from_fork+0x10/0x10
[   75.095146][ T5295]  ? __pfx_kthread+0x10/0x10
[   75.097127][ T5295]  ret_from_fork_asm+0x1a/0x30
[   75.099125][ T5295]  </TASK>
[   75.100851][ T5295] Kernel Offset: disabled
[   75.102797][ T5295] Rebooting in 86400 seconds..