program:
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000000000096005a16"])
syz_80211_inject_frame(&(0x7f0000000240)=@device_b, &(0x7f0000000000)=ANY=[@ANYBLOB="80000000080211000001080211000000aa09b799c0d70000000000000000000064000110000602020202020201010b"], 0xb5)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_REG(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)={0x28, r4, 0x5, 0xffffffff, 0x2, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r2, @ANYBLOB="0a9459382cf9039e38003400"], 0x28}}, 0x0)

[   69.091813][ T5308] Bluetooth: hci0: command tx timeout
[   69.121376][ T5323] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   69.166184][ T5323] wlan1: No basic rates, using min rate instead
[   69.171046][ T5323] ------------[ cut here ]------------
[   69.173183][ T5323] WARNING: CPU: 0 PID: 5323 at net/mac80211/mlme.c:1124 ieee80211_prep_channel+0x4e32/0x66e0
[   69.179348][ T5323] Modules linked in:
[   69.181037][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) 
[   69.185749][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.190092][ T5323] RIP: 0010:ieee80211_prep_channel+0x4e32/0x66e0
[   69.192459][ T5323] Code: c6 05 32 65 92 04 01 48 c7 c7 37 37 6d 8d be e8 03 00 00 48 c7 c2 a0 38 6d 8d e8 59 cf e7 f5 e9 03 b5 ff ff e8 cf 07 0c f6 90 <0f> 0b 90 48 8b 7c 24 28 e8 21 8d 6a f6 48 c7 44 24 28 ea ff ff ff
[   69.200278][ T5323] RSP: 0018:ffffc9000d6ae440 EFLAGS: 00010287
[   69.202571][ T5323] RAX: ffffffff8bb75da1 RBX: 0000000000000000 RCX: 0000000000100000
[   69.205625][ T5323] RDX: ffffc9000e2e2000 RSI: 0000000000000b2d RDI: 0000000000000b2e
[   69.208954][ T5323] RBP: ffffc9000d6ae850 R08: ffffffff8bb71de7 R09: ffffffff8b858c0c
[   69.212147][ T5323] R10: 000000000000000e R11: ffff8880003a0000 R12: dffffc0000000000
[   69.215407][ T5323] R13: ffff888040fda758 R14: ffffc9000d6ae710 R15: ffffc9000d6ae750
[   69.218701][ T5323] FS:  00007f6cc69286c0(0000) GS:ffff88808c596000(0000) knlGS:0000000000000000
[   69.222479][ T5323] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.224904][ T5323] CR2: 00007f6cc5d9e940 CR3: 0000000044094000 CR4: 0000000000352ef0
[   69.227800][ T5323] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   69.230392][ T5323] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   69.233697][ T5323] Call Trace:
[   69.235121][ T5323]  <TASK>
[   69.236429][ T5323]  ? __pfx_preempt_schedule+0x10/0x10
[   69.238796][ T5323]  ? ieee80211_prep_channel+0x223/0x66e0
[   69.241023][ T5323]  ? preempt_schedule_thunk+0x16/0x30
[   69.243128][ T5323]  ? __pfx_ieee80211_prep_channel+0x10/0x10
[   69.245364][ T5323]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[   69.248202][ T5323]  ? rcu_is_watching+0x15/0xb0
[   69.250207][ T5323]  ? __pfx_ieee80211_mgd_setup_link_sta+0x10/0x10
[   69.252598][ T5323]  ieee80211_prep_connection+0xda7/0x1310
[   69.255000][ T5323]  ieee80211_mgd_auth+0xf04/0x1770
[   69.256935][ T5323]  ? __lock_acquire+0xad5/0xd80
[   69.258887][ T5323]  ? __pfx_ieee80211_mgd_auth+0x10/0x10
[   69.261051][ T5323]  cfg80211_mlme_auth+0x59f/0x970
[   69.263044][ T5323]  cfg80211_conn_do_work+0x637/0xed0
[   69.265192][ T5323]  ? __pfx_cfg80211_conn_do_work+0x10/0x10
[   69.267597][ T5323]  ? _raw_spin_unlock_irqrestore+0x90/0x140
[   69.269965][ T5323]  ? lockdep_hardirqs_on+0x9d/0x150
[   69.271935][ T5323]  ? rcu_is_watching+0x15/0xb0
[   69.273535][ T5323]  ? trace_cfg80211_return_bss+0x87/0x210
[   69.275442][ T5323]  ? __cfg80211_get_bss+0x613/0x7d0
[   69.277363][ T5323]  ? cfg80211_connect+0x16cc/0x20e0
[   69.279575][ T5323]  cfg80211_connect+0x1758/0x20e0
[   69.281656][ T5323]  ? __lock_acquire+0xad5/0xd80
[   69.283553][ T5323]  ? reacquire_held_locks+0x12a/0x1e0
[   69.285690][ T5323]  ? __pfx_cfg80211_connect+0x10/0x10
[   69.287912][ T5323]  ? __asan_memset+0x23/0x50
[   69.290195][ T5323]  ? nl80211_crypto_settings+0xb6d/0xf10
[   69.292194][ T5323]  nl80211_connect+0x1d57/0x24b0
[   69.294007][ T5323]  ? __pfx_nl80211_connect+0x10/0x10
[   69.296023][ T5323]  ? trace_contention_end+0x3c/0x120
[   69.298197][ T5323]  genl_rcv_msg+0xb38/0xf00
[   69.299920][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   69.302221][ T5323]  ? __dev_queue_xmit+0x1780/0x3f60
[   69.304638][ T5323]  ? kasan_save_track+0x3f/0x80
[   69.306541][ T5323]  ? __kasan_slab_alloc+0x66/0x80
[   69.308763][ T5323]  ? do_syscall_64+0xf3/0x230
[   69.310773][ T5323]  ? __lock_acquire+0xad5/0xd80
[   69.312871][ T5323]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   69.315039][ T5323]  ? __pfx_nl80211_connect+0x10/0x10
[   69.317301][ T5323]  ? __pfx_nl80211_post_doit+0x10/0x10
[   69.319565][ T5323]  netlink_rcv_skb+0x208/0x480
[   69.321474][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   69.323576][ T5323]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   69.325890][ T5323]  ? netlink_deliver_tap+0x2e/0x1b0
[   69.327818][ T5323]  genl_rcv+0x28/0x40
[   69.329429][ T5323]  netlink_unicast+0x7f8/0x9a0
[   69.331338][ T5323]  ? __pfx_netlink_unicast+0x10/0x10
[   69.333462][ T5323]  ? skb_put+0x114/0x1f0
[   69.335128][ T5323]  netlink_sendmsg+0x8c3/0xcd0
[   69.337284][ T5323]  ? __pfx_netlink_sendmsg+0x10/0x10
[   69.339510][ T5323]  ? aa_sock_msg_perm+0x91/0x160
[   69.341601][ T5323]  ? __pfx_netlink_sendmsg+0x10/0x10
[   69.343794][ T5323]  __sock_sendmsg+0x221/0x270
[   69.345749][ T5323]  ____sys_sendmsg+0x523/0x860
[   69.347800][ T5323]  ? __pfx_____sys_sendmsg+0x10/0x10
[   69.349978][ T5323]  ? __fget_files+0x2a/0x420
[   69.351988][ T5323]  ? __fget_files+0x2a/0x420
[   69.353930][ T5323]  __sys_sendmsg+0x271/0x360
[   69.355949][ T5323]  ? __lock_acquire+0xad5/0xd80
[   69.358060][ T5323]  ? __pfx___sys_sendmsg+0x10/0x10
[   69.360235][ T5323]  ? do_syscall_64+0xb6/0x230
[   69.362348][ T5323]  do_syscall_64+0xf3/0x230
[   69.364444][ T5323]  ? clear_bhb_loop+0x45/0xa0
[   69.366567][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.369355][ T5323] RIP: 0033:0x7f6cc5b8d169
[   69.371429][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.379506][ T5323] RSP: 002b:00007f6cc6928038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   69.383207][ T5323] RAX: ffffffffffffffda RBX: 00007f6cc5da5fa0 RCX: 00007f6cc5b8d169
[   69.386916][ T5323] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004
[   69.390772][ T5323] RBP: 00007f6cc5c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.393923][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.397254][ T5323] R13: 0000000000000000 R14: 00007f6cc5da5fa0 R15: 00007ffe0995b538
[   69.400407][ T5323]  </TASK>
[   69.401580][ T5323] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   69.404377][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(full) 
[   69.408940][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.413605][ T5323] Call Trace:
[   69.415071][ T5323]  <TASK>
[   69.416324][ T5323]  dump_stack_lvl+0x241/0x360
[   69.418232][ T5323]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.420259][ T5323]  ? __pfx__printk+0x10/0x10
[   69.422071][ T5323]  ? vscnprintf+0x5d/0x90
[   69.423755][ T5323]  panic+0x349/0x880
[   69.425377][ T5323]  ? __warn+0x174/0x4d0
[   69.427032][ T5323]  ? __pfx_panic+0x10/0x10
[   69.428815][ T5323]  __warn+0x344/0x4d0
[   69.430406][ T5323]  ? ieee80211_prep_channel+0x4e32/0x66e0
[   69.432607][ T5323]  report_bug+0x2b3/0x500
[   69.434373][ T5323]  ? ieee80211_prep_channel+0x4e32/0x66e0
[   69.436691][ T5323]  ? ieee80211_prep_channel+0x4e32/0x66e0
[   69.439011][ T5323]  ? ieee80211_prep_channel+0x4e34/0x66e0
[   69.441357][ T5323]  handle_bug+0x89/0x170
[   69.443111][ T5323]  exc_invalid_op+0x1a/0x50
[   69.444985][ T5323]  asm_exc_invalid_op+0x1a/0x20
[   69.446910][ T5323] RIP: 0010:ieee80211_prep_channel+0x4e32/0x66e0
[   69.449477][ T5323] Code: c6 05 32 65 92 04 01 48 c7 c7 37 37 6d 8d be e8 03 00 00 48 c7 c2 a0 38 6d 8d e8 59 cf e7 f5 e9 03 b5 ff ff e8 cf 07 0c f6 90 <0f> 0b 90 48 8b 7c 24 28 e8 21 8d 6a f6 48 c7 44 24 28 ea ff ff ff
[   69.457026][ T5323] RSP: 0018:ffffc9000d6ae440 EFLAGS: 00010287
[   69.459477][ T5323] RAX: ffffffff8bb75da1 RBX: 0000000000000000 RCX: 0000000000100000
[   69.462561][ T5323] RDX: ffffc9000e2e2000 RSI: 0000000000000b2d RDI: 0000000000000b2e
[   69.465701][ T5323] RBP: ffffc9000d6ae850 R08: ffffffff8bb71de7 R09: ffffffff8b858c0c
[   69.468764][ T5323] R10: 000000000000000e R11: ffff8880003a0000 R12: dffffc0000000000
[   69.471768][ T5323] R13: ffff888040fda758 R14: ffffc9000d6ae710 R15: ffffc9000d6ae750
[   69.474892][ T5323]  ? cfg80211_get_end_freq+0x7c/0x1d0
[   69.477070][ T5323]  ? ieee80211_prep_channel+0xe77/0x66e0
[   69.479362][ T5323]  ? ieee80211_prep_channel+0x4e31/0x66e0
[   69.481575][ T5323]  ? __pfx_preempt_schedule+0x10/0x10
[   69.483554][ T5323]  ? ieee80211_prep_channel+0x223/0x66e0
[   69.485931][ T5323]  ? preempt_schedule_thunk+0x16/0x30
[   69.488053][ T5323]  ? __pfx_ieee80211_prep_channel+0x10/0x10
[   69.490366][ T5323]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[   69.493026][ T5323]  ? rcu_is_watching+0x15/0xb0
[   69.494841][ T5323]  ? __pfx_ieee80211_mgd_setup_link_sta+0x10/0x10
[   69.497260][ T5323]  ieee80211_prep_connection+0xda7/0x1310
[   69.499432][ T5323]  ieee80211_mgd_auth+0xf04/0x1770
[   69.501407][ T5323]  ? __lock_acquire+0xad5/0xd80
[   69.503295][ T5323]  ? __pfx_ieee80211_mgd_auth+0x10/0x10
[   69.505346][ T5323]  cfg80211_mlme_auth+0x59f/0x970
[   69.507178][ T5323]  cfg80211_conn_do_work+0x637/0xed0
[   69.509261][ T5323]  ? __pfx_cfg80211_conn_do_work+0x10/0x10
[   69.511593][ T5323]  ? _raw_spin_unlock_irqrestore+0x90/0x140
[   69.513669][ T5323]  ? lockdep_hardirqs_on+0x9d/0x150
[   69.515685][ T5323]  ? rcu_is_watching+0x15/0xb0
[   69.517564][ T5323]  ? trace_cfg80211_return_bss+0x87/0x210
[   69.519885][ T5323]  ? __cfg80211_get_bss+0x613/0x7d0
[   69.522036][ T5323]  ? cfg80211_connect+0x16cc/0x20e0
[   69.524165][ T5323]  cfg80211_connect+0x1758/0x20e0
[   69.526081][ T5323]  ? __lock_acquire+0xad5/0xd80
[   69.528070][ T5323]  ? reacquire_held_locks+0x12a/0x1e0
[   69.530023][ T5323]  ? __pfx_cfg80211_connect+0x10/0x10
[   69.532023][ T5323]  ? __asan_memset+0x23/0x50
[   69.533816][ T5323]  ? nl80211_crypto_settings+0xb6d/0xf10
[   69.536056][ T5323]  nl80211_connect+0x1d57/0x24b0
[   69.538083][ T5323]  ? __pfx_nl80211_connect+0x10/0x10
[   69.540316][ T5323]  ? trace_contention_end+0x3c/0x120
[   69.542485][ T5323]  genl_rcv_msg+0xb38/0xf00
[   69.544351][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   69.546316][ T5323]  ? __dev_queue_xmit+0x1780/0x3f60
[   69.548268][ T5323]  ? kasan_save_track+0x3f/0x80
[   69.550146][ T5323]  ? __kasan_slab_alloc+0x66/0x80
[   69.552157][ T5323]  ? do_syscall_64+0xf3/0x230
[   69.553967][ T5323]  ? __lock_acquire+0xad5/0xd80
[   69.556030][ T5323]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   69.558079][ T5323]  ? __pfx_nl80211_connect+0x10/0x10
[   69.560143][ T5323]  ? __pfx_nl80211_post_doit+0x10/0x10
[   69.562188][ T5323]  netlink_rcv_skb+0x208/0x480
[   69.564177][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   69.566674][ T5323]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   69.568923][ T5323]  ? netlink_deliver_tap+0x2e/0x1b0
[   69.570883][ T5323]  genl_rcv+0x28/0x40
[   69.572443][ T5323]  netlink_unicast+0x7f8/0x9a0
[   69.574334][ T5323]  ? __pfx_netlink_unicast+0x10/0x10
[   69.576304][ T5323]  ? skb_put+0x114/0x1f0
[   69.577958][ T5323]  netlink_sendmsg+0x8c3/0xcd0
[   69.579846][ T5323]  ? __pfx_netlink_sendmsg+0x10/0x10
[   69.581872][ T5323]  ? aa_sock_msg_perm+0x91/0x160
[   69.583819][ T5323]  ? __pfx_netlink_sendmsg+0x10/0x10
[   69.585773][ T5323]  __sock_sendmsg+0x221/0x270
[   69.587616][ T5323]  ____sys_sendmsg+0x523/0x860
[   69.589443][ T5323]  ? __pfx_____sys_sendmsg+0x10/0x10
[   69.591416][ T5323]  ? __fget_files+0x2a/0x420
[   69.593278][ T5323]  ? __fget_files+0x2a/0x420
[   69.595465][ T5323]  __sys_sendmsg+0x271/0x360
[   69.597353][ T5323]  ? __lock_acquire+0xad5/0xd80
[   69.599358][ T5323]  ? __pfx___sys_sendmsg+0x10/0x10
[   69.601288][ T5323]  ? do_syscall_64+0xb6/0x230
[   69.603073][ T5323]  do_syscall_64+0xf3/0x230
[   69.604827][ T5323]  ? clear_bhb_loop+0x45/0xa0
[   69.606554][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.608768][ T5323] RIP: 0033:0x7f6cc5b8d169
[   69.610448][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.617768][ T5323] RSP: 002b:00007f6cc6928038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   69.620960][ T5323] RAX: ffffffffffffffda RBX: 00007f6cc5da5fa0 RCX: 00007f6cc5b8d169
[   69.623964][ T5323] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004
[   69.627016][ T5323] RBP: 00007f6cc5c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.630024][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.633024][ T5323] R13: 0000000000000000 R14: 00007f6cc5da5fa0 R15: 00007ffe0995b538
[   69.636112][ T5323]  </TASK>
[   69.637461][ T5323] Kernel Offset: disabled
[   69.638926][ T5323] Rebooting in 86400 seconds..