program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_CONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @random=0x401, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x4, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_REG(r9, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r11, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r12, @ANYBLOB='\n\x004'], 0x30}}, 0x0)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)={0x30, r1, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x3e}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004841}, 0x80)

[   70.908143][ T5310] Bluetooth: hci0: command tx timeout
[   71.017273][ T5325] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   71.036368][ T5325] netlink: 8 bytes leftover after parsing attributes in process `syz.0.0'.
[   71.051538][ T5309] ------------[ cut here ]------------
[   71.053809][ T5309] WARNING: CPU: 0 PID: 5309 at net/mac80211/mlme.c:1012 ieee80211_prep_channel+0x389b/0x5120
[   71.059549][ T5309] Modules linked in:
[   71.061739][ T5309] CPU: 0 UID: 0 PID: 5309 Comm: kworker/0:3 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[   71.066795][ T5309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.071005][ T5309] Workqueue: events cfg80211_conn_work
[   71.073357][ T5309] RIP: 0010:ieee80211_prep_channel+0x389b/0x5120
[   71.076092][ T5309] Code: c6 05 04 3b 86 04 01 48 c7 c7 57 9d 29 8d be 78 03 00 00 48 c7 c2 40 9e 29 8d e8 a0 df 1b f6 e9 7e ca ff ff e8 a6 1e 40 f6 90 <0f> 0b 90 48 8b 7c 24 30 e8 48 3f 9b f6 48 c7 44 24 30 ea ff ff ff
[   71.083577][ T5309] RSP: 0018:ffffc9000d01ec80 EFLAGS: 00010293
[   71.086211][ T5309] RAX: ffffffff8b7f30fa RBX: 0000000000000000 RCX: ffff888000fcc880
[   71.089737][ T5309] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   71.092596][ T5309] RBP: ffffc9000d01efd0 R08: ffffffff8b7f0619 R09: ffffffff8b51c129
[   71.095307][ T5309] R10: 000000000000000e R11: ffff888000fcc880 R12: dffffc0000000000
[   71.098329][ T5309] R13: ffff888052b9e758 R14: ffffc9000d01ee90 R15: ffffc9000d01eed0
[   71.101790][ T5309] FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   71.105477][ T5309] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   71.108415][ T5309] CR2: 00007f7f752d7d60 CR3: 0000000043f86000 CR4: 0000000000352ef0
[   71.112179][ T5309] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   71.115607][ T5309] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   71.119346][ T5309] Call Trace:
[   71.120794][ T5309]  <TASK>
[   71.122056][ T5309]  ? __warn+0x165/0x4d0
[   71.123774][ T5309]  ? ieee80211_prep_channel+0x389b/0x5120
[   71.126052][ T5309]  ? report_bug+0x2b3/0x500
[   71.127964][ T5309]  ? ieee80211_prep_channel+0x389b/0x5120
[   71.129915][ T5309]  ? handle_bug+0x60/0x90
[   71.131383][ T5309]  ? exc_invalid_op+0x1a/0x50
[   71.133645][ T5309]  ? asm_exc_invalid_op+0x1a/0x20
[   71.136848][ T5309]  ? cfg80211_get_end_freq+0x79/0x1d0
[   71.140765][ T5309]  ? ieee80211_prep_channel+0xdb9/0x5120
[   71.143018][ T5309]  ? ieee80211_prep_channel+0x389a/0x5120
[   71.145105][ T5309]  ? ieee80211_prep_channel+0x389b/0x5120
[   71.147375][ T5309]  ? ieee80211_prep_channel+0x20a/0x5120
[   71.149708][ T5309]  ? mark_lock+0x9a/0x360
[   71.151300][ T5309]  ? __pfx_ieee80211_prep_channel+0x10/0x10
[   71.153509][ T5309]  ? __pfx_lock_release+0x10/0x10
[   71.155355][ T5309]  ieee80211_prep_connection+0xda1/0x1310
[   71.158046][ T5309]  ieee80211_mgd_auth+0xcec/0x1480
[   71.160169][ T5309]  ? __pfx_ieee80211_mgd_auth+0x10/0x10
[   71.162906][ T5309]  ? rcu_is_watching+0x15/0xb0
[   71.164781][ T5309]  cfg80211_mlme_auth+0x59f/0x970
[   71.166707][ T5309]  cfg80211_conn_do_work+0x601/0xeb0
[   71.168797][ T5309]  ? __pfx_cfg80211_conn_do_work+0x10/0x10
[   71.170953][ T5309]  ? __lock_acquire+0x1397/0x2100
[   71.172942][ T5309]  ? __pfx_validate_chain+0x10/0x10
[   71.175029][ T5309]  ? cfg80211_conn_work+0x230/0x4e0
[   71.178065][ T5309]  cfg80211_conn_work+0x27c/0x4e0
[   71.180639][ T5309]  ? __pfx_cfg80211_conn_work+0x10/0x10
[   71.182871][ T5309]  ? lockdep_unlock+0x16a/0x300
[   71.184746][ T5309]  ? mark_lock+0x2ae/0x360
[   71.186428][ T5309]  ? __lock_acquire+0x1397/0x2100
[   71.188459][ T5309]  ? do_raw_spin_unlock+0x58/0x8b0
[   71.190391][ T5309]  ? __pfx_lock_acquire+0x10/0x10
[   71.192327][ T5309]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   71.194845][ T5309]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   71.198082][ T5309]  ? process_scheduled_works+0x976/0x1840
[   71.201218][ T5309]  process_scheduled_works+0xa66/0x1840
[   71.204125][ T5309]  ? __pfx_process_scheduled_works+0x10/0x10
[   71.206451][ T5309]  ? assign_work+0x364/0x3d0
[   71.208342][ T5309]  worker_thread+0x870/0xd30
[   71.210230][ T5309]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   71.212569][ T5309]  ? __kthread_parkme+0x169/0x1d0
[   71.214667][ T5309]  ? __pfx_worker_thread+0x10/0x10
[   71.216651][ T5309]  kthread+0x7a9/0x920
[   71.218780][ T5309]  ? __pfx_kthread+0x10/0x10
[   71.220952][ T5309]  ? __pfx_worker_thread+0x10/0x10
[   71.223473][ T5309]  ? __pfx_kthread+0x10/0x10
[   71.225488][ T5309]  ? __pfx_kthread+0x10/0x10
[   71.227440][ T5309]  ? __pfx_kthread+0x10/0x10
[   71.229609][ T5309]  ? _raw_spin_unlock_irq+0x23/0x50
[   71.231604][ T5309]  ? lockdep_hardirqs_on+0x99/0x150
[   71.233673][ T5309]  ? __pfx_kthread+0x10/0x10
[   71.235416][ T5309]  ret_from_fork+0x4b/0x80
[   71.237041][ T5309]  ? __pfx_kthread+0x10/0x10
[   71.239216][ T5309]  ret_from_fork_asm+0x1a/0x30
[   71.241769][ T5309]  </TASK>
[   71.243451][ T5309] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   71.246985][ T5309] CPU: 0 UID: 0 PID: 5309 Comm: kworker/0:3 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[   71.250966][ T5309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.254899][ T5309] Workqueue: events cfg80211_conn_work
[   71.257125][ T5309] Call Trace:
[   71.258475][ T5309]  <TASK>
[   71.259690][ T5309]  dump_stack_lvl+0x241/0x360
[   71.261750][ T5309]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.264036][ T5309]  ? __pfx__printk+0x10/0x10
[   71.266413][ T5309]  ? _printk+0xd5/0x120
[   71.268387][ T5309]  ? __init_begin+0x41000/0x41000
[   71.270435][ T5309]  ? vscnprintf+0x5d/0x90
[   71.272061][ T5309]  panic+0x349/0x880
[   71.273735][ T5309]  ? __warn+0x174/0x4d0
[   71.275281][ T5309]  ? __pfx_panic+0x10/0x10
[   71.276933][ T5309]  ? ret_from_fork_asm+0x1a/0x30
[   71.279333][ T5309]  __warn+0x344/0x4d0
[   71.281424][ T5309]  ? ieee80211_prep_channel+0x389b/0x5120
[   71.284360][ T5309]  report_bug+0x2b3/0x500
[   71.285901][ T5309]  ? ieee80211_prep_channel+0x389b/0x5120
[   71.288086][ T5309]  handle_bug+0x60/0x90
[   71.289679][ T5309]  exc_invalid_op+0x1a/0x50
[   71.291373][ T5309]  asm_exc_invalid_op+0x1a/0x20
[   71.293289][ T5309] RIP: 0010:ieee80211_prep_channel+0x389b/0x5120
[   71.295743][ T5309] Code: c6 05 04 3b 86 04 01 48 c7 c7 57 9d 29 8d be 78 03 00 00 48 c7 c2 40 9e 29 8d e8 a0 df 1b f6 e9 7e ca ff ff e8 a6 1e 40 f6 90 <0f> 0b 90 48 8b 7c 24 30 e8 48 3f 9b f6 48 c7 44 24 30 ea ff ff ff
[   71.303490][ T5309] RSP: 0018:ffffc9000d01ec80 EFLAGS: 00010293
[   71.306077][ T5309] RAX: ffffffff8b7f30fa RBX: 0000000000000000 RCX: ffff888000fcc880
[   71.309178][ T5309] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   71.312311][ T5309] RBP: ffffc9000d01efd0 R08: ffffffff8b7f0619 R09: ffffffff8b51c129
[   71.315817][ T5309] R10: 000000000000000e R11: ffff888000fcc880 R12: dffffc0000000000
[   71.319397][ T5309] R13: ffff888052b9e758 R14: ffffc9000d01ee90 R15: ffffc9000d01eed0
[   71.322547][ T5309]  ? cfg80211_get_end_freq+0x79/0x1d0
[   71.324624][ T5309]  ? ieee80211_prep_channel+0xdb9/0x5120
[   71.326475][ T5309]  ? ieee80211_prep_channel+0x389a/0x5120
[   71.328224][ T5309]  ? ieee80211_prep_channel+0x20a/0x5120
[   71.330498][ T5309]  ? mark_lock+0x9a/0x360
[   71.332149][ T5309]  ? __pfx_ieee80211_prep_channel+0x10/0x10
[   71.334767][ T5309]  ? __pfx_lock_release+0x10/0x10
[   71.337407][ T5309]  ieee80211_prep_connection+0xda1/0x1310
[   71.340441][ T5309]  ieee80211_mgd_auth+0xcec/0x1480
[   71.342732][ T5309]  ? __pfx_ieee80211_mgd_auth+0x10/0x10
[   71.344874][ T5309]  ? rcu_is_watching+0x15/0xb0
[   71.347016][ T5309]  cfg80211_mlme_auth+0x59f/0x970
[   71.349258][ T5309]  cfg80211_conn_do_work+0x601/0xeb0
[   71.351235][ T5309]  ? __pfx_cfg80211_conn_do_work+0x10/0x10
[   71.353328][ T5309]  ? __lock_acquire+0x1397/0x2100
[   71.355304][ T5309]  ? __pfx_validate_chain+0x10/0x10
[   71.357557][ T5309]  ? cfg80211_conn_work+0x230/0x4e0
[   71.360397][ T5309]  cfg80211_conn_work+0x27c/0x4e0
[   71.362725][ T5309]  ? __pfx_cfg80211_conn_work+0x10/0x10
[   71.365316][ T5309]  ? lockdep_unlock+0x16a/0x300
[   71.367070][ T5309]  ? mark_lock+0x2ae/0x360
[   71.368855][ T5309]  ? __lock_acquire+0x1397/0x2100
[   71.370869][ T5309]  ? do_raw_spin_unlock+0x58/0x8b0
[   71.372746][ T5309]  ? __pfx_lock_acquire+0x10/0x10
[   71.374600][ T5309]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   71.376817][ T5309]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   71.379817][ T5309]  ? process_scheduled_works+0x976/0x1840
[   71.383334][ T5309]  process_scheduled_works+0xa66/0x1840
[   71.386088][ T5309]  ? __pfx_process_scheduled_works+0x10/0x10
[   71.388528][ T5309]  ? assign_work+0x364/0x3d0
[   71.390338][ T5309]  worker_thread+0x870/0xd30
[   71.392035][ T5309]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   71.394254][ T5309]  ? __kthread_parkme+0x169/0x1d0
[   71.396066][ T5309]  ? __pfx_worker_thread+0x10/0x10
[   71.397926][ T5309]  kthread+0x7a9/0x920
[   71.399466][ T5309]  ? __pfx_kthread+0x10/0x10
[   71.401131][ T5309]  ? __pfx_worker_thread+0x10/0x10
[   71.403171][ T5309]  ? __pfx_kthread+0x10/0x10
[   71.405569][ T5309]  ? __pfx_kthread+0x10/0x10
[   71.407837][ T5309]  ? __pfx_kthread+0x10/0x10
[   71.409778][ T5309]  ? _raw_spin_unlock_irq+0x23/0x50
[   71.411774][ T5309]  ? lockdep_hardirqs_on+0x99/0x150
[   71.413911][ T5309]  ? __pfx_kthread+0x10/0x10
[   71.415610][ T5309]  ret_from_fork+0x4b/0x80
[   71.417559][ T5309]  ? __pfx_kthread+0x10/0x10
[   71.419649][ T5309]  ret_from_fork_asm+0x1a/0x30
[   71.421830][ T5309]  </TASK>
[   71.423520][ T5309] Kernel Offset: disabled
[   71.425359][ T5309] Rebooting in 86400 seconds..