program:
r0 = socket(0x11, 0x2, 0x10001)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bond0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x1ba00, 0x40a38}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x44}}, 0x8000002)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'bond0\x00', &(0x7f0000000180)=@ethtool_sfeatures={0x3b, 0x2, [{0xae9, 0x8}, {0x40000011, 0x30000080}]}})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x180, 0x4, 0x28}, 0x50)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000040)=@device_b, &(0x7f0000000280)=ANY=[@ANYBLOB="50000000080211000001ffffffffffff0802110000000000000000000000000064000100000602020202020201010b"], 0x48)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f00000021c0)=ANY=[@ANYBLOB="b00000000802110000010802110000000802110000001000000002"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000080211000001080211000000080211000000200004a000000c0001"], 0x3c)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_TDLS_OPER(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x40, r11, 0xfd39e943ccf1163b, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}]}, 0x40}, 0x1, 0x0, 0x0, 0x24040895}, 0x50)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000010000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r12}, 0x18)
syz_80211_inject_frame(&(0x7f0000000580), 0x0, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r13=>0xffffffffffffffff})
vmsplice(r13, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
close(r13)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00'})

[   84.843900][ T5337] Bluetooth: hci0: command tx timeout
[   84.923752][ T5361] vlan2: entered allmulticast mode
[   84.926078][ T5361] bond0: entered allmulticast mode
[   84.928378][ T5361] bond_slave_0: entered allmulticast mode
[   84.932913][ T5361] bond_slave_1: entered allmulticast mode
[   84.977598][ T5361] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   85.010812][    T9] wlan1: No basic rates, using min rate instead
[   85.015082][    T9] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[   85.019703][    T9] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[   85.037930][   T12] wlan1: authenticated
[   85.040762][    T9] wlan1: associating to AP 08:02:11:00:00:00 with corrupt probe response
[   85.044679][ T5361] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   85.050335][   T12] wlan1: associate with 08:02:11:00:00:00 (try 1/3)
[   85.060336][   T43] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0xa004 status=0 aid=12)
[   85.064055][   T43] wlan1: No basic rates, using min rate instead
[   85.067370][ T5361] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   85.072265][   T43] wlan1: associated
[   85.077543][ T5361] ------------[ cut here ]------------
[   85.080196][ T5361] WARNING: CPU: 0 PID: 5361 at net/mac80211/tdls.c:1461 ieee80211_tdls_oper+0x38f/0x680
[   85.084374][ T5361] Modules linked in:
[   85.086192][ T5361] CPU: 0 UID: 0 PID: 5361 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.090514][ T5361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.094973][ T5361] RIP: 0010:ieee80211_tdls_oper+0x38f/0x680
[   85.097501][ T5361] Code: 6f 01 00 00 e8 a2 e0 b1 f6 eb 22 e8 9b e0 b1 f6 4c 89 e2 eb 21 e8 91 e0 b1 f6 b8 bd ff ff ff e9 21 fe ff ff e8 82 e0 b1 f6 90 <0f> 0b 90 4c 8b 7c 24 08 48 8b 14 24 4d 8d a7 2a 1d 00 00 4c 89 e0
[   85.105725][ T5361] RSP: 0018:ffffc9000d31f320 EFLAGS: 00010287
[   85.108315][ T5361] RAX: ffffffff8b0ddcbe RBX: dffffc0000000000 RCX: 0000000000100000
[   85.111804][ T5361] RDX: ffffc9000e16a000 RSI: 0000000000000371 RDI: 0000000000000372
[   85.115395][ T5361] RBP: 0000000000000000 R08: ffff88801a6bc187 R09: 1ffff110034d7830
[   85.119289][ T5361] R10: dffffc0000000000 R11: ffffed10034d7831 R12: ffff888052c31d2e
[   85.122696][ T5361] R13: ffff888052c30d80 R14: 1ffff1100a5862e4 R15: 0000000000000000
[   85.126146][ T5361] FS:  00007fb98db876c0(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000
[   85.130499][ T5361] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.133297][ T5361] CR2: 00007fb98db17d60 CR3: 0000000043d57000 CR4: 0000000000352ef0
[   85.136699][ T5361] Call Trace:
[   85.138353][ T5361]  <TASK>
[   85.139896][ T5361]  nl80211_tdls_oper+0x285/0x440
[   85.142004][ T5361]  genl_family_rcv_msg_doit+0x215/0x300
[   85.144212][ T5361]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   85.146655][ T5361]  ? bpf_lsm_capable+0x9/0x20
[   85.148606][ T5361]  ? security_capable+0x7e/0x2e0
[   85.150961][ T5361]  genl_rcv_msg+0x60e/0x790
[   85.152924][ T5361]  ? __pfx_genl_rcv_msg+0x10/0x10
[   85.155182][ T5361]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   85.157494][ T5361]  ? __pfx_nl80211_tdls_oper+0x10/0x10
[   85.159912][ T5361]  ? __pfx_nl80211_post_doit+0x10/0x10
[   85.162201][ T5361]  ? __asan_memcpy+0x40/0x70
[   85.164248][ T5361]  ? __pfx_ref_tracker_free+0x10/0x10
[   85.166530][ T5361]  netlink_rcv_skb+0x205/0x470
[   85.168979][ T5361]  ? __lock_acquire+0xab9/0xd20
[   85.171173][ T5361]  ? __pfx_genl_rcv_msg+0x10/0x10
[   85.173368][ T5361]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   85.175541][ T5361]  ? down_read+0x1ad/0x2e0
[   85.177679][ T5361]  genl_rcv+0x28/0x40
[   85.179770][ T5361]  netlink_unicast+0x82f/0x9e0
[   85.181894][ T5361]  ? __pfx_netlink_unicast+0x10/0x10
[   85.184282][ T5361]  ? netlink_sendmsg+0x642/0xb30
[   85.186545][ T5361]  ? skb_put+0x11b/0x210
[   85.188427][ T5361]  netlink_sendmsg+0x805/0xb30
[   85.190767][ T5361]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.193120][ T5361]  ? aa_sock_msg_perm+0xf1/0x1d0
[   85.195349][ T5361]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   85.197897][ T5361]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.200377][ T5361]  __sock_sendmsg+0x21c/0x270
[   85.202513][ T5361]  ____sys_sendmsg+0x505/0x830
[   85.205046][ T5361]  ? __pfx_____sys_sendmsg+0x10/0x10
[   85.207939][ T5361]  ? import_iovec+0x74/0xa0
[   85.210243][ T5361]  ___sys_sendmsg+0x21f/0x2a0
[   85.212342][ T5361]  ? __pfx____sys_sendmsg+0x10/0x10
[   85.214802][ T5361]  ? __fget_files+0x2a/0x420
[   85.216933][ T5361]  ? __fget_files+0x3a0/0x420
[   85.219239][ T5361]  __x64_sys_sendmsg+0x19b/0x260
[   85.221903][ T5361]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   85.224477][ T5361]  ? rcu_is_watching+0x15/0xb0
[   85.226672][ T5361]  ? do_syscall_64+0xbe/0x3b0
[   85.229094][ T5361]  do_syscall_64+0xfa/0x3b0
[   85.231530][ T5361]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.234186][ T5361]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.236715][ T5361]  ? clear_bhb_loop+0x60/0xb0
[   85.238902][ T5361]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.241531][ T5361] RIP: 0033:0x7fb98cd8eec9
[   85.243702][ T5361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.252293][ T5361] RSP: 002b:00007fb98db87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   85.255943][ T5361] RAX: ffffffffffffffda RBX: 00007fb98cfe5fa0 RCX: 00007fb98cd8eec9
[   85.259654][ T5361] RDX: 0000000000000050 RSI: 0000200000000240 RDI: 0000000000000008
[   85.263153][ T5361] RBP: 00007fb98ce11f91 R08: 0000000000000000 R09: 0000000000000000
[   85.266582][ T5361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.270122][ T5361] R13: 00007fb98cfe6038 R14: 00007fb98cfe5fa0 R15: 00007fff80107c68
[   85.273679][ T5361]  </TASK>
[   85.275108][ T5361] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.278236][ T5361] CPU: 0 UID: 0 PID: 5361 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.282125][ T5361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.286924][ T5361] Call Trace:
[   85.288443][ T5361]  <TASK>
[   85.289726][ T5361]  dump_stack_lvl+0x99/0x250
[   85.291672][ T5361]  ? __asan_memcpy+0x40/0x70
[   85.293695][ T5361]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.296218][ T5361]  ? __pfx__printk+0x10/0x10
[   85.298252][ T5361]  vpanic+0x281/0x750
[   85.299972][ T5361]  ? __pfx__printk+0x10/0x10
[   85.302180][ T5361]  ? __pfx_vpanic+0x10/0x10
[   85.304103][ T5361]  ? is_bpf_text_address+0x26/0x2b0
[   85.306366][ T5361]  panic+0xb9/0xc0
[   85.308047][ T5361]  ? __pfx_panic+0x10/0x10
[   85.310034][ T5361]  __warn+0x31b/0x4b0
[   85.311765][ T5361]  ? ieee80211_tdls_oper+0x38f/0x680
[   85.314062][ T5361]  ? ieee80211_tdls_oper+0x38f/0x680
[   85.316180][ T5361]  report_bug+0x2be/0x4f0
[   85.318164][ T5361]  ? ieee80211_tdls_oper+0x38f/0x680
[   85.320481][ T5361]  ? ieee80211_tdls_oper+0x38f/0x680
[   85.322853][ T5361]  ? ieee80211_tdls_oper+0x391/0x680
[   85.324924][ T5361]  handle_bug+0x84/0x160
[   85.326733][ T5361]  exc_invalid_op+0x1a/0x50
[   85.328538][ T5361]  asm_exc_invalid_op+0x1a/0x20
[   85.330387][ T5361] RIP: 0010:ieee80211_tdls_oper+0x38f/0x680
[   85.332714][ T5361] Code: 6f 01 00 00 e8 a2 e0 b1 f6 eb 22 e8 9b e0 b1 f6 4c 89 e2 eb 21 e8 91 e0 b1 f6 b8 bd ff ff ff e9 21 fe ff ff e8 82 e0 b1 f6 90 <0f> 0b 90 4c 8b 7c 24 08 48 8b 14 24 4d 8d a7 2a 1d 00 00 4c 89 e0
[   85.340250][ T5361] RSP: 0018:ffffc9000d31f320 EFLAGS: 00010287
[   85.342742][ T5361] RAX: ffffffff8b0ddcbe RBX: dffffc0000000000 RCX: 0000000000100000
[   85.346515][ T5361] RDX: ffffc9000e16a000 RSI: 0000000000000371 RDI: 0000000000000372
[   85.349892][ T5361] RBP: 0000000000000000 R08: ffff88801a6bc187 R09: 1ffff110034d7830
[   85.353231][ T5361] R10: dffffc0000000000 R11: ffffed10034d7831 R12: ffff888052c31d2e
[   85.356448][ T5361] R13: ffff888052c30d80 R14: 1ffff1100a5862e4 R15: 0000000000000000
[   85.359789][ T5361]  ? ieee80211_tdls_oper+0x38e/0x680
[   85.362120][ T5361]  nl80211_tdls_oper+0x285/0x440
[   85.364268][ T5361]  genl_family_rcv_msg_doit+0x215/0x300
[   85.366740][ T5361]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   85.369361][ T5361]  ? bpf_lsm_capable+0x9/0x20
[   85.371451][ T5361]  ? security_capable+0x7e/0x2e0
[   85.373668][ T5361]  genl_rcv_msg+0x60e/0x790
[   85.376170][ T5361]  ? __pfx_genl_rcv_msg+0x10/0x10
[   85.378767][ T5361]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   85.381196][ T5361]  ? __pfx_nl80211_tdls_oper+0x10/0x10
[   85.383626][ T5361]  ? __pfx_nl80211_post_doit+0x10/0x10
[   85.386055][ T5361]  ? __asan_memcpy+0x40/0x70
[   85.388157][ T5361]  ? __pfx_ref_tracker_free+0x10/0x10
[   85.390518][ T5361]  netlink_rcv_skb+0x205/0x470
[   85.392676][ T5361]  ? __lock_acquire+0xab9/0xd20
[   85.394966][ T5361]  ? __pfx_genl_rcv_msg+0x10/0x10
[   85.397237][ T5361]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   85.399623][ T5361]  ? down_read+0x1ad/0x2e0
[   85.401675][ T5361]  genl_rcv+0x28/0x40
[   85.403502][ T5361]  netlink_unicast+0x82f/0x9e0
[   85.405689][ T5361]  ? __pfx_netlink_unicast+0x10/0x10
[   85.407877][ T5361]  ? netlink_sendmsg+0x642/0xb30
[   85.409910][ T5361]  ? skb_put+0x11b/0x210
[   85.411653][ T5361]  netlink_sendmsg+0x805/0xb30
[   85.413591][ T5361]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.415823][ T5361]  ? aa_sock_msg_perm+0xf1/0x1d0
[   85.417909][ T5361]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   85.420052][ T5361]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.422324][ T5361]  __sock_sendmsg+0x21c/0x270
[   85.424381][ T5361]  ____sys_sendmsg+0x505/0x830
[   85.426564][ T5361]  ? __pfx_____sys_sendmsg+0x10/0x10
[   85.428790][ T5361]  ? import_iovec+0x74/0xa0
[   85.430689][ T5361]  ___sys_sendmsg+0x21f/0x2a0
[   85.432669][ T5361]  ? __pfx____sys_sendmsg+0x10/0x10
[   85.434888][ T5361]  ? __fget_files+0x2a/0x420
[   85.436818][ T5361]  ? __fget_files+0x3a0/0x420
[   85.438856][ T5361]  __x64_sys_sendmsg+0x19b/0x260
[   85.440988][ T5361]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   85.443481][ T5361]  ? rcu_is_watching+0x15/0xb0
[   85.445616][ T5361]  ? do_syscall_64+0xbe/0x3b0
[   85.447882][ T5361]  do_syscall_64+0xfa/0x3b0
[   85.450158][ T5361]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.452339][ T5361]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.454963][ T5361]  ? clear_bhb_loop+0x60/0xb0
[   85.457140][ T5361]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.459768][ T5361] RIP: 0033:0x7fb98cd8eec9
[   85.461655][ T5361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.469710][ T5361] RSP: 002b:00007fb98db87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   85.473176][ T5361] RAX: ffffffffffffffda RBX: 00007fb98cfe5fa0 RCX: 00007fb98cd8eec9
[   85.476447][ T5361] RDX: 0000000000000050 RSI: 0000200000000240 RDI: 0000000000000008
[   85.479833][ T5361] RBP: 00007fb98ce11f91 R08: 0000000000000000 R09: 0000000000000000
[   85.483221][ T5361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.486605][ T5361] R13: 00007fb98cfe6038 R14: 00007fb98cfe5fa0 R15: 00007fff80107c68
[   85.490024][ T5361]  </TASK>
[   85.491689][ T5361] Kernel Offset: disabled
[   85.493599][ T5361] Rebooting in 86400 seconds..