program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_REG(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000380)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)

[   85.961467][ T5303] Bluetooth: hci0: command tx timeout
[   86.042372][ T5320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   86.052159][ T5320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   86.057702][ T5320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   86.073515][ T5312] ------------[ cut here ]------------
[   86.075900][ T5312] WARNING: CPU: 0 PID: 5312 at net/mac80211/mlme.c:1124 ieee80211_prep_channel+0x490c/0x60f0
[   86.082086][ T5312] Modules linked in:
[   86.083881][ T5312] CPU: 0 UID: 0 PID: 5312 Comm: kworker/0:4 Not tainted 6.15.0-syzkaller-03478-gc89756bcf406 #0 PREEMPT(full) 
[   86.088784][ T5312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.093394][ T5312] Workqueue: events cfg80211_conn_work
[   86.095723][ T5312] RIP: 0010:ieee80211_prep_channel+0x490c/0x60f0
[   86.098491][ T5312] Code: c6 05 44 37 9c 04 01 48 c7 c7 d7 68 ad 8c be e8 03 00 00 48 c7 c2 40 6a ad 8c e8 3f 78 b0 f6 e9 17 ba ff ff e8 95 5b d2 f6 90 <0f> 0b 90 48 8b 7c 24 48 e8 27 54 2a f7 48 c7 44 24 48 ea ff ff ff
[   86.106659][ T5312] RSP: 0018:ffffc9000d46eb60 EFLAGS: 00010293
[   86.109158][ T5312] RAX: ffffffff8aed96bb RBX: 0000000000000000 RCX: ffff88801f1e4880
[   86.112463][ T5312] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   86.115539][ T5312] RBP: ffffc9000d46ef08 R08: ffff88801f1e4880 R09: 000000000000000e
[   86.119194][ T5312] R10: 000000000000000d R11: 0000000000000000 R12: ffffc9000d46ee10
[   86.122662][ T5312] R13: dffffc0000000000 R14: 1ffff1100a5a84eb R15: ffffc9000d46ee10
[   86.126013][ T5312] FS:  0000000000000000(0000) GS:ffff88808d28f000(0000) knlGS:0000000000000000
[   86.129693][ T5312] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.132556][ T5312] CR2: 00007f9be6784538 CR3: 000000001224e000 CR4: 0000000000352ef0
[   86.136039][ T5312] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   86.139413][ T5312] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   86.142914][ T5312] Call Trace:
[   86.144303][ T5312]  <TASK>
[   86.145567][ T5312]  ? ieee80211_prep_channel+0x202/0x60f0
[   86.147898][ T5312]  ? __lock_acquire+0xab9/0xd20
[   86.149962][ T5312]  ? __pfx_ieee80211_prep_channel+0x10/0x10
[   86.152570][ T5312]  ? __lruvec_stat_mod_folio+0x79/0x2f0
[   86.154954][ T5312]  ? __lruvec_stat_mod_folio+0x79/0x2f0
[   86.157275][ T5312]  ? ieee80211_prep_connection+0x50f/0x1600
[   86.159798][ T5312]  ieee80211_prep_connection+0xeb9/0x1600
[   86.162465][ T5312]  ieee80211_mgd_auth+0xee3/0x1770
[   86.164575][ T5312]  ? __lock_acquire+0xab9/0xd20
[   86.166610][ T5312]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.168817][ T5312]  ? __pfx_ieee80211_mgd_auth+0x10/0x10
[   86.171280][ T5312]  ? rcu_is_watching+0x15/0xb0
[   86.173369][ T5312]  cfg80211_mlme_auth+0x632/0x9c0
[   86.175511][ T5312]  cfg80211_conn_do_work+0x501/0xd10
[   86.177695][ T5312]  ? __pfx_cfg80211_conn_do_work+0x10/0x10
[   86.180087][ T5312]  ? lockdep_unlock+0x89/0x120
[   86.182235][ T5312]  ? cfg80211_conn_work+0x298/0x440
[   86.184370][ T5312]  cfg80211_conn_work+0x2c0/0x440
[   86.186461][ T5312]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   86.188999][ T5312]  ? __pfx_cfg80211_conn_work+0x10/0x10
[   86.191426][ T5312]  ? stack_trace_save+0x9c/0xe0
[   86.193679][ T5312]  ? __pfx_stack_trace_save+0x10/0x10
[   86.196403][ T5312]  ? check_path+0x21/0x40
[   86.198560][ T5312]  ? lockdep_unlock+0x89/0x120
[   86.200645][ T5312]  ? validate_chain+0x897/0x2140
[   86.202820][ T5312]  ? __lock_acquire+0xab9/0xd20
[   86.204864][ T5312]  ? process_scheduled_works+0x9ec/0x17a0
[   86.207366][ T5312]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.209561][ T5312]  ? process_scheduled_works+0x9ec/0x17a0
[   86.211990][ T5312]  ? process_scheduled_works+0x9ec/0x17a0
[   86.214338][ T5312]  process_scheduled_works+0xadb/0x17a0
[   86.216610][ T5312]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.219184][ T5312]  worker_thread+0x8a0/0xda0
[   86.221319][ T5312]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   86.224089][ T5312]  ? __kthread_parkme+0x7b/0x200
[   86.226248][ T5312]  kthread+0x711/0x8a0
[   86.227990][ T5312]  ? __pfx_worker_thread+0x10/0x10
[   86.230276][ T5312]  ? __pfx_kthread+0x10/0x10
[   86.232391][ T5312]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.234657][ T5312]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.236862][ T5312]  ? __pfx_kthread+0x10/0x10
[   86.238865][ T5312]  ret_from_fork+0x3fc/0x770
[   86.241021][ T5312]  ? __pfx_ret_from_fork+0x10/0x10
[   86.243226][ T5312]  ? __pfx_kthread+0x10/0x10
[   86.245151][ T5312]  ret_from_fork_asm+0x1a/0x30
[   86.247097][ T5312]  </TASK>
[   86.248393][ T5312] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   86.251475][ T5312] CPU: 0 UID: 0 PID: 5312 Comm: kworker/0:4 Not tainted 6.15.0-syzkaller-03478-gc89756bcf406 #0 PREEMPT(full) 
[   86.256384][ T5312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.261026][ T5312] Workqueue: events cfg80211_conn_work
[   86.263380][ T5312] Call Trace:
[   86.264845][ T5312]  <TASK>
[   86.266186][ T5312]  dump_stack_lvl+0x99/0x250
[   86.268116][ T5312]  ? __asan_memcpy+0x40/0x70
[   86.270119][ T5312]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.272280][ T5312]  ? __pfx__printk+0x10/0x10
[   86.274285][ T5312]  panic+0x2db/0x790
[   86.275959][ T5312]  ? __pfx_panic+0x10/0x10
[   86.278023][ T5312]  ? show_trace_log_lvl+0x4fb/0x550
[   86.280244][ T5312]  ? ret_from_fork_asm+0x1a/0x30
[   86.282329][ T5312]  __warn+0x31b/0x4b0
[   86.284049][ T5312]  ? ieee80211_prep_channel+0x490c/0x60f0
[   86.286425][ T5312]  ? ieee80211_prep_channel+0x490c/0x60f0
[   86.288800][ T5312]  report_bug+0x2be/0x4f0
[   86.290628][ T5312]  ? ieee80211_prep_channel+0x490c/0x60f0
[   86.293063][ T5312]  ? ieee80211_prep_channel+0x490c/0x60f0
[   86.295495][ T5312]  ? ieee80211_prep_channel+0x490e/0x60f0
[   86.297893][ T5312]  handle_bug+0x84/0x160
[   86.299704][ T5312]  exc_invalid_op+0x1a/0x50
[   86.301656][ T5312]  asm_exc_invalid_op+0x1a/0x20
[   86.303728][ T5312] RIP: 0010:ieee80211_prep_channel+0x490c/0x60f0
[   86.306468][ T5312] Code: c6 05 44 37 9c 04 01 48 c7 c7 d7 68 ad 8c be e8 03 00 00 48 c7 c2 40 6a ad 8c e8 3f 78 b0 f6 e9 17 ba ff ff e8 95 5b d2 f6 90 <0f> 0b 90 48 8b 7c 24 48 e8 27 54 2a f7 48 c7 44 24 48 ea ff ff ff
[   86.314465][ T5312] RSP: 0018:ffffc9000d46eb60 EFLAGS: 00010293
[   86.317019][ T5312] RAX: ffffffff8aed96bb RBX: 0000000000000000 RCX: ffff88801f1e4880
[   86.320213][ T5312] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   86.323485][ T5312] RBP: ffffc9000d46ef08 R08: ffff88801f1e4880 R09: 000000000000000e
[   86.326854][ T5312] R10: 000000000000000d R11: 0000000000000000 R12: ffffc9000d46ee10
[   86.330160][ T5312] R13: dffffc0000000000 R14: 1ffff1100a5a84eb R15: ffffc9000d46ee10
[   86.333471][ T5312]  ? ieee80211_prep_channel+0x490b/0x60f0
[   86.335954][ T5312]  ? ieee80211_prep_channel+0x202/0x60f0
[   86.338156][ T5312]  ? __lock_acquire+0xab9/0xd20
[   86.340205][ T5312]  ? __pfx_ieee80211_prep_channel+0x10/0x10
[   86.342759][ T5312]  ? __lruvec_stat_mod_folio+0x79/0x2f0
[   86.345239][ T5312]  ? __lruvec_stat_mod_folio+0x79/0x2f0
[   86.347692][ T5312]  ? ieee80211_prep_connection+0x50f/0x1600
[   86.350303][ T5312]  ieee80211_prep_connection+0xeb9/0x1600
[   86.352776][ T5312]  ieee80211_mgd_auth+0xee3/0x1770
[   86.355071][ T5312]  ? __lock_acquire+0xab9/0xd20
[   86.357161][ T5312]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.359308][ T5312]  ? __pfx_ieee80211_mgd_auth+0x10/0x10
[   86.361725][ T5312]  ? rcu_is_watching+0x15/0xb0
[   86.363790][ T5312]  cfg80211_mlme_auth+0x632/0x9c0
[   86.365937][ T5312]  cfg80211_conn_do_work+0x501/0xd10
[   86.368175][ T5312]  ? __pfx_cfg80211_conn_do_work+0x10/0x10
[   86.370702][ T5312]  ? lockdep_unlock+0x89/0x120
[   86.372781][ T5312]  ? cfg80211_conn_work+0x298/0x440
[   86.374907][ T5312]  cfg80211_conn_work+0x2c0/0x440
[   86.377092][ T5312]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   86.379687][ T5312]  ? __pfx_cfg80211_conn_work+0x10/0x10
[   86.381883][ T5312]  ? stack_trace_save+0x9c/0xe0
[   86.383770][ T5312]  ? __pfx_stack_trace_save+0x10/0x10
[   86.385895][ T5312]  ? check_path+0x21/0x40
[   86.387535][ T5312]  ? lockdep_unlock+0x89/0x120
[   86.389286][ T5312]  ? validate_chain+0x897/0x2140
[   86.391070][ T5312]  ? __lock_acquire+0xab9/0xd20
[   86.392849][ T5312]  ? process_scheduled_works+0x9ec/0x17a0
[   86.394972][ T5312]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.397005][ T5312]  ? process_scheduled_works+0x9ec/0x17a0
[   86.399364][ T5312]  ? process_scheduled_works+0x9ec/0x17a0
[   86.401638][ T5312]  process_scheduled_works+0xadb/0x17a0
[   86.403721][ T5312]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.406048][ T5312]  worker_thread+0x8a0/0xda0
[   86.407835][ T5312]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   86.410345][ T5312]  ? __kthread_parkme+0x7b/0x200
[   86.412309][ T5312]  kthread+0x711/0x8a0
[   86.413941][ T5312]  ? __pfx_worker_thread+0x10/0x10
[   86.415992][ T5312]  ? __pfx_kthread+0x10/0x10
[   86.418104][ T5312]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.420289][ T5312]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.422476][ T5312]  ? __pfx_kthread+0x10/0x10
[   86.424460][ T5312]  ret_from_fork+0x3fc/0x770
[   86.426523][ T5312]  ? __pfx_ret_from_fork+0x10/0x10
[   86.428665][ T5312]  ? __pfx_kthread+0x10/0x10
[   86.430560][ T5312]  ret_from_fork_asm+0x1a/0x30
[   86.432507][ T5312]  </TASK>
[   86.434186][ T5312] Kernel Offset: disabled
[   86.436088][ T5312] Rebooting in 86400 seconds..