program:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)=ANY=[@ANYBLOB="140000001000010000050000000000000000000a88000000000a010100000000000000000a00000008000240000000010c00044000000000000000030c00044000000000000000031f0006006cdcbf1cfe826d48bf25307caf3c613751de9e05155995167f1ba4000c00044000000000000000020900010073797a3100090000040006000900010073797a31000000000900010073797a30000000002c000000030a010300000000000000000a0000000900030073797a31000000000900010073797a300000000028000000000a010400000000000000000a0000000900010073797a3000000000080002"], 0x104}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000080)={0x54, 0x2, 0x6, 0x201, 0x0, 0x0, {0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x54}}, 0x8000)
sendmsg$IPSET_CMD_SAVE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000003c0)={0x20, 0x8, 0x6, 0x401, 0x0, 0x0, {0x5, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004880}, 0x44000)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_CONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r8, 0x0, 0x0, 0x20000000, 0x0, 0x0)
setsockopt$sock_int(r8, 0x1, 0xa, &(0x7f0000000080)=0x4, 0x4)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_REG(r10, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r13=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r12, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r13, @ANYBLOB='\n\x004'], 0x30}}, 0x0)
recvfrom$inet(r8, 0x0, 0x0, 0x41, 0x0, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
syz_80211_inject_frame(0x0, 0x0, 0x7b)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
[ 69.862288][ T4667] Bluetooth: hci0: command tx timeout
[ 69.985229][ T5326] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 70.009568][ T5326] netlink: 8 bytes leftover after parsing attributes in process `syz.0.0'.
[ 70.016472][ T5325] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 70.025925][ T8] ------------[ cut here ]------------
[ 70.028661][ T8] WARNING: CPU: 0 PID: 8 at net/mac80211/mlme.c:1012 ieee80211_prep_channel+0x389b/0x5120
[ 70.033347][ T8] Modules linked in:
[ 70.035130][ T8] CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0
[ 70.039610][ T8] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 70.044404][ T8] Workqueue: events cfg80211_conn_work
[ 70.046918][ T8] RIP: 0010:ieee80211_prep_channel+0x389b/0x5120
[ 70.049708][ T8] Code: c6 05 64 2a 86 04 01 48 c7 c7 57 9d 29 8d be 78 03 00 00 48 c7 c2 40 9e 29 8d e8 00 df 1b f6 e9 7e ca ff ff e8 06 1e 40 f6 90 <0f> 0b 90 48 8b 7c 24 30 e8 a8 3e 9b f6 48 c7 44 24 30 ea ff ff ff
[ 70.057554][ T8] RSP: 0018:ffffc900001a6c80 EFLAGS: 00010293
[ 70.060950][ T8] RAX: ffffffff8b7f419a RBX: 0000000000000000 RCX: ffff88801c6fa440
[ 70.064172][ T8] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 70.067186][ T8] RBP: ffffc900001a6fd0 R08: ffffffff8b7f16b9 R09: ffffffff8b51d1c9
[ 70.070367][ T8] R10: 000000000000000e R11: ffff88801c6fa440 R12: dffffc0000000000
[ 70.073501][ T8] R13: ffff8880437d6758 R14: ffffc900001a6e90 R15: ffffc900001a6ed0
[ 70.076714][ T8] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[ 70.080669][ T8] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 70.083804][ T8] CR2: 0000000000000000 CR3: 000000001f76a000 CR4: 0000000000352ef0
[ 70.086990][ T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 70.090271][ T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 70.093593][ T8] Call Trace:
[ 70.095028][ T8] <TASK>
[ 70.096326][ T8] ? __warn+0x165/0x4d0
[ 70.098385][ T8] ? ieee80211_prep_channel+0x389b/0x5120
[ 70.100854][ T8] ? report_bug+0x2b3/0x500
[ 70.102840][ T8] ? ieee80211_prep_channel+0x389b/0x5120
[ 70.105273][ T8] ? handle_bug+0x60/0x90
[ 70.106978][ T8] ? exc_invalid_op+0x1a/0x50
[ 70.109004][ T8] ? asm_exc_invalid_op+0x1a/0x20
[ 70.111228][ T8] ? cfg80211_get_end_freq+0x79/0x1d0
[ 70.114006][ T8] ? ieee80211_prep_channel+0xdb9/0x5120
[ 70.116698][ T8] ? ieee80211_prep_channel+0x389a/0x5120
[ 70.119160][ T8] ? ieee80211_prep_channel+0x389b/0x5120
[ 70.121653][ T8] ? ieee80211_prep_channel+0x20a/0x5120
[ 70.124067][ T8] ? mark_lock+0x9a/0x360
[ 70.125935][ T8] ? __pfx_ieee80211_prep_channel+0x10/0x10
[ 70.128870][ T8] ? __pfx_lock_release+0x10/0x10
[ 70.131180][ T8] ieee80211_prep_connection+0xda1/0x1310
[ 70.133631][ T8] ieee80211_mgd_auth+0xcec/0x1480
[ 70.135481][ T8] ? __pfx_ieee80211_mgd_auth+0x10/0x10
[ 70.137527][ T8] ? rcu_is_watching+0x15/0xb0
[ 70.139586][ T8] cfg80211_mlme_auth+0x59f/0x970
[ 70.141699][ T8] cfg80211_conn_do_work+0x601/0xeb0
[ 70.144102][ T8] ? __pfx_cfg80211_conn_do_work+0x10/0x10
[ 70.146558][ T8] ? __lock_acquire+0x1397/0x2100
[ 70.148829][ T8] ? __pfx_validate_chain+0x10/0x10
[ 70.150937][ T8] ? cfg80211_conn_work+0x230/0x4e0
[ 70.153066][ T8] cfg80211_conn_work+0x27c/0x4e0
[ 70.155530][ T8] ? __pfx_cfg80211_conn_work+0x10/0x10
[ 70.158792][ T8] ? lockdep_unlock+0x16a/0x300
[ 70.160981][ T8] ? mark_lock+0x2ae/0x360
[ 70.162855][ T8] ? __lock_acquire+0x1397/0x2100
[ 70.164899][ T8] ? do_raw_spin_unlock+0x58/0x8b0
[ 70.167027][ T8] ? __pfx_lock_acquire+0x10/0x10
[ 70.169218][ T8] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 70.171636][ T8] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 70.174556][ T8] ? process_scheduled_works+0x976/0x1840
[ 70.177361][ T8] process_scheduled_works+0xa66/0x1840
[ 70.179850][ T8] ? __pfx_process_scheduled_works+0x10/0x10
[ 70.182314][ T8] ? assign_work+0x364/0x3d0
[ 70.184183][ T8] worker_thread+0x870/0xd30
[ 70.186060][ T8] ? __kthread_parkme+0x169/0x1d0
[ 70.188370][ T8] ? __pfx_worker_thread+0x10/0x10
[ 70.191253][ T8] kthread+0x7a9/0x920
[ 70.193621][ T8] ? __pfx_kthread+0x10/0x10
[ 70.195795][ T8] ? __pfx_worker_thread+0x10/0x10
[ 70.197874][ T8] ? __pfx_kthread+0x10/0x10
[ 70.199817][ T8] ? __pfx_kthread+0x10/0x10
[ 70.201668][ T8] ? __pfx_kthread+0x10/0x10
[ 70.203554][ T8] ? _raw_spin_unlock_irq+0x23/0x50
[ 70.205610][ T8] ? lockdep_hardirqs_on+0x99/0x150
[ 70.207783][ T8] ? __pfx_kthread+0x10/0x10
[ 70.210253][ T8] ret_from_fork+0x4b/0x80
[ 70.211976][ T8] ? __pfx_kthread+0x10/0x10
[ 70.213804][ T8] ret_from_fork_asm+0x1a/0x30
[ 70.215743][ T8] </TASK>
[ 70.216999][ T8] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 70.219874][ T8] CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0
[ 70.224227][ T8] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 70.229417][ T8] Workqueue: events cfg80211_conn_work
[ 70.231890][ T8] Call Trace:
[ 70.233173][ T8] <TASK>
[ 70.234378][ T8] dump_stack_lvl+0x241/0x360
[ 70.236264][ T8] ? __pfx_dump_stack_lvl+0x10/0x10
[ 70.238371][ T8] ? __pfx__printk+0x10/0x10
[ 70.240234][ T8] ? _printk+0xd5/0x120
[ 70.241939][ T8] ? __init_begin+0x41000/0x41000
[ 70.244132][ T8] ? vscnprintf+0x5d/0x90
[ 70.245972][ T8] panic+0x349/0x880
[ 70.247932][ T8] ? __warn+0x174/0x4d0
[ 70.250294][ T8] ? __pfx_panic+0x10/0x10
[ 70.252705][ T8] ? ret_from_fork_asm+0x1a/0x30
[ 70.254742][ T8] __warn+0x344/0x4d0
[ 70.256330][ T8] ? ieee80211_prep_channel+0x389b/0x5120
[ 70.258573][ T8] report_bug+0x2b3/0x500
[ 70.260292][ T8] ? ieee80211_prep_channel+0x389b/0x5120
[ 70.262658][ T8] handle_bug+0x60/0x90
[ 70.264578][ T8] exc_invalid_op+0x1a/0x50
[ 70.266625][ T8] asm_exc_invalid_op+0x1a/0x20
[ 70.268502][ T8] RIP: 0010:ieee80211_prep_channel+0x389b/0x5120
[ 70.270803][ T8] Code: c6 05 64 2a 86 04 01 48 c7 c7 57 9d 29 8d be 78 03 00 00 48 c7 c2 40 9e 29 8d e8 00 df 1b f6 e9 7e ca ff ff e8 06 1e 40 f6 90 <0f> 0b 90 48 8b 7c 24 30 e8 a8 3e 9b f6 48 c7 44 24 30 ea ff ff ff
[ 70.278079][ T8] RSP: 0018:ffffc900001a6c80 EFLAGS: 00010293
[ 70.280414][ T8] RAX: ffffffff8b7f419a RBX: 0000000000000000 RCX: ffff88801c6fa440
[ 70.283777][ T8] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 70.286980][ T8] RBP: ffffc900001a6fd0 R08: ffffffff8b7f16b9 R09: ffffffff8b51d1c9
[ 70.290016][ T8] R10: 000000000000000e R11: ffff88801c6fa440 R12: dffffc0000000000
[ 70.292883][ T8] R13: ffff8880437d6758 R14: ffffc900001a6e90 R15: ffffc900001a6ed0
[ 70.295879][ T8] ? cfg80211_get_end_freq+0x79/0x1d0
[ 70.298312][ T8] ? ieee80211_prep_channel+0xdb9/0x5120
[ 70.301201][ T8] ? ieee80211_prep_channel+0x389a/0x5120
[ 70.303635][ T8] ? ieee80211_prep_channel+0x20a/0x5120
[ 70.306062][ T8] ? mark_lock+0x9a/0x360
[ 70.307937][ T8] ? __pfx_ieee80211_prep_channel+0x10/0x10
[ 70.310223][ T8] ? __pfx_lock_release+0x10/0x10
[ 70.312212][ T8] ieee80211_prep_connection+0xda1/0x1310
[ 70.314599][ T8] ieee80211_mgd_auth+0xcec/0x1480
[ 70.317091][ T8] ? __pfx_ieee80211_mgd_auth+0x10/0x10
[ 70.319714][ T8] ? rcu_is_watching+0x15/0xb0
[ 70.321902][ T8] cfg80211_mlme_auth+0x59f/0x970
[ 70.323971][ T8] cfg80211_conn_do_work+0x601/0xeb0
[ 70.326170][ T8] ? __pfx_cfg80211_conn_do_work+0x10/0x10
[ 70.328520][ T8] ? __lock_acquire+0x1397/0x2100
[ 70.330657][ T8] ? __pfx_validate_chain+0x10/0x10
[ 70.333084][ T8] ? cfg80211_conn_work+0x230/0x4e0
[ 70.335611][ T8] cfg80211_conn_work+0x27c/0x4e0
[ 70.338141][ T8] ? __pfx_cfg80211_conn_work+0x10/0x10
[ 70.340402][ T8] ? lockdep_unlock+0x16a/0x300
[ 70.342289][ T8] ? mark_lock+0x2ae/0x360
[ 70.343841][ T8] ? __lock_acquire+0x1397/0x2100
[ 70.345660][ T8] ? do_raw_spin_unlock+0x58/0x8b0
[ 70.347342][ T8] ? __pfx_lock_acquire+0x10/0x10
[ 70.349100][ T8] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 70.351607][ T8] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 70.354531][ T8] ? process_scheduled_works+0x976/0x1840
[ 70.357574][ T8] process_scheduled_works+0xa66/0x1840
[ 70.359994][ T8] ? __pfx_process_scheduled_works+0x10/0x10
[ 70.362123][ T8] ? assign_work+0x364/0x3d0
[ 70.363912][ T8] worker_thread+0x870/0xd30
[ 70.365773][ T8] ? __kthread_parkme+0x169/0x1d0
[ 70.367805][ T8] ? __pfx_worker_thread+0x10/0x10
[ 70.369772][ T8] kthread+0x7a9/0x920
[ 70.371557][ T8] ? __pfx_kthread+0x10/0x10
[ 70.373469][ T8] ? __pfx_worker_thread+0x10/0x10
[ 70.375701][ T8] ? __pfx_kthread+0x10/0x10
[ 70.377717][ T8] ? __pfx_kthread+0x10/0x10
[ 70.379607][ T8] ? __pfx_kthread+0x10/0x10
[ 70.381658][ T8] ? _raw_spin_unlock_irq+0x23/0x50
[ 70.383724][ T8] ? lockdep_hardirqs_on+0x99/0x150
[ 70.386196][ T8] ? __pfx_kthread+0x10/0x10
[ 70.388343][ T8] ret_from_fork+0x4b/0x80
[ 70.390729][ T8] ? __pfx_kthread+0x10/0x10
[ 70.393083][ T8] ret_from_fork_asm+0x1a/0x30
[ 70.394854][ T8] </TASK>
[ 70.396218][ T8] Kernel Offset: disabled
[ 70.397874][ T8] Rebooting in 86400 seconds..