program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000040)=@device_b, &(0x7f0000000280)=ANY=[@ANYBLOB="50000000080211000001ffffffffffff0802110000000000000000000000000064000100000602020202020201010b"], 0x48)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r8, &(0x7f0000000200)={0x0, 0xffffffffffffffc8, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0xfffffffffffffcb5, 0x1, 0x6}]}, 0x1c}}, 0x4000001)
recvmmsg(r8, &(0x7f0000004040)=[{{0x0, 0x0, &(0x7f0000002780)=[{&(0x7f0000000340)=""/240, 0xf0}, {&(0x7f0000000440)=""/96, 0x60}, {&(0x7f00000004c0)=""/77, 0x4d}, {&(0x7f0000000600)=""/160, 0xa0}, {&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f0000000540)=""/8, 0x8}], 0x6}, 0x1}], 0x1, 0x20, 0x0)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f00000021c0)=ANY=[@ANYBLOB="b00000000802110000010802110000000802110000001000000002"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000080211000001080211000000080211000000200004a000000c0001"], 0x3c)
r9 = memfd_create(&(0x7f0000000100)=';e\x00\x00\xa4\xd8\xe0\x9c\x7f9\x8aZ]3N\xbb\xe1^\x9c\xe1\x9b6s$0Y\xf8\x90\x00\x00\x00\x00\xd2~l\xf6\x12\xde\xdd\xd5\x1d\x96\xb0a\xad\xcd\x16\xd8G\xae\xd9DZm\xabO\xad\x11%\x7f`@\x16c\xc0\xb6\x1f\xe3\x00\x1a_\xc7\xbf\xa7T\xbe\x13\x8b\xb3r\x8fL\xe6\xba\xe7\x18\xb4$BIj\xa3\xc9\xc6|\x9b\x88\xddPx\x02I\xde\xe8\xcd\x02\xc1\xedc2\x06\xcbM\xfb\x13jZ\x96\xeej\x9b\xe4XjN\xb9>\xdf3U\r \x8dh8T/h)\x90\xff\x8d\xd9\x89\xab\xf8P\xacYtk\xa3\xed\xfa*8\x13\b\xce\xf8z\xed\xadnz\x96\xa3\x9a9R\xd9]\xe11We\xfe3\xe06\x1a^\x04^\xef\xa3\x0fU\x9b1\xc6J\x83\x9d[\\a\xfd\xdc\xa1\xcd\xbe\x9b\xc5z7\xe8VP\x89\x16MK`\xe5\x137\b\x00\x00\x00\xd5\x01\xea\x98\xe6Z\x95j\xe3\x0ek>\x14\x80\rXS\xce\xf9\x0e\x89\xc4\xc6\x1bOm4Lla\r\xce\x17\xb5r&\xf3\x96\xbc\xc39\xa7\x95\xd9F\x17', 0x0)
io_uring_setup(0x9, &(0x7f0000000380)={0x0, 0x20c8a2, 0x800, 0x8, 0x1dd})
semget$private(0x0, 0x6, 0x0)
semtimedop(0x0, &(0x7f0000000600)=[{0x0, 0x9}], 0x1, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{}], 0x1, 0x0)
close_range(r9, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_TDLS_OPER(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, r1, 0xfd39e943ccf1163b, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000010}, 0x50)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001d40)=@newtaction={0x84, 0x30, 0x1, 0x0, 0x0, {}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x84}}, 0x0)

[   75.762971][ T5295] Bluetooth: hci0: command tx timeout
[   75.842312][ T5314] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   75.875358][   T10] wlan1: No basic rates, using min rate instead
[   75.880054][   T10] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[   75.909089][   T10] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[   76.025092][   T70] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[   76.037265][   T70] wlan1: authenticated
[   76.039273][   T10] wlan1: associating to AP 08:02:11:00:00:00 with corrupt probe response
[   76.043773][ T5317] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   76.049652][   T70] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0xa004 status=0 aid=12)
[   76.053951][   T70] wlan1: No basic rates, using min rate instead
[   76.057344][ T5316] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   76.063143][   T70] wlan1: associated
[   77.759717][   T70] ------------[ cut here ]------------
[   77.762261][   T70] !sta
[   77.762269][   T70] WARNING: net/mac80211/mlme.c:4504 at ieee80211_mgd_probe_ap_send+0x497/0x560, CPU#0: kworker/u4:4/70
[   77.768400][   T70] Modules linked in:
[   77.770221][   T70] CPU: 0 UID: 0 PID: 70 Comm: kworker/u4:4 Not tainted syzkaller #0 PREEMPT(full) 
[   77.774275][   T70] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   77.778637][   T70] Workqueue: events_unbound cfg80211_wiphy_work
[   77.781334][   T70] RIP: 0010:ieee80211_mgd_probe_ap_send+0x497/0x560
[   77.784219][   T70] Code: 4c 89 fe 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 dd 2b 78 f6 e8 98 44 8c f6 90 0f 0b 90 e9 3a fc ff ff e8 8a 44 8c f6 90 <0f> 0b 90 e9 d3 fc ff ff e8 7c 44 8c f6 90 0f 0b 90 e9 3c ff ff ff
[   77.792702][   T70] RSP: 0018:ffffc90000b0fa60 EFLAGS: 00010293
[   77.798335][   T70] RAX: ffffffff8b3957a6 RBX: ffff888038348dc0 RCX: ffff8880009e4900
[   77.801611][   T70] RDX: 0000000000000000 RSI: ffffffff8e16564a RDI: ffff8880009e4900
[   77.804964][   T70] RBP: 0000000000000001 R08: ffff8880009e4900 R09: 000000000000000c
[   77.808082][   T70] R10: 000000000000000c R11: 0000000000000000 R12: ffff88803834aae2
[   77.811884][   T70] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff888038349d40
[   77.815428][   T70] FS:  0000000000000000(0000) GS:ffff88808ca5b000(0000) knlGS:0000000000000000
[   77.819120][   T70] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   77.823518][   T70] CR2: 000055d8adb78168 CR3: 0000000044cd4000 CR4: 0000000000352ef0
[   77.827013][   T70] Call Trace:
[   77.828591][   T70]  <TASK>
[   77.829869][   T70]  cfg80211_wiphy_work+0x2ab/0x4a0
[   77.832016][   T70]  ? process_scheduled_works+0xa25/0x1830
[   77.834447][   T70]  process_scheduled_works+0xb02/0x1830
[   77.836757][   T70]  ? __pfx_process_scheduled_works+0x10/0x10
[   77.839076][   T70]  ? assign_work+0x3d5/0x5e0
[   77.841131][   T70]  worker_thread+0xa50/0xfc0
[   77.843429][   T70]  kthread+0x388/0x470
[   77.845321][   T70]  ? __pfx_worker_thread+0x10/0x10
[   77.847535][   T70]  ? __pfx_kthread+0x10/0x10
[   77.849597][   T70]  ret_from_fork+0x51e/0xb90
[   77.851820][   T70]  ? __pfx_ret_from_fork+0x10/0x10
[   77.854147][   T70]  ? __switch_to+0xc7d/0x1450
[   77.856412][   T70]  ? __pfx_kthread+0x10/0x10
[   77.858514][   T70]  ret_from_fork_asm+0x1a/0x30
[   77.860659][   T70]  </TASK>
[   77.862033][   T70] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   77.865151][   T70] CPU: 0 UID: 0 PID: 70 Comm: kworker/u4:4 Not tainted syzkaller #0 PREEMPT(full) 
[   77.869116][   T70] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   77.873517][   T70] Workqueue: events_unbound cfg80211_wiphy_work
[   77.876213][   T70] Call Trace:
[   77.877747][   T70]  <TASK>
[   77.879153][   T70]  vpanic+0x56c/0xa60
[   77.881352][   T70]  ? __pfx__printk+0x10/0x10
[   77.883448][   T70]  ? __pfx_vpanic+0x10/0x10
[   77.885449][   T70]  ? is_bpf_text_address+0x292/0x2b0
[   77.887920][   T70]  ? is_bpf_text_address+0x26/0x2b0
[   77.890235][   T70]  panic+0xc5/0xd0
[   77.891996][   T70]  ? __pfx_panic+0x10/0x10
[   77.894034][   T70]  ? ret_from_fork_asm+0x1a/0x30
[   77.896225][   T70]  __warn+0x315/0x4f0
[   77.897992][   T70]  ? ieee80211_mgd_probe_ap_send+0x497/0x560
[   77.900924][   T70]  ? ieee80211_mgd_probe_ap_send+0x497/0x560
[   77.903702][   T70]  __report_bug+0x29a/0x540
[   77.905845][   T70]  ? lockdep_hardirqs_on+0x7a/0x110
[   77.908107][   T70]  ? ieee80211_mgd_probe_ap_send+0x497/0x560
[   77.910975][   T70]  ? __pfx___report_bug+0x10/0x10
[   77.913204][   T70]  ? __lock_acquire+0x6b5/0x2cf0
[   77.915307][   T70]  ? nla_put+0xd0/0x150
[   77.917075][   T70]  ? ieee80211_mgd_probe_ap_send+0x497/0x560
[   77.919219][   T70]  report_bug+0x16a/0x220
[   77.920943][   T70]  ? ieee80211_mgd_probe_ap_send+0x497/0x560
[   77.923620][   T70]  ? ieee80211_mgd_probe_ap_send+0x499/0x560
[   77.925799][   T70]  handle_bug+0x98/0x200
[   77.927533][   T70]  exc_invalid_op+0x1a/0x50
[   77.929369][   T70]  asm_exc_invalid_op+0x1a/0x20
[   77.931531][   T70] RIP: 0010:ieee80211_mgd_probe_ap_send+0x497/0x560
[   77.934438][   T70] Code: 4c 89 fe 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 dd 2b 78 f6 e8 98 44 8c f6 90 0f 0b 90 e9 3a fc ff ff e8 8a 44 8c f6 90 <0f> 0b 90 e9 d3 fc ff ff e8 7c 44 8c f6 90 0f 0b 90 e9 3c ff ff ff
[   77.942222][   T70] RSP: 0018:ffffc90000b0fa60 EFLAGS: 00010293
[   77.944892][   T70] RAX: ffffffff8b3957a6 RBX: ffff888038348dc0 RCX: ffff8880009e4900
[   77.948243][   T70] RDX: 0000000000000000 RSI: ffffffff8e16564a RDI: ffff8880009e4900
[   77.951740][   T70] RBP: 0000000000000001 R08: ffff8880009e4900 R09: 000000000000000c
[   77.955168][   T70] R10: 000000000000000c R11: 0000000000000000 R12: ffff88803834aae2
[   77.958538][   T70] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff888038349d40
[   77.962073][   T70]  ? ieee80211_mgd_probe_ap_send+0x496/0x560
[   77.964803][   T70]  cfg80211_wiphy_work+0x2ab/0x4a0
[   77.967119][   T70]  ? process_scheduled_works+0xa25/0x1830
[   77.969668][   T70]  process_scheduled_works+0xb02/0x1830
[   77.972166][   T70]  ? __pfx_process_scheduled_works+0x10/0x10
[   77.974854][   T70]  ? assign_work+0x3d5/0x5e0
[   77.976844][   T70]  worker_thread+0xa50/0xfc0
[   77.978987][   T70]  kthread+0x388/0x470
[   77.980578][   T70]  ? __pfx_worker_thread+0x10/0x10
[   77.982676][   T70]  ? __pfx_kthread+0x10/0x10
[   77.984449][   T70]  ret_from_fork+0x51e/0xb90
[   77.986428][   T70]  ? __pfx_ret_from_fork+0x10/0x10
[   77.988692][   T70]  ? __switch_to+0xc7d/0x1450
[   77.990801][   T70]  ? __pfx_kthread+0x10/0x10
[   77.992839][   T70]  ret_from_fork_asm+0x1a/0x30
[   77.994977][   T70]  </TASK>
[   77.996637][   T70] Kernel Offset: disabled
[   77.998533][   T70] Rebooting in 86400 seconds..