program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r3)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0500000000000000000021"], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="5000000008021100000108021100000008021100000000000000000000000000010001000006020202020202010182"], 0x54)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000040)=@broadcast, &(0x7f0000000280)=@data_frame={@a_msdu=@type11={{0x0, 0x2, 0x3, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x14f5}, @broadcast, @device_b, @random="cb426a7ec570", {0x9, 0xd}, @device_b}, @a_msdu=[{@broadcast, @broadcast, 0x3b, "babc3d6fc9844474eb3e5ae0532a491a1cf7775ddfccb9d9af47dd9ab2a33af8f35dd1b050d49e4244384de892a4ddc00258282f2b48b023c6cbe5"}]}, 0x6a)
sendmsg$NL80211_CMD_CONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x28, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x30, r1, 0xfd39e943ccf1163b, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0)
sendmsg$NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x40, r1, 0x1, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x0, 0x6a}}}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x6}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x1}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x3ff}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000001}, 0x24040000)

[   68.836377][ T5298] Bluetooth: hci0: command tx timeout
[   68.904876][ T5313] netlink: 4 bytes leftover after parsing attributes in process `syz.0.0'.
[   68.912321][ T5313] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   68.931582][ T5313] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   68.940374][ T5313] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[   68.944334][ T5313] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[   68.951264][ T5313] ------------[ cut here ]------------
[   68.953723][ T5313] WARNING: CPU: 0 PID: 5313 at net/mac80211/tdls.c:1461 ieee80211_tdls_oper+0x364/0x640
[   68.958770][ T5313] Modules linked in:
[   68.960659][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: syz.0.0 Not tainted 6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) 
[   68.965887][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.970666][ T5313] RIP: 0010:ieee80211_tdls_oper+0x364/0x640
[   68.973208][ T5313] Code: 6f 01 00 00 e8 4d 83 d7 f6 eb 22 e8 46 83 d7 f6 4c 89 e2 eb 21 e8 3c 83 d7 f6 b8 bd ff ff ff e9 1c fe ff ff e8 2d 83 d7 f6 90 <0f> 0b 90 4c 8b 7c 24 08 48 8b 14 24 4d 8d a7 2a 1d 00 00 4c 89 e0
[   68.981293][ T5313] RSP: 0018:ffffc9000d377380 EFLAGS: 00010287
[   68.983718][ T5313] RAX: ffffffff8ae84d23 RBX: dffffc0000000000 RCX: 0000000000100000
[   68.986919][ T5313] RDX: ffffc9000df72000 RSI: 0000000000000327 RDI: 0000000000000328
[   68.989949][ T5313] RBP: 0000000000000000 R08: ffff888052e08187 R09: 1ffff1100a5c1030
[   68.993187][ T5313] R10: dffffc0000000000 R11: ffffed100a5c1031 R12: ffff888052bd1d2e
[   68.996716][ T5313] R13: ffff888052bd0d80 R14: 1ffff1100a57a2e4 R15: 0000000000000000
[   69.000010][ T5313] FS:  00007fdfed7a16c0(0000) GS:ffff88808d6cb000(0000) knlGS:0000000000000000
[   69.003907][ T5313] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.006980][ T5313] CR2: 00007fdfed6e7d60 CR3: 000000003e8a0000 CR4: 0000000000352ef0
[   69.010453][ T5313] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   69.013982][ T5313] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   69.017486][ T5313] Call Trace:
[   69.018998][ T5313]  <TASK>
[   69.020398][ T5313]  nl80211_tdls_oper+0x282/0x440
[   69.022908][ T5313]  genl_family_rcv_msg_doit+0x212/0x300
[   69.025809][ T5313]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   69.028489][ T5313]  ? bpf_lsm_capable+0x9/0x20
[   69.030631][ T5313]  ? security_capable+0x7e/0x2e0
[   69.032864][ T5313]  genl_rcv_msg+0x60e/0x790
[   69.034975][ T5313]  ? __pfx_genl_rcv_msg+0x10/0x10
[   69.037330][ T5313]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   69.039574][ T5313]  ? __pfx_nl80211_tdls_oper+0x10/0x10
[   69.041812][ T5313]  ? __pfx_nl80211_post_doit+0x10/0x10
[   69.044109][ T5313]  ? ref_tracker_free+0x63a/0x7d0
[   69.046643][ T5313]  ? __copy_skb_header+0xa7/0x550
[   69.049094][ T5313]  netlink_rcv_skb+0x219/0x490
[   69.051139][ T5313]  ? __pfx_genl_rcv_msg+0x10/0x10
[   69.053320][ T5313]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   69.055835][ T5313]  ? down_read+0x1ad/0x2e0
[   69.058605][ T5313]  genl_rcv+0x28/0x40
[   69.060444][ T5313]  netlink_unicast+0x758/0x8d0
[   69.062521][ T5313]  netlink_sendmsg+0x805/0xb30
[   69.064623][ T5313]  ? __pfx_netlink_sendmsg+0x10/0x10
[   69.067071][ T5313]  ? aa_sock_msg_perm+0x94/0x160
[   69.069211][ T5313]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   69.071510][ T5313]  ? __pfx_netlink_sendmsg+0x10/0x10
[   69.073801][ T5313]  __sock_sendmsg+0x219/0x270
[   69.075713][ T5313]  ____sys_sendmsg+0x505/0x830
[   69.077783][ T5313]  ? __pfx_____sys_sendmsg+0x10/0x10
[   69.079921][ T5313]  ? import_iovec+0x74/0xa0
[   69.081821][ T5313]  ___sys_sendmsg+0x21f/0x2a0
[   69.083732][ T5313]  ? __pfx____sys_sendmsg+0x10/0x10
[   69.086196][ T5313]  ? __fget_files+0x2a/0x420
[   69.088169][ T5313]  ? __fget_files+0x3a0/0x420
[   69.090261][ T5313]  __x64_sys_sendmsg+0x19b/0x260
[   69.092378][ T5313]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   69.094784][ T5313]  ? do_syscall_64+0xba/0x210
[   69.097062][ T5313]  do_syscall_64+0xf6/0x210
[   69.099115][ T5313]  ? clear_bhb_loop+0x45/0xa0
[   69.101189][ T5313]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.103773][ T5313] RIP: 0033:0x7fdfec98e969
[   69.105729][ T5313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.113752][ T5313] RSP: 002b:00007fdfed7a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   69.117426][ T5313] RAX: ffffffffffffffda RBX: 00007fdfecbb5fa0 RCX: 00007fdfec98e969
[   69.120760][ T5313] RDX: 00000000000000c0 RSI: 0000200000000240 RDI: 0000000000000003
[   69.124069][ T5313] RBP: 00007fdfeca10ab1 R08: 0000000000000000 R09: 0000000000000000
[   69.127540][ T5313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.130762][ T5313] R13: 0000000000000000 R14: 00007fdfecbb5fa0 R15: 00007ffd1ab13e48
[   69.134121][ T5313]  </TASK>
[   69.135518][ T5313] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   69.138634][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: syz.0.0 Not tainted 6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) 
[   69.143548][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.148096][ T5313] Call Trace:
[   69.149565][ T5313]  <TASK>
[   69.150859][ T5313]  dump_stack_lvl+0x99/0x250
[   69.152820][ T5313]  ? __asan_memcpy+0x40/0x70
[   69.154928][ T5313]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.157146][ T5313]  ? __pfx__printk+0x10/0x10
[   69.159221][ T5313]  panic+0x2db/0x790
[   69.160944][ T5313]  ? __pfx_panic+0x10/0x10
[   69.162889][ T5313]  ? show_trace_log_lvl+0x4fb/0x550
[   69.165202][ T5313]  __warn+0x31b/0x4b0
[   69.166948][ T5313]  ? ieee80211_tdls_oper+0x364/0x640
[   69.169248][ T5313]  ? ieee80211_tdls_oper+0x364/0x640
[   69.171457][ T5313]  report_bug+0x2be/0x4f0
[   69.173359][ T5313]  ? ieee80211_tdls_oper+0x364/0x640
[   69.175578][ T5313]  ? ieee80211_tdls_oper+0x364/0x640
[   69.177802][ T5313]  ? ieee80211_tdls_oper+0x366/0x640
[   69.179992][ T5313]  handle_bug+0x84/0x160
[   69.181951][ T5313]  exc_invalid_op+0x1a/0x50
[   69.183987][ T5313]  asm_exc_invalid_op+0x1a/0x20
[   69.186220][ T5313] RIP: 0010:ieee80211_tdls_oper+0x364/0x640
[   69.188825][ T5313] Code: 6f 01 00 00 e8 4d 83 d7 f6 eb 22 e8 46 83 d7 f6 4c 89 e2 eb 21 e8 3c 83 d7 f6 b8 bd ff ff ff e9 1c fe ff ff e8 2d 83 d7 f6 90 <0f> 0b 90 4c 8b 7c 24 08 48 8b 14 24 4d 8d a7 2a 1d 00 00 4c 89 e0
[   69.196706][ T5313] RSP: 0018:ffffc9000d377380 EFLAGS: 00010287
[   69.199270][ T5313] RAX: ffffffff8ae84d23 RBX: dffffc0000000000 RCX: 0000000000100000
[   69.202616][ T5313] RDX: ffffc9000df72000 RSI: 0000000000000327 RDI: 0000000000000328
[   69.206041][ T5313] RBP: 0000000000000000 R08: ffff888052e08187 R09: 1ffff1100a5c1030
[   69.209433][ T5313] R10: dffffc0000000000 R11: ffffed100a5c1031 R12: ffff888052bd1d2e
[   69.212839][ T5313] R13: ffff888052bd0d80 R14: 1ffff1100a57a2e4 R15: 0000000000000000
[   69.216203][ T5313]  ? ieee80211_tdls_oper+0x363/0x640
[   69.218435][ T5313]  nl80211_tdls_oper+0x282/0x440
[   69.220532][ T5313]  genl_family_rcv_msg_doit+0x212/0x300
[   69.222963][ T5313]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   69.225634][ T5313]  ? bpf_lsm_capable+0x9/0x20
[   69.227649][ T5313]  ? security_capable+0x7e/0x2e0
[   69.229692][ T5313]  genl_rcv_msg+0x60e/0x790
[   69.231622][ T5313]  ? __pfx_genl_rcv_msg+0x10/0x10
[   69.233732][ T5313]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   69.235889][ T5313]  ? __pfx_nl80211_tdls_oper+0x10/0x10
[   69.238108][ T5313]  ? __pfx_nl80211_post_doit+0x10/0x10
[   69.240378][ T5313]  ? ref_tracker_free+0x63a/0x7d0
[   69.242516][ T5313]  ? __copy_skb_header+0xa7/0x550
[   69.244721][ T5313]  netlink_rcv_skb+0x219/0x490
[   69.246710][ T5313]  ? __pfx_genl_rcv_msg+0x10/0x10
[   69.248797][ T5313]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   69.251074][ T5313]  ? down_read+0x1ad/0x2e0
[   69.253043][ T5313]  genl_rcv+0x28/0x40
[   69.254927][ T5313]  netlink_unicast+0x758/0x8d0
[   69.256995][ T5313]  netlink_sendmsg+0x805/0xb30
[   69.259024][ T5313]  ? __pfx_netlink_sendmsg+0x10/0x10
[   69.261229][ T5313]  ? aa_sock_msg_perm+0x94/0x160
[   69.263287][ T5313]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   69.265539][ T5313]  ? __pfx_netlink_sendmsg+0x10/0x10
[   69.267712][ T5313]  __sock_sendmsg+0x219/0x270
[   69.269758][ T5313]  ____sys_sendmsg+0x505/0x830
[   69.271862][ T5313]  ? __pfx_____sys_sendmsg+0x10/0x10
[   69.274136][ T5313]  ? import_iovec+0x74/0xa0
[   69.276090][ T5313]  ___sys_sendmsg+0x21f/0x2a0
[   69.278054][ T5313]  ? __pfx____sys_sendmsg+0x10/0x10
[   69.280266][ T5313]  ? __fget_files+0x2a/0x420
[   69.282279][ T5313]  ? __fget_files+0x3a0/0x420
[   69.284368][ T5313]  __x64_sys_sendmsg+0x19b/0x260
[   69.286443][ T5313]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   69.288731][ T5313]  ? do_syscall_64+0xba/0x210
[   69.290764][ T5313]  do_syscall_64+0xf6/0x210
[   69.292692][ T5313]  ? clear_bhb_loop+0x45/0xa0
[   69.294731][ T5313]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.297297][ T5313] RIP: 0033:0x7fdfec98e969
[   69.299217][ T5313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.307141][ T5313] RSP: 002b:00007fdfed7a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   69.310581][ T5313] RAX: ffffffffffffffda RBX: 00007fdfecbb5fa0 RCX: 00007fdfec98e969
[   69.313872][ T5313] RDX: 00000000000000c0 RSI: 0000200000000240 RDI: 0000000000000003
[   69.317171][ T5313] RBP: 00007fdfeca10ab1 R08: 0000000000000000 R09: 0000000000000000
[   69.320520][ T5313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.323846][ T5313] R13: 0000000000000000 R14: 00007fdfecbb5fa0 R15: 00007ffd1ab13e48
[   69.327102][ T5313]  </TASK>
[   69.328694][ T5313] Kernel Offset: disabled
[   69.330529][ T5313] Rebooting in 86400 seconds..