program:
ioctl$BTRFS_IOC_SET_FEATURES(0xffffffffffffffff, 0x40309439, &(0x7f0000000000)={0x0, 0x0, 0x4})
r0 = socket$inet(0x2, 0x2, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@beacon={{{}, {}, @device_b}, 0xfffffffffffffffd, @default, 0x1001, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0xb}]}, @void, @void, @void, @val={0x5, 0x3, {0x5, 0xdd}}, @void, @val={0x2a, 0x1, {0x1, 0x1}}, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfd}}, @val={0x76, 0x6, {0x1, 0x9, 0x25, 0xe}}}, 0x50)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_REG(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="800000"], 0x44)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
ioctl$sock_SIOCBRDELBR(r2, 0x89a2, &(0x7f0000000000)='bridge0\x00')
syz_emit_ethernet(0x22, &(0x7f0000000080)={@local, @random="429e82211cf8", @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x2, 0x0, 0x14, 0x65, 0x0, 0x2, 0x6c, 0x0, @rand_addr=0x64010100, @broadcast}}}}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)={0x28, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b04, &(0x7f0000000000)={'wlan1\x00'})

[   74.341484][ T5317] Bluetooth: hci0: command tx timeout
[   74.422453][ T5332] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   74.437617][ T5332] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   74.444505][ T5332] bridge0: port 3(syz_tun) entered blocking state
[   74.447476][ T5332] bridge0: port 3(syz_tun) entered disabled state
[   74.450607][ T5332] syz_tun: entered allmulticast mode
[   74.455627][ T5332] syz_tun: entered promiscuous mode
[   74.458272][ T5332] bridge0: port 3(syz_tun) entered blocking state
[   74.461287][ T5332] bridge0: port 3(syz_tun) entered forwarding state
[   74.477421][ T5332] wlan1: No basic rates, using min rate instead
[   74.480955][ T5332] ------------[ cut here ]------------
[   74.483133][ T5332] WARNING: CPU: 0 PID: 5332 at net/mac80211/mlme.c:1012 ieee80211_prep_channel+0x389b/0x5120
[   74.487341][ T5332] Modules linked in:
[   74.489052][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted 6.14.0-syzkaller #0
[   74.492319][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.496555][ T5332] RIP: 0010:ieee80211_prep_channel+0x389b/0x5120
[   74.499146][ T5332] Code: c6 05 4f cd 94 04 01 48 c7 c7 37 3b 4b 8d be 78 03 00 00 48 c7 c2 a0 3c 4b 8d e8 70 00 0b f6 e9 7e ca ff ff e8 16 a6 2f f6 90 <0f> 0b 90 48 8b 7c 24 30 e8 e8 5c 8b f6 48 c7 44 24 30 ea ff ff ff
[   74.506344][ T5332] RSP: 0018:ffffc900019c6500 EFLAGS: 00010283
[   74.508920][ T5332] RAX: ffffffff8b9239ba RBX: 0000000000000000 RCX: 0000000000100000
[   74.512362][ T5332] RDX: ffffc9000e78a000 RSI: 000000000000096d RDI: 000000000000096e
[   74.515688][ T5332] RBP: ffffc900019c6850 R08: ffffffff8b920ed9 R09: ffffffff8b60cbf9
[   74.519875][ T5332] R10: 000000000000000e R11: ffff888000fa0000 R12: dffffc0000000000
[   74.523291][ T5332] R13: ffff88801ae8e758 R14: ffffc900019c6710 R15: ffffc900019c6750
[   74.526568][ T5332] FS:  00007f752c10a6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   74.530160][ T5332] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   74.532667][ T5332] CR2: 00007f752b57c170 CR3: 00000000440e8000 CR4: 0000000000352ef0
[   74.535389][ T5332] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   74.538095][ T5332] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   74.541221][ T5332] Call Trace:
[   74.542438][ T5332]  <TASK>
[   74.543597][ T5332]  ? __warn+0x165/0x4d0
[   74.545212][ T5332]  ? ieee80211_prep_channel+0x389b/0x5120
[   74.547693][ T5332]  ? report_bug+0x2b3/0x500
[   74.549646][ T5332]  ? ieee80211_prep_channel+0x389b/0x5120
[   74.552137][ T5332]  ? handle_bug+0x60/0x90
[   74.553799][ T5332]  ? exc_invalid_op+0x1a/0x50
[   74.555577][ T5332]  ? asm_exc_invalid_op+0x1a/0x20
[   74.557581][ T5332]  ? cfg80211_get_end_freq+0x79/0x1d0
[   74.559876][ T5332]  ? ieee80211_prep_channel+0xdb9/0x5120
[   74.562262][ T5332]  ? ieee80211_prep_channel+0x389a/0x5120
[   74.564624][ T5332]  ? ieee80211_prep_channel+0x389b/0x5120
[   74.566874][ T5332]  ? ieee80211_prep_channel+0x20a/0x5120
[   74.569260][ T5332]  ? __pfx_ieee80211_prep_channel+0x10/0x10
[   74.571741][ T5332]  ? __pfx_lock_release+0x10/0x10
[   74.573831][ T5332]  ? cfg80211_find_elem_match+0x1c1/0x1f0
[   74.576190][ T5332]  ieee80211_prep_connection+0xda1/0x1310
[   74.578339][ T5332]  ieee80211_mgd_auth+0xedb/0x1750
[   74.580263][ T5332]  ? __pfx_ieee80211_mgd_auth+0x10/0x10
[   74.582412][ T5332]  ? rcu_is_watching+0x15/0xb0
[   74.584211][ T5332]  cfg80211_mlme_auth+0x59f/0x970
[   74.586266][ T5332]  cfg80211_conn_do_work+0x601/0xeb0
[   74.588439][ T5332]  ? __pfx_cfg80211_conn_do_work+0x10/0x10
[   74.590828][ T5332]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   74.593222][ T5332]  ? lockdep_hardirqs_on+0x99/0x150
[   74.595371][ T5332]  ? rcu_is_watching+0x15/0xb0
[   74.597332][ T5332]  ? trace_cfg80211_return_bss+0x87/0x210
[   74.599797][ T5332]  ? __cfg80211_get_bss+0x614/0x7d0
[   74.601987][ T5332]  ? cfg80211_connect+0x1854/0x22f0
[   74.604011][ T5332]  cfg80211_connect+0x190a/0x22f0
[   74.606065][ T5332]  ? __pfx_cfg80211_connect+0x10/0x10
[   74.608170][ T5332]  ? __asan_memset+0x23/0x50
[   74.610021][ T5332]  ? nl80211_crypto_settings+0xb6d/0xf10
[   74.612190][ T5332]  nl80211_connect+0x19ec/0x2140
[   74.614014][ T5332]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   74.616451][ T5332]  ? __pfx_nl80211_connect+0x10/0x10
[   74.618704][ T5332]  ? trace_contention_end+0x3c/0x120
[   74.620983][ T5332]  genl_rcv_msg+0xb1f/0xec0
[   74.622908][ T5332]  ? __pfx_genl_rcv_msg+0x10/0x10
[   74.625028][ T5332]  ? __pfx_lock_acquire+0x10/0x10
[   74.627034][ T5332]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   74.629383][ T5332]  ? __pfx_nl80211_connect+0x10/0x10
[   74.631757][ T5332]  ? __pfx_nl80211_post_doit+0x10/0x10
[   74.634018][ T5332]  ? __pfx___might_resched+0x10/0x10
[   74.636303][ T5332]  netlink_rcv_skb+0x206/0x480
[   74.638290][ T5332]  ? __pfx_genl_rcv_msg+0x10/0x10
[   74.640456][ T5332]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   74.642731][ T5332]  ? __netlink_deliver_tap+0x7b0/0x7f0
[   74.644991][ T5332]  genl_rcv+0x28/0x40
[   74.646657][ T5332]  netlink_unicast+0x7f6/0x990
[   74.648897][ T5332]  ? __pfx_netlink_unicast+0x10/0x10
[   74.651150][ T5332]  ? __virt_addr_valid+0x45f/0x530
[   74.653251][ T5332]  ? __phys_addr_symbol+0x2f/0x70
[   74.655312][ T5332]  ? __check_object_size+0x47a/0x730
[   74.657512][ T5332]  netlink_sendmsg+0x8de/0xcb0
[   74.659444][ T5332]  ? __pfx_netlink_sendmsg+0x10/0x10
[   74.661686][ T5332]  ? aa_sock_msg_perm+0x91/0x160
[   74.663775][ T5332]  ? __pfx_netlink_sendmsg+0x10/0x10
[   74.665933][ T5332]  __sock_sendmsg+0x221/0x270
[   74.667820][ T5332]  ____sys_sendmsg+0x53a/0x860
[   74.669746][ T5332]  ? __pfx_____sys_sendmsg+0x10/0x10
[   74.671978][ T5332]  ? __fget_files+0x2a/0x410
[   74.673739][ T5332]  ? __fget_files+0x2a/0x410
[   74.675557][ T5332]  __sys_sendmsg+0x269/0x350
[   74.677254][ T5332]  ? __pfx___sys_sendmsg+0x10/0x10
[   74.679243][ T5332]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   74.681952][ T5332]  ? do_syscall_64+0x100/0x230
[   74.683848][ T5332]  ? do_syscall_64+0xb6/0x230
[   74.685751][ T5332]  do_syscall_64+0xf3/0x230
[   74.687583][ T5332]  ? clear_bhb_loop+0x35/0x90
[   74.689469][ T5332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.691959][ T5332] RIP: 0033:0x7f752b38d169
[   74.693636][ T5332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.701238][ T5332] RSP: 002b:00007f752c10a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   74.704493][ T5332] RAX: ffffffffffffffda RBX: 00007f752b5a5fa0 RCX: 00007f752b38d169
[   74.707613][ T5332] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004
[   74.710717][ T5332] RBP: 00007f752b40e2a0 R08: 0000000000000000 R09: 0000000000000000
[   74.713815][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.716772][ T5332] R13: 0000000000000000 R14: 00007f752b5a5fa0 R15: 00007ffe1232be48
[   74.719888][ T5332]  </TASK>
[   74.721212][ T5332] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   74.724041][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted 6.14.0-syzkaller #0
[   74.727545][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.731651][ T5332] Call Trace:
[   74.733024][ T5332]  <TASK>
[   74.734259][ T5332]  dump_stack_lvl+0x241/0x360
[   74.736132][ T5332]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.738320][ T5332]  ? __pfx__printk+0x10/0x10
[   74.740321][ T5332]  ? _printk+0xd5/0x120
[   74.741907][ T5332]  ? __init_begin+0x41000/0x41000
[   74.743911][ T5332]  ? vscnprintf+0x5d/0x90
[   74.745523][ T5332]  panic+0x349/0x880
[   74.747087][ T5332]  ? __warn+0x174/0x4d0
[   74.748762][ T5332]  ? __pfx_panic+0x10/0x10
[   74.750700][ T5332]  __warn+0x344/0x4d0
[   74.752286][ T5332]  ? ieee80211_prep_channel+0x389b/0x5120
[   74.754474][ T5332]  report_bug+0x2b3/0x500
[   74.756261][ T5332]  ? ieee80211_prep_channel+0x389b/0x5120
[   74.758603][ T5332]  handle_bug+0x60/0x90
[   74.760382][ T5332]  exc_invalid_op+0x1a/0x50
[   74.762702][ T5332]  asm_exc_invalid_op+0x1a/0x20
[   74.764583][ T5332] RIP: 0010:ieee80211_prep_channel+0x389b/0x5120
[   74.767108][ T5332] Code: c6 05 4f cd 94 04 01 48 c7 c7 37 3b 4b 8d be 78 03 00 00 48 c7 c2 a0 3c 4b 8d e8 70 00 0b f6 e9 7e ca ff ff e8 16 a6 2f f6 90 <0f> 0b 90 48 8b 7c 24 30 e8 e8 5c 8b f6 48 c7 44 24 30 ea ff ff ff
[   74.774670][ T5332] RSP: 0018:ffffc900019c6500 EFLAGS: 00010283
[   74.777140][ T5332] RAX: ffffffff8b9239ba RBX: 0000000000000000 RCX: 0000000000100000
[   74.780261][ T5332] RDX: ffffc9000e78a000 RSI: 000000000000096d RDI: 000000000000096e
[   74.783363][ T5332] RBP: ffffc900019c6850 R08: ffffffff8b920ed9 R09: ffffffff8b60cbf9
[   74.786551][ T5332] R10: 000000000000000e R11: ffff888000fa0000 R12: dffffc0000000000
[   74.789831][ T5332] R13: ffff88801ae8e758 R14: ffffc900019c6710 R15: ffffc900019c6750
[   74.792987][ T5332]  ? cfg80211_get_end_freq+0x79/0x1d0
[   74.795143][ T5332]  ? ieee80211_prep_channel+0xdb9/0x5120
[   74.797485][ T5332]  ? ieee80211_prep_channel+0x389a/0x5120
[   74.799907][ T5332]  ? ieee80211_prep_channel+0x20a/0x5120
[   74.802076][ T5332]  ? __pfx_ieee80211_prep_channel+0x10/0x10
[   74.804448][ T5332]  ? __pfx_lock_release+0x10/0x10
[   74.806474][ T5332]  ? cfg80211_find_elem_match+0x1c1/0x1f0
[   74.808755][ T5332]  ieee80211_prep_connection+0xda1/0x1310
[   74.811074][ T5332]  ieee80211_mgd_auth+0xedb/0x1750
[   74.813106][ T5332]  ? __pfx_ieee80211_mgd_auth+0x10/0x10
[   74.815326][ T5332]  ? rcu_is_watching+0x15/0xb0
[   74.817276][ T5332]  cfg80211_mlme_auth+0x59f/0x970
[   74.819283][ T5332]  cfg80211_conn_do_work+0x601/0xeb0
[   74.821368][ T5332]  ? __pfx_cfg80211_conn_do_work+0x10/0x10
[   74.823798][ T5332]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   74.826234][ T5332]  ? lockdep_hardirqs_on+0x99/0x150
[   74.828493][ T5332]  ? rcu_is_watching+0x15/0xb0
[   74.830527][ T5332]  ? trace_cfg80211_return_bss+0x87/0x210
[   74.832913][ T5332]  ? __cfg80211_get_bss+0x614/0x7d0
[   74.835131][ T5332]  ? cfg80211_connect+0x1854/0x22f0
[   74.837331][ T5332]  cfg80211_connect+0x190a/0x22f0
[   74.839415][ T5332]  ? __pfx_cfg80211_connect+0x10/0x10
[   74.841628][ T5332]  ? __asan_memset+0x23/0x50
[   74.843502][ T5332]  ? nl80211_crypto_settings+0xb6d/0xf10
[   74.845836][ T5332]  nl80211_connect+0x19ec/0x2140
[   74.847875][ T5332]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   74.850414][ T5332]  ? __pfx_nl80211_connect+0x10/0x10
[   74.852543][ T5332]  ? trace_contention_end+0x3c/0x120
[   74.854768][ T5332]  genl_rcv_msg+0xb1f/0xec0
[   74.856788][ T5332]  ? __pfx_genl_rcv_msg+0x10/0x10
[   74.858856][ T5332]  ? __pfx_lock_acquire+0x10/0x10
[   74.860896][ T5332]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   74.863144][ T5332]  ? __pfx_nl80211_connect+0x10/0x10
[   74.865307][ T5332]  ? __pfx_nl80211_post_doit+0x10/0x10
[   74.867489][ T5332]  ? __pfx___might_resched+0x10/0x10
[   74.869660][ T5332]  netlink_rcv_skb+0x206/0x480
[   74.871651][ T5332]  ? __pfx_genl_rcv_msg+0x10/0x10
[   74.873690][ T5332]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   74.875790][ T5332]  ? __netlink_deliver_tap+0x7b0/0x7f0
[   74.877876][ T5332]  genl_rcv+0x28/0x40
[   74.879531][ T5332]  netlink_unicast+0x7f6/0x990
[   74.881553][ T5332]  ? __pfx_netlink_unicast+0x10/0x10
[   74.883781][ T5332]  ? __virt_addr_valid+0x45f/0x530
[   74.885932][ T5332]  ? __phys_addr_symbol+0x2f/0x70
[   74.887979][ T5332]  ? __check_object_size+0x47a/0x730
[   74.890127][ T5332]  netlink_sendmsg+0x8de/0xcb0
[   74.892028][ T5332]  ? __pfx_netlink_sendmsg+0x10/0x10
[   74.894082][ T5332]  ? aa_sock_msg_perm+0x91/0x160
[   74.896090][ T5332]  ? __pfx_netlink_sendmsg+0x10/0x10
[   74.898210][ T5332]  __sock_sendmsg+0x221/0x270
[   74.900137][ T5332]  ____sys_sendmsg+0x53a/0x860
[   74.902032][ T5332]  ? __pfx_____sys_sendmsg+0x10/0x10
[   74.904146][ T5332]  ? __fget_files+0x2a/0x410
[   74.906010][ T5332]  ? __fget_files+0x2a/0x410
[   74.907917][ T5332]  __sys_sendmsg+0x269/0x350
[   74.909773][ T5332]  ? __pfx___sys_sendmsg+0x10/0x10
[   74.911813][ T5332]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   74.914244][ T5332]  ? do_syscall_64+0x100/0x230
[   74.916176][ T5332]  ? do_syscall_64+0xb6/0x230
[   74.918010][ T5332]  do_syscall_64+0xf3/0x230
[   74.919925][ T5332]  ? clear_bhb_loop+0x35/0x90
[   74.921852][ T5332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.924136][ T5332] RIP: 0033:0x7f752b38d169
[   74.925951][ T5332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.933756][ T5332] RSP: 002b:00007f752c10a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   74.937168][ T5332] RAX: ffffffffffffffda RBX: 00007f752b5a5fa0 RCX: 00007f752b38d169
[   74.940314][ T5332] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004
[   74.943239][ T5332] RBP: 00007f752b40e2a0 R08: 0000000000000000 R09: 0000000000000000
[   74.946170][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.949099][ T5332] R13: 0000000000000000 R14: 00007f752b5a5fa0 R15: 00007ffe1232be48
[   74.952180][ T5332]  </TASK>
[   74.953731][ T5332] Kernel Offset: disabled
[   74.955379][ T5332] Rebooting in 86400 seconds..