program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x30, 0x3e, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0xd, 0x0, 0x0, @uid}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0xc880)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
pipe2$9p(&(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r5, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r6 = dup(r5)
write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x50)
write$FUSE_DIRENTPLUS(r6, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10)
write$FUSE_DIRENTPLUS(r6, &(0x7f0000000280)=ANY=[], 0xa8)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x10, &(0x7f00000005c0)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000600)={0x1, {&(0x7f0000000440)=""/93, 0x5d, &(0x7f0000000580)=""/78, 0x2, 0x3}}, 0x48)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@ipv4_newroute={0x30, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0xd00}, [@RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @LWTUNNEL_IP6_HOPLIMIT={0x5}}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x7}]}, 0x30}}, 0x0)
accept$netrom(r6, &(0x7f0000000680)={{0x3, @netrom}, [@null, @netrom, @remote, @netrom, @default, @remote, @rose, @null]}, &(0x7f0000000200)=0x48)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=ANY=[@ANYBLOB="80000000080211000001080211000001080211000000000000000000000000006400010005037c200825030002"], 0x64)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000280)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @random=0x9, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x1, 0xffffffffffffffff, 0x1, 0x1, 0x2, 0x4, 0x21}}}, 0x3f)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)

[   68.610430][ T5333] Bluetooth: hci0: command tx timeout
[   68.643992][ T5354] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   68.746726][ T5354] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   68.785077][ T5352] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[   68.788750][ T5352] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[   68.803043][ T1043] wlan1: authenticated
[   68.805201][ T5354] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   68.811281][ T1043] wlan1: associate with 08:02:11:00:00:00 (try 1/3)
[   68.816917][ T1043] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1)
[   68.820643][ T5354] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   68.825181][ T1043] wlan1: associated
[   68.829792][ T5354] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   68.837003][ T5354] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   68.846636][   T12] ------------[ cut here ]------------
[   68.849134][   T12] WARNING: CPU: 0 PID: 12 at net/wireless/scan.c:1666 cfg80211_rehash_bss+0x1e6/0x540
[   68.853336][   T12] Modules linked in:
[   68.855154][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:0 Not tainted syzkaller #0 PREEMPT(full) 
[   68.859152][   T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.863977][   T12] Workqueue: events_unbound cfg80211_wiphy_work
[   68.866739][   T12] RIP: 0010:cfg80211_rehash_bss+0x1e6/0x540
[   68.869391][   T12] Code: e8 48 c1 e8 03 42 0f b6 04 30 84 c0 0f 85 33 03 00 00 ff 45 00 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 0c 3d af 00 cc 90 <0f> 0b 90 4c 8b 2c 24 4c 89 ef e8 7b 4c 02 fa 84 c0 74 78 e8 e2 dd
[   68.877861][   T12] RSP: 0018:ffffc900001e6f20 EFLAGS: 00010246
[   68.880628][   T12] RAX: ffffffff8acfee15 RBX: 0000000000000000 RCX: 0000000000000002
[   68.884096][   T12] RDX: ffff88801c6fc880 RSI: 0000000000000000 RDI: 0000000000000000
[   68.887585][   T12] RBP: ffff88803eb25868 R08: 0000000000000000 R09: 0000000000000002
[   68.891133][   T12] R10: 0000000000000002 R11: 0000000000000002 R12: ffff888032d781a0
[   68.894573][   T12] R13: ffff8880400d5430 R14: dffffc0000000000 R15: ffff888040105020
[   68.898051][   T12] FS:  0000000000000000(0000) GS:ffff88808d00a000(0000) knlGS:0000000000000000
[   68.901909][   T12] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.904763][   T12] CR2: 00007f9f65dbdf70 CR3: 00000000423f1000 CR4: 0000000000352ef0
[   68.908310][   T12] Call Trace:
[   68.909769][   T12]  <TASK>
[   68.911151][   T12]  cfg80211_update_assoc_bss_entry+0x3f6/0x6a0
[   68.913778][   T12]  cfg80211_ch_switch_notify+0x3c1/0x780
[   68.916225][   T12]  ieee80211_sta_process_chanswitch+0xad4/0x2870
[   68.919044][   T12]  ? __lock_acquire+0xab9/0xd20
[   68.921334][   T12]  ? __pfx_ieee80211_sta_process_chanswitch+0x10/0x10
[   68.924292][   T12]  ? __local_bh_enable_ip+0x12d/0x1c0
[   68.926518][   T12]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   68.928912][   T12]  ieee80211_rx_mgmt_beacon+0x19c7/0x2cd0
[   68.931267][   T12]  ? __lock_acquire+0xab9/0xd20
[   68.933256][   T12]  ? __pfx_ieee80211_rx_mgmt_beacon+0x10/0x10
[   68.935711][   T12]  ieee80211_sta_rx_queued_mgmt+0x4ed/0x4470
[   68.938101][   T12]  ? __pfx_ieee80211_sta_rx_queued_mgmt+0x10/0x10
[   68.940703][   T12]  ? arch_stack_walk+0x11c/0x150
[   68.942653][   T12]  ? ret_from_fork_asm+0x1a/0x30
[   68.944826][   T12]  ? stack_trace_save+0x9c/0xe0
[   68.946937][   T12]  ? __pfx_stack_trace_save+0x10/0x10
[   68.949244][   T12]  ? stack_depot_save_flags+0x40/0x860
[   68.951641][   T12]  ? __lock_acquire+0xab9/0xd20
[   68.953824][   T12]  ? __lock_acquire+0xab9/0xd20
[   68.955987][   T12]  ? __lock_acquire+0xab9/0xd20
[   68.958148][   T12]  ? kcov_remote_start+0x4d3/0x7f0
[   68.960549][   T12]  ieee80211_iface_work+0x652/0x12d0
[   68.962960][   T12]  cfg80211_wiphy_work+0x2b8/0x470
[   68.965290][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[   68.967846][   T12]  process_scheduled_works+0xae1/0x17b0
[   68.970474][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[   68.973186][   T12]  worker_thread+0x8a0/0xda0
[   68.975304][   T12]  kthread+0x70e/0x8a0
[   68.977165][   T12]  ? __pfx_worker_thread+0x10/0x10
[   68.979456][   T12]  ? __pfx_kthread+0x10/0x10
[   68.981615][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[   68.983965][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.986259][   T12]  ? __pfx_kthread+0x10/0x10
[   68.988362][   T12]  ret_from_fork+0x436/0x7d0
[   68.990535][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[   68.992866][   T12]  ? __pfx_kthread+0x10/0x10
[   68.994962][   T12]  ret_from_fork_asm+0x1a/0x30
[   68.997177][   T12]  </TASK>
[   68.998575][   T12] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   69.001817][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:0 Not tainted syzkaller #0 PREEMPT(full) 
[   69.005879][   T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.010620][   T12] Workqueue: events_unbound cfg80211_wiphy_work
[   69.013419][   T12] Call Trace:
[   69.014887][   T12]  <TASK>
[   69.016257][   T12]  dump_stack_lvl+0x99/0x250
[   69.018307][   T12]  ? __asan_memcpy+0x40/0x70
[   69.020321][   T12]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.022563][   T12]  ? __pfx__printk+0x10/0x10
[   69.024622][   T12]  vpanic+0x281/0x750
[   69.026360][   T12]  ? __pfx__printk+0x10/0x10
[   69.028383][   T12]  ? __pfx_vpanic+0x10/0x10
[   69.030361][   T12]  ? is_bpf_text_address+0x26/0x2b0
[   69.032700][   T12]  panic+0xb9/0xc0
[   69.034384][   T12]  ? __pfx_panic+0x10/0x10
[   69.036419][   T12]  __warn+0x31b/0x4b0
[   69.038217][   T12]  ? cfg80211_rehash_bss+0x1e6/0x540
[   69.040577][   T12]  ? cfg80211_rehash_bss+0x1e6/0x540
[   69.042939][   T12]  report_bug+0x2be/0x4f0
[   69.044836][   T12]  ? cfg80211_rehash_bss+0x1e6/0x540
[   69.047147][   T12]  ? cfg80211_rehash_bss+0x1e6/0x540
[   69.049426][   T12]  ? cfg80211_rehash_bss+0x1e8/0x540
[   69.051569][   T12]  handle_bug+0x84/0x160
[   69.053259][   T12]  exc_invalid_op+0x1a/0x50
[   69.054941][   T12]  asm_exc_invalid_op+0x1a/0x20
[   69.057041][   T12] RIP: 0010:cfg80211_rehash_bss+0x1e6/0x540
[   69.059651][   T12] Code: e8 48 c1 e8 03 42 0f b6 04 30 84 c0 0f 85 33 03 00 00 ff 45 00 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 0c 3d af 00 cc 90 <0f> 0b 90 4c 8b 2c 24 4c 89 ef e8 7b 4c 02 fa 84 c0 74 78 e8 e2 dd
[   69.067804][   T12] RSP: 0018:ffffc900001e6f20 EFLAGS: 00010246
[   69.070268][   T12] RAX: ffffffff8acfee15 RBX: 0000000000000000 RCX: 0000000000000002
[   69.073294][   T12] RDX: ffff88801c6fc880 RSI: 0000000000000000 RDI: 0000000000000000
[   69.076430][   T12] RBP: ffff88803eb25868 R08: 0000000000000000 R09: 0000000000000002
[   69.079654][   T12] R10: 0000000000000002 R11: 0000000000000002 R12: ffff888032d781a0
[   69.083162][   T12] R13: ffff8880400d5430 R14: dffffc0000000000 R15: ffff888040105020
[   69.086659][   T12]  ? cfg80211_rehash_bss+0xe5/0x540
[   69.089025][   T12]  cfg80211_update_assoc_bss_entry+0x3f6/0x6a0
[   69.092004][   T12]  cfg80211_ch_switch_notify+0x3c1/0x780
[   69.094445][   T12]  ieee80211_sta_process_chanswitch+0xad4/0x2870
[   69.097177][   T12]  ? __lock_acquire+0xab9/0xd20
[   69.099336][   T12]  ? __pfx_ieee80211_sta_process_chanswitch+0x10/0x10
[   69.102345][   T12]  ? __local_bh_enable_ip+0x12d/0x1c0
[   69.104730][   T12]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   69.107320][   T12]  ieee80211_rx_mgmt_beacon+0x19c7/0x2cd0
[   69.109653][   T12]  ? __lock_acquire+0xab9/0xd20
[   69.111698][   T12]  ? __pfx_ieee80211_rx_mgmt_beacon+0x10/0x10
[   69.114295][   T12]  ieee80211_sta_rx_queued_mgmt+0x4ed/0x4470
[   69.117251][   T12]  ? __pfx_ieee80211_sta_rx_queued_mgmt+0x10/0x10
[   69.120959][   T12]  ? arch_stack_walk+0x11c/0x150
[   69.123938][   T12]  ? ret_from_fork_asm+0x1a/0x30
[   69.126321][   T12]  ? stack_trace_save+0x9c/0xe0
[   69.128462][   T12]  ? __pfx_stack_trace_save+0x10/0x10
[   69.131084][   T12]  ? stack_depot_save_flags+0x40/0x860
[   69.134070][   T12]  ? __lock_acquire+0xab9/0xd20
[   69.136222][   T12]  ? __lock_acquire+0xab9/0xd20
[   69.138008][   T12]  ? __lock_acquire+0xab9/0xd20
[   69.140072][   T12]  ? kcov_remote_start+0x4d3/0x7f0
[   69.142375][   T12]  ieee80211_iface_work+0x652/0x12d0
[   69.144847][   T12]  cfg80211_wiphy_work+0x2b8/0x470
[   69.147172][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[   69.149717][   T12]  process_scheduled_works+0xae1/0x17b0
[   69.152283][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[   69.154922][   T12]  worker_thread+0x8a0/0xda0
[   69.156993][   T12]  kthread+0x70e/0x8a0
[   69.158896][   T12]  ? __pfx_worker_thread+0x10/0x10
[   69.161256][   T12]  ? __pfx_kthread+0x10/0x10
[   69.163385][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[   69.165706][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[   69.168033][   T12]  ? __pfx_kthread+0x10/0x10
[   69.170149][   T12]  ret_from_fork+0x436/0x7d0
[   69.172337][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[   69.174471][   T12]  ? __pfx_kthread+0x10/0x10
[   69.176540][   T12]  ret_from_fork_asm+0x1a/0x30
[   69.178658][   T12]  </TASK>
[   69.180418][   T12] Kernel Offset: disabled
[   69.182430][   T12] Rebooting in 86400 seconds..