program: sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000080)={0x34, 0x31, 0x1, 0x0, 0x0, "", [@nested={0x24, 0x0, 0x0, 0x1, [@typed={0xc, 0x7, 0x0, 0x0, @u64}, @typed={0x3e, 0x8, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00'}]}]}, 0x34}], 0x1}, 0x0) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x14, 0x0, 0x209}, 0x14}}, 0x0) syz_80211_inject_frame(&(0x7f0000000240)=@device_b, &(0x7f0000000000)=ANY=[@ANYBLOB="80000000080211000001080211000000aa09b799c0d70000000000000000000064000110000602020202020201010b"], 0xb5) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_REG(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)={0x28, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) [ 76.305439][ T5305] Bluetooth: hci0: command tx timeout [ 76.366605][ T1311] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.369848][ T1311] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.422541][ T5321] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 76.471510][ T5321] wlan1: No basic rates, using min rate instead [ 76.474342][ T5321] ------------[ cut here ]------------ [ 76.476428][ T5321] WARNING: CPU: 0 PID: 5321 at net/mac80211/mlme.c:1012 ieee80211_prep_channel+0x389b/0x5120 [ 76.480574][ T5321] Modules linked in: [ 76.481865][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0 [ 76.486310][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.490436][ T5321] RIP: 0010:ieee80211_prep_channel+0x389b/0x5120 [ 76.492832][ T5321] Code: c6 05 ef 13 95 04 01 48 c7 c7 37 34 4b 8d be 78 03 00 00 48 c7 c2 a0 35 4b 8d e8 20 48 0b f6 e9 7e ca ff ff e8 76 ed 2f f6 90 <0f> 0b 90 48 8b 7c 24 30 e8 b8 ac 8b f6 48 c7 44 24 30 ea ff ff ff [ 76.500758][ T5321] RSP: 0018:ffffc9000d266500 EFLAGS: 00010283 [ 76.503451][ T5321] RAX: ffffffff8b91f19a RBX: 0000000000000000 RCX: 0000000000100000 [ 76.506839][ T5321] RDX: ffffc9000ec02000 RSI: 0000000000000b03 RDI: 0000000000000b04 [ 76.510085][ T5321] RBP: ffffc9000d266850 R08: ffffffff8b91c6b9 R09: ffffffff8b6083d9 [ 76.513425][ T5321] R10: 000000000000000e R11: ffff888000f50000 R12: dffffc0000000000 [ 76.516859][ T5321] R13: ffff888052ef2758 R14: ffffc9000d266710 R15: ffffc9000d266750 [ 76.520202][ T5321] FS: 00007f0ebe0246c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 76.523760][ T5321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.526401][ T5321] CR2: 00007f0ebd393460 CR3: 0000000043674000 CR4: 0000000000352ef0 [ 76.529477][ T5321] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 76.532878][ T5321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 76.536396][ T5321] Call Trace: [ 76.537802][ T5321] [ 76.539107][ T5321] ? __warn+0x165/0x4d0 [ 76.540878][ T5321] ? ieee80211_prep_channel+0x389b/0x5120 [ 76.542928][ T5321] ? report_bug+0x2b3/0x500 [ 76.544833][ T5321] ? ieee80211_prep_channel+0x389b/0x5120 [ 76.547103][ T5321] ? handle_bug+0x60/0x90 [ 76.548973][ T5321] ? exc_invalid_op+0x1a/0x50 [ 76.550870][ T5321] ? asm_exc_invalid_op+0x1a/0x20 [ 76.552849][ T5321] ? cfg80211_get_end_freq+0x79/0x1d0 [ 76.555207][ T5321] ? ieee80211_prep_channel+0xdb9/0x5120 [ 76.557489][ T5321] ? ieee80211_prep_channel+0x389a/0x5120 [ 76.559632][ T5321] ? ieee80211_prep_channel+0x389b/0x5120 [ 76.562046][ T5321] ? ieee80211_prep_channel+0x20a/0x5120 [ 76.564529][ T5321] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 76.567000][ T5321] ? __pfx_lock_release+0x10/0x10 [ 76.569073][ T5321] ? cfg80211_find_elem_match+0x1c1/0x1f0 [ 76.571497][ T5321] ieee80211_prep_connection+0xda1/0x1310 [ 76.573798][ T5321] ieee80211_mgd_auth+0xedb/0x1750 [ 76.575948][ T5321] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 76.578201][ T5321] ? rcu_is_watching+0x15/0xb0 [ 76.579913][ T5321] cfg80211_mlme_auth+0x59f/0x970 [ 76.581954][ T5321] cfg80211_conn_do_work+0x601/0xeb0 [ 76.584108][ T5321] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 76.586589][ T5321] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 76.589093][ T5321] ? lockdep_hardirqs_on+0x99/0x150 [ 76.591268][ T5321] ? rcu_is_watching+0x15/0xb0 [ 76.593225][ T5321] ? trace_cfg80211_return_bss+0x87/0x210 [ 76.595651][ T5321] ? __cfg80211_get_bss+0x614/0x7d0 [ 76.597688][ T5321] ? cfg80211_connect+0x1854/0x22f0 [ 76.599677][ T5321] cfg80211_connect+0x190a/0x22f0 [ 76.601704][ T5321] ? __pfx_cfg80211_connect+0x10/0x10 [ 76.603970][ T5321] ? __asan_memset+0x23/0x50 [ 76.605959][ T5321] ? nl80211_crypto_settings+0xb6d/0xf10 [ 76.608173][ T5321] nl80211_connect+0x19ec/0x2140 [ 76.610175][ T5321] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 76.612670][ T5321] ? __pfx_nl80211_connect+0x10/0x10 [ 76.615019][ T5321] ? trace_contention_end+0x3c/0x120 [ 76.617234][ T5321] genl_rcv_msg+0xb1f/0xec0 [ 76.619151][ T5321] ? __pfx_genl_rcv_msg+0x10/0x10 [ 76.621385][ T5321] ? __pfx_lock_acquire+0x10/0x10 [ 76.623694][ T5321] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 76.626032][ T5321] ? __pfx_nl80211_connect+0x10/0x10 [ 76.628038][ T5321] ? __pfx_nl80211_post_doit+0x10/0x10 [ 76.629988][ T5321] ? __pfx___might_resched+0x10/0x10 [ 76.632114][ T5321] netlink_rcv_skb+0x206/0x480 [ 76.633994][ T5321] ? __pfx_genl_rcv_msg+0x10/0x10 [ 76.636153][ T5321] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 76.638405][ T5321] ? __netlink_deliver_tap+0x7b0/0x7f0 [ 76.640684][ T5321] genl_rcv+0x28/0x40 [ 76.642362][ T5321] netlink_unicast+0x7f6/0x990 [ 76.644480][ T5321] ? __pfx_netlink_unicast+0x10/0x10 [ 76.646805][ T5321] ? __virt_addr_valid+0x45f/0x530 [ 76.648988][ T5321] ? __phys_addr_symbol+0x2f/0x70 [ 76.650800][ T5321] ? __check_object_size+0x47a/0x730 [ 76.653005][ T5321] netlink_sendmsg+0x8de/0xcb0 [ 76.655185][ T5321] ? __pfx_netlink_sendmsg+0x10/0x10 [ 76.657271][ T5321] ? aa_sock_msg_perm+0x91/0x160 [ 76.659334][ T5321] ? __pfx_netlink_sendmsg+0x10/0x10 [ 76.661397][ T5321] __sock_sendmsg+0x221/0x270 [ 76.663274][ T5321] ____sys_sendmsg+0x53a/0x860 [ 76.665286][ T5321] ? __pfx_____sys_sendmsg+0x10/0x10 [ 76.667433][ T5321] ? __fget_files+0x2a/0x410 [ 76.669249][ T5321] ? __fget_files+0x2a/0x410 [ 76.671079][ T5321] __sys_sendmsg+0x269/0x350 [ 76.672936][ T5321] ? __pfx___sys_sendmsg+0x10/0x10 [ 76.675107][ T5321] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 76.677674][ T5321] ? do_syscall_64+0x100/0x230 [ 76.679861][ T5321] ? do_syscall_64+0xb6/0x230 [ 76.681702][ T5321] do_syscall_64+0xf3/0x230 [ 76.683708][ T5321] ? clear_bhb_loop+0x35/0x90 [ 76.685756][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.688139][ T5321] RIP: 0033:0x7f0ebd18d169 [ 76.689986][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.697886][ T5321] RSP: 002b:00007f0ebe024038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.701422][ T5321] RAX: ffffffffffffffda RBX: 00007f0ebd3a5fa0 RCX: 00007f0ebd18d169 [ 76.704669][ T5321] RDX: 0000000000000000 RSI: 00004000000001c0 RDI: 0000000000000003 [ 76.707766][ T5321] RBP: 00007f0ebd20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 76.710749][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.713570][ T5321] R13: 0000000000000000 R14: 00007f0ebd3a5fa0 R15: 00007ffd08b94bc8 [ 76.716423][ T5321] [ 76.717624][ T5321] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 76.720478][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0 [ 76.724208][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.728235][ T5321] Call Trace: [ 76.729679][ T5321] [ 76.730943][ T5321] dump_stack_lvl+0x241/0x360 [ 76.732905][ T5321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.735098][ T5321] ? __pfx__printk+0x10/0x10 [ 76.737029][ T5321] ? _printk+0xd5/0x120 [ 76.738727][ T5321] ? __init_begin+0x41000/0x41000 [ 76.740616][ T5321] ? vscnprintf+0x5d/0x90 [ 76.742390][ T5321] panic+0x349/0x880 [ 76.743983][ T5321] ? __warn+0x174/0x4d0 [ 76.745628][ T5321] ? __pfx_panic+0x10/0x10 [ 76.747471][ T5321] __warn+0x344/0x4d0 [ 76.749069][ T5321] ? ieee80211_prep_channel+0x389b/0x5120 [ 76.751256][ T5321] report_bug+0x2b3/0x500 [ 76.753021][ T5321] ? ieee80211_prep_channel+0x389b/0x5120 [ 76.755306][ T5321] handle_bug+0x60/0x90 [ 76.756747][ T5321] exc_invalid_op+0x1a/0x50 [ 76.758532][ T5321] asm_exc_invalid_op+0x1a/0x20 [ 76.760383][ T5321] RIP: 0010:ieee80211_prep_channel+0x389b/0x5120 [ 76.762661][ T5321] Code: c6 05 ef 13 95 04 01 48 c7 c7 37 34 4b 8d be 78 03 00 00 48 c7 c2 a0 35 4b 8d e8 20 48 0b f6 e9 7e ca ff ff e8 76 ed 2f f6 90 <0f> 0b 90 48 8b 7c 24 30 e8 b8 ac 8b f6 48 c7 44 24 30 ea ff ff ff [ 76.769201][ T5321] RSP: 0018:ffffc9000d266500 EFLAGS: 00010283 [ 76.771724][ T5321] RAX: ffffffff8b91f19a RBX: 0000000000000000 RCX: 0000000000100000 [ 76.774973][ T5321] RDX: ffffc9000ec02000 RSI: 0000000000000b03 RDI: 0000000000000b04 [ 76.778231][ T5321] RBP: ffffc9000d266850 R08: ffffffff8b91c6b9 R09: ffffffff8b6083d9 [ 76.782002][ T5321] R10: 000000000000000e R11: ffff888000f50000 R12: dffffc0000000000 [ 76.785892][ T5321] R13: ffff888052ef2758 R14: ffffc9000d266710 R15: ffffc9000d266750 [ 76.789771][ T5321] ? cfg80211_get_end_freq+0x79/0x1d0 [ 76.792404][ T5321] ? ieee80211_prep_channel+0xdb9/0x5120 [ 76.795123][ T5321] ? ieee80211_prep_channel+0x389a/0x5120 [ 76.797843][ T5321] ? ieee80211_prep_channel+0x20a/0x5120 [ 76.800273][ T5321] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 76.802640][ T5321] ? __pfx_lock_release+0x10/0x10 [ 76.804617][ T5321] ? cfg80211_find_elem_match+0x1c1/0x1f0 [ 76.806883][ T5321] ieee80211_prep_connection+0xda1/0x1310 [ 76.809152][ T5321] ieee80211_mgd_auth+0xedb/0x1750 [ 76.810974][ T5321] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 76.812877][ T5321] ? rcu_is_watching+0x15/0xb0 [ 76.814572][ T5321] cfg80211_mlme_auth+0x59f/0x970 [ 76.816189][ T5321] cfg80211_conn_do_work+0x601/0xeb0 [ 76.818042][ T5321] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 76.820296][ T5321] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 76.822702][ T5321] ? lockdep_hardirqs_on+0x99/0x150 [ 76.824911][ T5321] ? rcu_is_watching+0x15/0xb0 [ 76.826733][ T5321] ? trace_cfg80211_return_bss+0x87/0x210 [ 76.828970][ T5321] ? __cfg80211_get_bss+0x614/0x7d0 [ 76.831036][ T5321] ? cfg80211_connect+0x1854/0x22f0 [ 76.833155][ T5321] cfg80211_connect+0x190a/0x22f0 [ 76.835263][ T5321] ? __pfx_cfg80211_connect+0x10/0x10 [ 76.837329][ T5321] ? __asan_memset+0x23/0x50 [ 76.839091][ T5321] ? nl80211_crypto_settings+0xb6d/0xf10 [ 76.841175][ T5321] nl80211_connect+0x19ec/0x2140 [ 76.843086][ T5321] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 76.845404][ T5321] ? __pfx_nl80211_connect+0x10/0x10 [ 76.847243][ T5321] ? trace_contention_end+0x3c/0x120 [ 76.849357][ T5321] genl_rcv_msg+0xb1f/0xec0 [ 76.851121][ T5321] ? __pfx_genl_rcv_msg+0x10/0x10 [ 76.853046][ T5321] ? __pfx_lock_acquire+0x10/0x10 [ 76.855116][ T5321] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 76.857187][ T5321] ? __pfx_nl80211_connect+0x10/0x10 [ 76.859180][ T5321] ? __pfx_nl80211_post_doit+0x10/0x10 [ 76.861328][ T5321] ? __pfx___might_resched+0x10/0x10 [ 76.863453][ T5321] netlink_rcv_skb+0x206/0x480 [ 76.865411][ T5321] ? __pfx_genl_rcv_msg+0x10/0x10 [ 76.867373][ T5321] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 76.869193][ T5321] ? __netlink_deliver_tap+0x7b0/0x7f0 [ 76.871319][ T5321] genl_rcv+0x28/0x40 [ 76.872916][ T5321] netlink_unicast+0x7f6/0x990 [ 76.874810][ T5321] ? __pfx_netlink_unicast+0x10/0x10 [ 76.876810][ T5321] ? __virt_addr_valid+0x45f/0x530 [ 76.878631][ T5321] ? __phys_addr_symbol+0x2f/0x70 [ 76.880291][ T5321] ? __check_object_size+0x47a/0x730 [ 76.882356][ T5321] netlink_sendmsg+0x8de/0xcb0 [ 76.884309][ T5321] ? __pfx_netlink_sendmsg+0x10/0x10 [ 76.886379][ T5321] ? aa_sock_msg_perm+0x91/0x160 [ 76.888415][ T5321] ? __pfx_netlink_sendmsg+0x10/0x10 [ 76.890535][ T5321] __sock_sendmsg+0x221/0x270 [ 76.892397][ T5321] ____sys_sendmsg+0x53a/0x860 [ 76.894277][ T5321] ? __pfx_____sys_sendmsg+0x10/0x10 [ 76.896032][ T5321] ? __fget_files+0x2a/0x410 [ 76.897761][ T5321] ? __fget_files+0x2a/0x410 [ 76.899519][ T5321] __sys_sendmsg+0x269/0x350 [ 76.901286][ T5321] ? __pfx___sys_sendmsg+0x10/0x10 [ 76.903229][ T5321] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 76.905524][ T5321] ? do_syscall_64+0x100/0x230 [ 76.907255][ T5321] ? do_syscall_64+0xb6/0x230 [ 76.909276][ T5321] do_syscall_64+0xf3/0x230 [ 76.911035][ T5321] ? clear_bhb_loop+0x35/0x90 [ 76.912923][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.915349][ T5321] RIP: 0033:0x7f0ebd18d169 [ 76.917163][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.924498][ T5321] RSP: 002b:00007f0ebe024038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.927861][ T5321] RAX: ffffffffffffffda RBX: 00007f0ebd3a5fa0 RCX: 00007f0ebd18d169 [ 76.931028][ T5321] RDX: 0000000000000000 RSI: 00004000000001c0 RDI: 0000000000000003 [ 76.933957][ T5321] RBP: 00007f0ebd20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 76.937084][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.940051][ T5321] R13: 0000000000000000 R14: 00007f0ebd3a5fa0 R15: 00007ffd08b94bc8 [ 76.943144][ T5321] [ 76.944635][ T5321] Kernel Offset: disabled [ 76.946087][ T5321] Rebooting in 86400 seconds..