program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x4, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_REG(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="80000000ffffffffffffffffffdeffff5050505050503000070200000000000007000100000003010c040608071080000006023e64250300f2032a01017206030303030303"], 0x45)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0xd, @void}, 0x1e)

[   86.592835][ T4672] Bluetooth: hci0: command tx timeout
[   86.756729][ T5329] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   86.773283][ T5329] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   86.791125][ T4782] ------------[ cut here ]------------
[   86.794393][ T4782] WARNING: CPU: 0 PID: 4782 at net/mac80211/mlme.c:1124 ieee80211_prep_channel+0x490c/0x60f0
[   86.799566][ T4782] Modules linked in:
[   86.802059][ T4782] CPU: 0 UID: 0 PID: 4782 Comm: kworker/0:3 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[   86.807600][ T4782] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.811781][ T4782] Workqueue: events cfg80211_conn_work
[   86.814276][ T4782] RIP: 0010:ieee80211_prep_channel+0x490c/0x60f0
[   86.817298][ T4782] Code: c6 05 6f 4a 95 04 01 48 c7 c7 b7 fa ae 8c be e8 03 00 00 48 c7 c2 20 fc ae 8c e8 af b0 a8 f6 e9 17 ba ff ff e8 35 b0 ca f6 90 <0f> 0b 90 48 8b 7c 24 48 e8 27 36 23 f7 48 c7 44 24 48 ea ff ff ff
[   86.825657][ T4782] RSP: 0018:ffffc9000cc86b60 EFLAGS: 00010293
[   86.828371][ T4782] RAX: ffffffff8af5ac0b RBX: 0000000000000000 RCX: ffff88801a2e2440
[   86.832360][ T4782] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   86.835985][ T4782] RBP: ffffc9000cc86f08 R08: ffff88801a2e2440 R09: 000000000000000e
[   86.839204][ T4782] R10: 000000000000000d R11: 0000000000000000 R12: ffffc9000cc86e10
[   86.842842][ T4782] R13: dffffc0000000000 R14: 1ffff1100a4fd4eb R15: ffffc9000cc86e10
[   86.847238][ T4782] FS:  0000000000000000(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000
[   86.851851][ T4782] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.855205][ T4782] CR2: 00007f6b32b84170 CR3: 000000005130d000 CR4: 0000000000352ef0
[   86.858755][ T4782] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   86.862548][ T4782] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   86.866583][ T4782] Call Trace:
[   86.868122][ T4782]  <TASK>
[   86.869332][ T4782]  ? ieee80211_prep_channel+0x202/0x60f0
[   86.871540][ T4782]  ? __pfx_ieee80211_prep_channel+0x10/0x10
[   86.875203][ T4782]  ? __lruvec_stat_mod_folio+0x79/0x2f0
[   86.878021][ T4782]  ? ieee80211_prep_connection+0x50f/0x1600
[   86.880676][ T4782]  ieee80211_prep_connection+0xeb9/0x1600
[   86.883143][ T4782]  ieee80211_mgd_auth+0xee3/0x1770
[   86.885343][ T4782]  ? __lock_acquire+0xab9/0xd20
[   86.887156][ T4782]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.889347][ T4782]  ? __pfx_ieee80211_mgd_auth+0x10/0x10
[   86.892024][ T4782]  ? rcu_is_watching+0x15/0xb0
[   86.894397][ T4782]  cfg80211_mlme_auth+0x62f/0x9c0
[   86.896987][ T4782]  cfg80211_conn_do_work+0x501/0xd10
[   86.899273][ T4782]  ? __pfx_cfg80211_conn_do_work+0x10/0x10
[   86.901519][ T4782]  ? lockdep_unlock+0x89/0x120
[   86.903944][ T4782]  ? cfg80211_conn_work+0x298/0x440
[   86.906328][ T4782]  cfg80211_conn_work+0x2c0/0x440
[   86.909171][ T4782]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   86.912968][ T4782]  ? __pfx_cfg80211_conn_work+0x10/0x10
[   86.915599][ T4782]  ? stack_trace_save+0x9c/0xe0
[   86.917483][ T4782]  ? __pfx_stack_trace_save+0x10/0x10
[   86.919730][ T4782]  ? check_path+0x21/0x40
[   86.921931][ T4782]  ? lockdep_unlock+0x89/0x120
[   86.924274][ T4782]  ? validate_chain+0x897/0x2140
[   86.926649][ T4782]  ? __lock_acquire+0xab9/0xd20
[   86.929227][ T4782]  ? process_scheduled_works+0x9ef/0x17b0
[   86.932033][ T4782]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.934427][ T4782]  ? process_scheduled_works+0x9ef/0x17b0
[   86.936939][ T4782]  ? process_scheduled_works+0x9ef/0x17b0
[   86.940092][ T4782]  process_scheduled_works+0xae1/0x17b0
[   86.943193][ T4782]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.945986][ T4782]  worker_thread+0x8a0/0xda0
[   86.948056][ T4782]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   86.950642][ T4782]  ? __kthread_parkme+0x7b/0x200
[   86.952826][ T4782]  kthread+0x70e/0x8a0
[   86.954960][ T4782]  ? __pfx_worker_thread+0x10/0x10
[   86.957766][ T4782]  ? __pfx_kthread+0x10/0x10
[   86.960185][ T4782]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.962544][ T4782]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.964788][ T4782]  ? __pfx_kthread+0x10/0x10
[   86.966823][ T4782]  ret_from_fork+0x3fc/0x770
[   86.968904][ T4782]  ? __pfx_ret_from_fork+0x10/0x10
[   86.971459][ T4782]  ? __pfx_kthread+0x10/0x10
[   86.974431][ T4782]  ret_from_fork_asm+0x1a/0x30
[   86.976840][ T4782]  </TASK>
[   86.978278][ T4782] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   86.981399][ T4782] CPU: 0 UID: 0 PID: 4782 Comm: kworker/0:3 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[   86.986351][ T4782] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.991656][ T4782] Workqueue: events cfg80211_conn_work
[   86.993792][ T4782] Call Trace:
[   86.995105][ T4782]  <TASK>
[   86.996402][ T4782]  dump_stack_lvl+0x99/0x250
[   86.998394][ T4782]  ? __asan_memcpy+0x40/0x70
[   87.000347][ T4782]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.003134][ T4782]  ? __pfx__printk+0x10/0x10
[   87.005543][ T4782]  panic+0x2db/0x790
[   87.007254][ T4782]  ? __pfx_panic+0x10/0x10
[   87.009079][ T4782]  ? show_trace_log_lvl+0x4fb/0x550
[   87.011195][ T4782]  ? ret_from_fork_asm+0x1a/0x30
[   87.013232][ T4782]  __warn+0x31b/0x4b0
[   87.014737][ T4782]  ? ieee80211_prep_channel+0x490c/0x60f0
[   87.017176][ T4782]  ? ieee80211_prep_channel+0x490c/0x60f0
[   87.019634][ T4782]  report_bug+0x2be/0x4f0
[   87.021517][ T4782]  ? ieee80211_prep_channel+0x490c/0x60f0
[   87.023772][ T4782]  ? ieee80211_prep_channel+0x490c/0x60f0
[   87.026140][ T4782]  ? ieee80211_prep_channel+0x490e/0x60f0
[   87.028513][ T4782]  handle_bug+0x84/0x160
[   87.030265][ T4782]  exc_invalid_op+0x1a/0x50
[   87.032195][ T4782]  asm_exc_invalid_op+0x1a/0x20
[   87.034184][ T4782] RIP: 0010:ieee80211_prep_channel+0x490c/0x60f0
[   87.037655][ T4782] Code: c6 05 6f 4a 95 04 01 48 c7 c7 b7 fa ae 8c be e8 03 00 00 48 c7 c2 20 fc ae 8c e8 af b0 a8 f6 e9 17 ba ff ff e8 35 b0 ca f6 90 <0f> 0b 90 48 8b 7c 24 48 e8 27 36 23 f7 48 c7 44 24 48 ea ff ff ff
[   87.046412][ T4782] RSP: 0018:ffffc9000cc86b60 EFLAGS: 00010293
[   87.049140][ T4782] RAX: ffffffff8af5ac0b RBX: 0000000000000000 RCX: ffff88801a2e2440
[   87.052663][ T4782] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   87.056837][ T4782] RBP: ffffc9000cc86f08 R08: ffff88801a2e2440 R09: 000000000000000e
[   87.060388][ T4782] R10: 000000000000000d R11: 0000000000000000 R12: ffffc9000cc86e10
[   87.063683][ T4782] R13: dffffc0000000000 R14: 1ffff1100a4fd4eb R15: ffffc9000cc86e10
[   87.066852][ T4782]  ? ieee80211_prep_channel+0x490b/0x60f0
[   87.069287][ T4782]  ? ieee80211_prep_channel+0x202/0x60f0
[   87.071682][ T4782]  ? __pfx_ieee80211_prep_channel+0x10/0x10
[   87.074561][ T4782]  ? __lruvec_stat_mod_folio+0x79/0x2f0
[   87.077151][ T4782]  ? ieee80211_prep_connection+0x50f/0x1600
[   87.079677][ T4782]  ieee80211_prep_connection+0xeb9/0x1600
[   87.081857][ T4782]  ieee80211_mgd_auth+0xee3/0x1770
[   87.083904][ T4782]  ? __lock_acquire+0xab9/0xd20
[   87.085771][ T4782]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.087640][ T4782]  ? __pfx_ieee80211_mgd_auth+0x10/0x10
[   87.089981][ T4782]  ? rcu_is_watching+0x15/0xb0
[   87.092386][ T4782]  cfg80211_mlme_auth+0x62f/0x9c0
[   87.095392][ T4782]  cfg80211_conn_do_work+0x501/0xd10
[   87.097902][ T4782]  ? __pfx_cfg80211_conn_do_work+0x10/0x10
[   87.100368][ T4782]  ? lockdep_unlock+0x89/0x120
[   87.102393][ T4782]  ? cfg80211_conn_work+0x298/0x440
[   87.104540][ T4782]  cfg80211_conn_work+0x2c0/0x440
[   87.106623][ T4782]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   87.109232][ T4782]  ? __pfx_cfg80211_conn_work+0x10/0x10
[   87.111588][ T4782]  ? stack_trace_save+0x9c/0xe0
[   87.113858][ T4782]  ? __pfx_stack_trace_save+0x10/0x10
[   87.116786][ T4782]  ? check_path+0x21/0x40
[   87.119126][ T4782]  ? lockdep_unlock+0x89/0x120
[   87.121886][ T4782]  ? validate_chain+0x897/0x2140
[   87.124259][ T4782]  ? __lock_acquire+0xab9/0xd20
[   87.126661][ T4782]  ? process_scheduled_works+0x9ef/0x17b0
[   87.129208][ T4782]  ? _raw_spin_unlock_irq+0x23/0x50
[   87.131441][ T4782]  ? process_scheduled_works+0x9ef/0x17b0
[   87.134014][ T4782]  ? process_scheduled_works+0x9ef/0x17b0
[   87.136408][ T4782]  process_scheduled_works+0xae1/0x17b0
[   87.139023][ T4782]  ? __pfx_process_scheduled_works+0x10/0x10
[   87.142044][ T4782]  worker_thread+0x8a0/0xda0
[   87.144160][ T4782]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   87.147008][ T4782]  ? __kthread_parkme+0x7b/0x200
[   87.149350][ T4782]  kthread+0x70e/0x8a0
[   87.151161][ T4782]  ? __pfx_worker_thread+0x10/0x10
[   87.153635][ T4782]  ? __pfx_kthread+0x10/0x10
[   87.155871][ T4782]  ? _raw_spin_unlock_irq+0x23/0x50
[   87.158138][ T4782]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.160347][ T4782]  ? __pfx_kthread+0x10/0x10
[   87.162261][ T4782]  ret_from_fork+0x3fc/0x770
[   87.164171][ T4782]  ? __pfx_ret_from_fork+0x10/0x10
[   87.166527][ T4782]  ? __pfx_kthread+0x10/0x10
[   87.168802][ T4782]  ret_from_fork_asm+0x1a/0x30
[   87.171071][ T4782]  </TASK>
[   87.173263][ T4782] Kernel Offset: disabled
[   87.175359][ T4782] Rebooting in 86400 seconds..