program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_LEAVE_OCB(r0, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x1c, r1, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000880}, 0x4000080)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0500000000000000000021"], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="5000000008021100000108021100000008021100000000000000000000000000010001000006020202020202010182"], 0x54)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r8 = memfd_create(&(0x7f0000000100)='+\x88\xc7s\x00\x00\x942nodev\x00\x00\x8cZ_Pv\x03\xa7\xc1\b\xec\x90Q\x85\x83\xcd\x16\xdcw\'\x8a\xe5N\x8c\x17\xfd\xc5\xad\xd5y\x15\x1fx\x17\f\xbc\xd1.\x8cA\x17\x86\xb7-j!Y\x92\xd9\xc4\r8\xd0\xc9X\xa7\x11\xa3\xf0\x8a*\xbc\x87\xcd\x1fl\xfc\xf3]\xb8\xbd\x02\v<\fl\xa6]\xa5\xfb\x05\xcb\x9c\xe2\xc8\x05\xa5\xa5\xeb\xa9\xef\xe3\xf1b\x81\xec\xac\xb6\x80\xd5\xf5S\x85\x06O\x05\xb8\xa1\x15\xcc\x17\xe8s\x95\x95B\xee_\x98\x91)\xe7\xa8+\x8c\xee\x83@q\x16\xcf3\x0f\x81\xa8\xa9`i\x01m:\xcc\x1c\xed<\xcfA3n\xfd\n>\x03\xae\f \xdbH\'\x05\x82\xdbLE\x14\xcdq\x1abcf\xdb8\xe9a\xa8\x00'/201, 0x2)
fcntl$addseals(r8, 0x409, 0x12)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000003, 0x11, r8, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x28, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_genetlink_get_family_id$devlink(&(0x7f0000000400), r6)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r11, 0x5, 0x3, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}]}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={0x30, r1, 0xfd39e943ccf1163b, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000010}, 0x50)

[   76.304493][ T4663] Bluetooth: hci0: command tx timeout
[   76.311191][ T1311] ieee802154 phy0 wpan0: encryption failed: -22
[   76.320561][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[   76.380645][ T5318] netlink: 4 bytes leftover after parsing attributes in process `syz.0.0'.
[   76.395489][ T5318] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   76.417751][ T5318] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[   76.421584][ T5318] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[   76.430251][ T5318] ------------[ cut here ]------------
[   76.432631][ T5318] WARNING: CPU: 0 PID: 5318 at net/mac80211/tdls.c:1461 ieee80211_tdls_oper+0x364/0x640
[   76.437335][ T5318] Modules linked in:
[   76.439218][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[   76.444632][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.449346][ T5318] RIP: 0010:ieee80211_tdls_oper+0x364/0x640
[   76.452039][ T5318] Code: 6f 01 00 00 e8 ed 45 d7 f6 eb 22 e8 e6 45 d7 f6 4c 89 e2 eb 21 e8 dc 45 d7 f6 b8 bd ff ff ff e9 1c fe ff ff e8 cd 45 d7 f6 90 <0f> 0b 90 4c 8b 7c 24 08 48 8b 14 24 4d 8d a7 2a 1d 00 00 4c 89 e0
[   76.460626][ T5318] RSP: 0018:ffffc9000d53f380 EFLAGS: 00010287
[   76.463461][ T5318] RAX: ffffffff8ae8ac03 RBX: dffffc0000000000 RCX: 0000000000100000
[   76.467121][ T5318] RDX: ffffc9000e292000 RSI: 00000000000002d3 RDI: 00000000000002d4
[   76.470481][ T5318] RBP: 0000000000000000 R08: ffff888052b38187 R09: 1ffff1100a567030
[   76.474281][ T5318] R10: dffffc0000000000 R11: ffffed100a567031 R12: ffff8880528bdd2e
[   76.477654][ T5318] R13: ffff8880528bcd80 R14: 1ffff1100a517ae4 R15: 0000000000000000
[   76.481208][ T5318] FS:  00007fe7e8db56c0(0000) GS:ffff88808d6c2000(0000) knlGS:0000000000000000
[   76.485245][ T5318] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.488013][ T5318] CR2: 00007fe7e8ce7d60 CR3: 000000003ffcc000 CR4: 0000000000352ef0
[   76.491797][ T5318] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   76.495568][ T5318] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   76.498923][ T5318] Call Trace:
[   76.500349][ T5318]  <TASK>
[   76.501645][ T5318]  nl80211_tdls_oper+0x282/0x440
[   76.504052][ T5318]  genl_family_rcv_msg_doit+0x212/0x300
[   76.506530][ T5318]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   76.509521][ T5318]  ? bpf_lsm_capable+0x9/0x20
[   76.511606][ T5318]  ? security_capable+0x7e/0x2e0
[   76.514038][ T5318]  genl_rcv_msg+0x60e/0x790
[   76.516069][ T5318]  ? __pfx_genl_rcv_msg+0x10/0x10
[   76.518308][ T5318]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   76.520657][ T5318]  ? __pfx_nl80211_tdls_oper+0x10/0x10
[   76.522993][ T5318]  ? __pfx_nl80211_post_doit+0x10/0x10
[   76.525488][ T5318]  ? ref_tracker_free+0x63a/0x7d0
[   76.527635][ T5318]  ? __copy_skb_header+0xa7/0x550
[   76.529814][ T5318]  netlink_rcv_skb+0x21c/0x490
[   76.531896][ T5318]  ? __pfx_genl_rcv_msg+0x10/0x10
[   76.534504][ T5318]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   76.536875][ T5318]  ? down_read+0x1ad/0x2e0
[   76.538793][ T5318]  genl_rcv+0x28/0x40
[   76.540604][ T5318]  netlink_unicast+0x758/0x8d0
[   76.542655][ T5318]  netlink_sendmsg+0x805/0xb30
[   76.544893][ T5318]  ? __pfx_netlink_sendmsg+0x10/0x10
[   76.547239][ T5318]  ? aa_sock_msg_perm+0x94/0x160
[   76.549477][ T5318]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   76.551836][ T5318]  ? __pfx_netlink_sendmsg+0x10/0x10
[   76.554292][ T5318]  __sock_sendmsg+0x219/0x270
[   76.556337][ T5318]  ____sys_sendmsg+0x505/0x830
[   76.558497][ T5318]  ? __pfx_____sys_sendmsg+0x10/0x10
[   76.560850][ T5318]  ? import_iovec+0x74/0xa0
[   76.562848][ T5318]  ___sys_sendmsg+0x21f/0x2a0
[   76.565000][ T5318]  ? __pfx____sys_sendmsg+0x10/0x10
[   76.567269][ T5318]  ? __fget_files+0x2a/0x420
[   76.569298][ T5318]  ? __fget_files+0x3a0/0x420
[   76.571230][ T5318]  __x64_sys_sendmsg+0x19b/0x260
[   76.573383][ T5318]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   76.575837][ T5318]  ? do_syscall_64+0xba/0x210
[   76.577788][ T5318]  do_syscall_64+0xf6/0x210
[   76.579780][ T5318]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   76.582440][ T5318]  ? clear_bhb_loop+0x60/0xb0
[   76.584564][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.587085][ T5318] RIP: 0033:0x7fe7e7f8e969
[   76.588974][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.597397][ T5318] RSP: 002b:00007fe7e8db5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   76.600882][ T5318] RAX: ffffffffffffffda RBX: 00007fe7e81b5fa0 RCX: 00007fe7e7f8e969
[   76.604681][ T5318] RDX: 0000000000000050 RSI: 0000200000000240 RDI: 0000000000000003
[   76.608307][ T5318] RBP: 00007fe7e8010ab1 R08: 0000000000000000 R09: 0000000000000000
[   76.611575][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.615043][ T5318] R13: 0000000000000000 R14: 00007fe7e81b5fa0 R15: 00007ffdde0dbf48
[   76.618395][ T5318]  </TASK>
[   76.619711][ T5318] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   76.622739][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[   76.627539][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.631913][ T5318] Call Trace:
[   76.633342][ T5318]  <TASK>
[   76.634612][ T5318]  dump_stack_lvl+0x99/0x250
[   76.636539][ T5318]  ? __asan_memcpy+0x40/0x70
[   76.638603][ T5318]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.640812][ T5318]  ? __pfx__printk+0x10/0x10
[   76.642733][ T5318]  panic+0x2db/0x790
[   76.644364][ T5318]  ? __pfx_panic+0x10/0x10
[   76.646204][ T5318]  ? show_trace_log_lvl+0x4fb/0x550
[   76.648461][ T5318]  __warn+0x31b/0x4b0
[   76.650102][ T5318]  ? ieee80211_tdls_oper+0x364/0x640
[   76.652360][ T5318]  ? ieee80211_tdls_oper+0x364/0x640
[   76.654551][ T5318]  report_bug+0x2be/0x4f0
[   76.656388][ T5318]  ? ieee80211_tdls_oper+0x364/0x640
[   76.658531][ T5318]  ? ieee80211_tdls_oper+0x364/0x640
[   76.660768][ T5318]  ? ieee80211_tdls_oper+0x366/0x640
[   76.662970][ T5318]  handle_bug+0x84/0x160
[   76.664845][ T5318]  exc_invalid_op+0x1a/0x50
[   76.666892][ T5318]  asm_exc_invalid_op+0x1a/0x20
[   76.669054][ T5318] RIP: 0010:ieee80211_tdls_oper+0x364/0x640
[   76.671597][ T5318] Code: 6f 01 00 00 e8 ed 45 d7 f6 eb 22 e8 e6 45 d7 f6 4c 89 e2 eb 21 e8 dc 45 d7 f6 b8 bd ff ff ff e9 1c fe ff ff e8 cd 45 d7 f6 90 <0f> 0b 90 4c 8b 7c 24 08 48 8b 14 24 4d 8d a7 2a 1d 00 00 4c 89 e0
[   76.680006][ T5318] RSP: 0018:ffffc9000d53f380 EFLAGS: 00010287
[   76.682615][ T5318] RAX: ffffffff8ae8ac03 RBX: dffffc0000000000 RCX: 0000000000100000
[   76.686005][ T5318] RDX: ffffc9000e292000 RSI: 00000000000002d3 RDI: 00000000000002d4
[   76.689310][ T5318] RBP: 0000000000000000 R08: ffff888052b38187 R09: 1ffff1100a567030
[   76.692500][ T5318] R10: dffffc0000000000 R11: ffffed100a567031 R12: ffff8880528bdd2e
[   76.695706][ T5318] R13: ffff8880528bcd80 R14: 1ffff1100a517ae4 R15: 0000000000000000
[   76.699074][ T5318]  ? ieee80211_tdls_oper+0x363/0x640
[   76.701380][ T5318]  nl80211_tdls_oper+0x282/0x440
[   76.703533][ T5318]  genl_family_rcv_msg_doit+0x212/0x300
[   76.705914][ T5318]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   76.708608][ T5318]  ? bpf_lsm_capable+0x9/0x20
[   76.710818][ T5318]  ? security_capable+0x7e/0x2e0
[   76.713000][ T5318]  genl_rcv_msg+0x60e/0x790
[   76.715049][ T5318]  ? __pfx_genl_rcv_msg+0x10/0x10
[   76.717383][ T5318]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   76.719616][ T5318]  ? __pfx_nl80211_tdls_oper+0x10/0x10
[   76.721934][ T5318]  ? __pfx_nl80211_post_doit+0x10/0x10
[   76.724225][ T5318]  ? ref_tracker_free+0x63a/0x7d0
[   76.726527][ T5318]  ? __copy_skb_header+0xa7/0x550
[   76.728812][ T5318]  netlink_rcv_skb+0x21c/0x490
[   76.730933][ T5318]  ? __pfx_genl_rcv_msg+0x10/0x10
[   76.733206][ T5318]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   76.735574][ T5318]  ? down_read+0x1ad/0x2e0
[   76.737608][ T5318]  genl_rcv+0x28/0x40
[   76.739355][ T5318]  netlink_unicast+0x758/0x8d0
[   76.741449][ T5318]  netlink_sendmsg+0x805/0xb30
[   76.743502][ T5318]  ? __pfx_netlink_sendmsg+0x10/0x10
[   76.745853][ T5318]  ? aa_sock_msg_perm+0x94/0x160
[   76.747966][ T5318]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   76.750358][ T5318]  ? __pfx_netlink_sendmsg+0x10/0x10
[   76.752628][ T5318]  __sock_sendmsg+0x219/0x270
[   76.754631][ T5318]  ____sys_sendmsg+0x505/0x830
[   76.756766][ T5318]  ? __pfx_____sys_sendmsg+0x10/0x10
[   76.759096][ T5318]  ? import_iovec+0x74/0xa0
[   76.761130][ T5318]  ___sys_sendmsg+0x21f/0x2a0
[   76.763176][ T5318]  ? __pfx____sys_sendmsg+0x10/0x10
[   76.765402][ T5318]  ? __fget_files+0x2a/0x420
[   76.767416][ T5318]  ? __fget_files+0x3a0/0x420
[   76.769414][ T5318]  __x64_sys_sendmsg+0x19b/0x260
[   76.771535][ T5318]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   76.774060][ T5318]  ? do_syscall_64+0xba/0x210
[   76.776062][ T5318]  do_syscall_64+0xf6/0x210
[   76.778074][ T5318]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   76.780605][ T5318]  ? clear_bhb_loop+0x60/0xb0
[   76.782533][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.784990][ T5318] RIP: 0033:0x7fe7e7f8e969
[   76.787047][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.795025][ T5318] RSP: 002b:00007fe7e8db5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   76.798513][ T5318] RAX: ffffffffffffffda RBX: 00007fe7e81b5fa0 RCX: 00007fe7e7f8e969
[   76.801897][ T5318] RDX: 0000000000000050 RSI: 0000200000000240 RDI: 0000000000000003
[   76.805267][ T5318] RBP: 00007fe7e8010ab1 R08: 0000000000000000 R09: 0000000000000000
[   76.808649][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.812089][ T5318] R13: 0000000000000000 R14: 00007fe7e81b5fa0 R15: 00007ffdde0dbf48
[   76.815401][ T5318]  </TASK>
[   76.817091][ T5318] Kernel Offset: disabled
[   76.818921][ T5318] Rebooting in 86400 seconds..