program: openat$comedi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/comedi5\x00', 0x2000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r1, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r2, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x2c, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}]}, 0x2c}}, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x12, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) [ 74.820759][ T4686] Bluetooth: hci0: command tx timeout [ 74.867066][ T5339] netlink: 4 bytes leftover after parsing attributes in process `syz.0.0'. [ 74.884284][ T5339] netlink: 'syz.0.0': attribute type 18 has an invalid length. [ 74.888518][ T1042] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.925920][ T1042] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.978150][ T1039] ------------[ cut here ]------------ [ 74.981047][ T1039] WARNING: CPU: 0 PID: 1039 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x3ca/0x440 [ 74.985592][ T1039] Modules linked in: [ 74.987400][ T1039] CPU: 0 UID: 0 PID: 1039 Comm: kworker/u4:7 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) [ 74.993201][ T1039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.997840][ T1039] Workqueue: cfg80211 cfg80211_event_work [ 75.000809][ T1039] RIP: 0010:__cfg80211_ibss_joined+0x3ca/0x440 [ 75.003463][ T1039] Code: 00 00 00 75 69 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 48 cb a2 00 cc e8 e2 a8 f0 f6 90 0f 0b 90 eb bd e8 d7 a8 f0 f6 90 <0f> 0b 90 4c 8b 6c 24 18 eb ad e8 c7 a8 f0 f6 90 0f 0b 90 e9 de fd [ 75.012500][ T1039] RSP: 0018:ffffc9000255f8e0 EFLAGS: 00010293 [ 75.015318][ T1039] RAX: ffffffff8acf8829 RBX: dffffc0000000000 RCX: ffff88803341c880 [ 75.018912][ T1039] RDX: 0000000000000000 RSI: ffffffff8d9994ea RDI: ffffffff8be29ec0 [ 75.022617][ T1039] RBP: ffffc9000255f9b8 R08: ffffffff8fa1faf7 R09: 1ffffffff1f43f5e [ 75.026591][ T1039] R10: dffffc0000000000 R11: fffffbfff1f43f5f R12: ffff888052b98d90 [ 75.030369][ T1039] R13: 1ffff920004abf24 R14: ffff8880333ab338 R15: 0000000000000006 [ 75.034013][ T1039] FS: 0000000000000000(0000) GS:ffff88808d218000(0000) knlGS:0000000000000000 [ 75.037996][ T1039] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.041186][ T1039] CR2: 00007f43c27929a0 CR3: 00000000517ef000 CR4: 0000000000352ef0 [ 75.044761][ T1039] Call Trace: [ 75.046300][ T1039] [ 75.047661][ T1039] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.051029][ T1039] ? __pfx___cfg80211_ibss_joined+0x10/0x10 [ 75.053702][ T1039] ? cfg80211_event_work+0x24/0x60 [ 75.056072][ T1039] ? __pfx___mutex_lock+0x10/0x10 [ 75.058309][ T1039] cfg80211_process_wdev_events+0x38a/0x4f0 [ 75.061021][ T1039] cfg80211_process_rdev_events+0xa1/0x110 [ 75.063632][ T1039] cfg80211_event_work+0x2c/0x60 [ 75.065699][ T1039] ? process_scheduled_works+0x9ef/0x17b0 [ 75.068135][ T1039] process_scheduled_works+0xae1/0x17b0 [ 75.070701][ T1039] ? __pfx_process_scheduled_works+0x10/0x10 [ 75.073259][ T1039] worker_thread+0x8a0/0xda0 [ 75.075218][ T1039] kthread+0x70e/0x8a0 [ 75.077017][ T1039] ? __pfx_worker_thread+0x10/0x10 [ 75.079256][ T1039] ? __pfx_kthread+0x10/0x10 [ 75.081558][ T1039] ? _raw_spin_unlock_irq+0x23/0x50 [ 75.083834][ T1039] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.086190][ T1039] ? __pfx_kthread+0x10/0x10 [ 75.088208][ T1039] ret_from_fork+0x3fc/0x770 [ 75.090460][ T1039] ? __pfx_ret_from_fork+0x10/0x10 [ 75.092837][ T1039] ? __pfx_kthread+0x10/0x10 [ 75.094989][ T1039] ret_from_fork_asm+0x1a/0x30 [ 75.097171][ T1039] [ 75.098552][ T1039] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.101726][ T1039] CPU: 0 UID: 0 PID: 1039 Comm: kworker/u4:7 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) [ 75.106967][ T1039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.112204][ T1039] Workqueue: cfg80211 cfg80211_event_work [ 75.114665][ T1039] Call Trace: [ 75.116139][ T1039] [ 75.117586][ T1039] dump_stack_lvl+0x99/0x250 [ 75.119737][ T1039] ? __asan_memcpy+0x40/0x70 [ 75.121875][ T1039] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.124131][ T1039] ? __pfx__printk+0x10/0x10 [ 75.126035][ T1039] panic+0x2db/0x790 [ 75.127734][ T1039] ? __pfx_panic+0x10/0x10 [ 75.129732][ T1039] ? show_trace_log_lvl+0x4fb/0x550 [ 75.131962][ T1039] ? ret_from_fork_asm+0x1a/0x30 [ 75.134062][ T1039] __warn+0x31b/0x4b0 [ 75.135697][ T1039] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 75.137949][ T1039] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 75.140283][ T1039] report_bug+0x2be/0x4f0 [ 75.142208][ T1039] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 75.144637][ T1039] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 75.147090][ T1039] ? __cfg80211_ibss_joined+0x3cc/0x440 [ 75.149591][ T1039] handle_bug+0x84/0x160 [ 75.151433][ T1039] exc_invalid_op+0x1a/0x50 [ 75.153433][ T1039] asm_exc_invalid_op+0x1a/0x20 [ 75.155661][ T1039] RIP: 0010:__cfg80211_ibss_joined+0x3ca/0x440 [ 75.158621][ T1039] Code: 00 00 00 75 69 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 48 cb a2 00 cc e8 e2 a8 f0 f6 90 0f 0b 90 eb bd e8 d7 a8 f0 f6 90 <0f> 0b 90 4c 8b 6c 24 18 eb ad e8 c7 a8 f0 f6 90 0f 0b 90 e9 de fd [ 75.167017][ T1039] RSP: 0018:ffffc9000255f8e0 EFLAGS: 00010293 [ 75.169736][ T1039] RAX: ffffffff8acf8829 RBX: dffffc0000000000 RCX: ffff88803341c880 [ 75.173058][ T1039] RDX: 0000000000000000 RSI: ffffffff8d9994ea RDI: ffffffff8be29ec0 [ 75.176794][ T1039] RBP: ffffc9000255f9b8 R08: ffffffff8fa1faf7 R09: 1ffffffff1f43f5e [ 75.180128][ T1039] R10: dffffc0000000000 R11: fffffbfff1f43f5f R12: ffff888052b98d90 [ 75.183596][ T1039] R13: 1ffff920004abf24 R14: ffff8880333ab338 R15: 0000000000000006 [ 75.187489][ T1039] ? __cfg80211_ibss_joined+0x3c9/0x440 [ 75.190423][ T1039] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.192873][ T1039] ? __pfx___cfg80211_ibss_joined+0x10/0x10 [ 75.195488][ T1039] ? cfg80211_event_work+0x24/0x60 [ 75.197883][ T1039] ? __pfx___mutex_lock+0x10/0x10 [ 75.200080][ T1039] cfg80211_process_wdev_events+0x38a/0x4f0 [ 75.202735][ T1039] cfg80211_process_rdev_events+0xa1/0x110 [ 75.205338][ T1039] cfg80211_event_work+0x2c/0x60 [ 75.207670][ T1039] ? process_scheduled_works+0x9ef/0x17b0 [ 75.210266][ T1039] process_scheduled_works+0xae1/0x17b0 [ 75.212735][ T1039] ? __pfx_process_scheduled_works+0x10/0x10 [ 75.215460][ T1039] worker_thread+0x8a0/0xda0 [ 75.217563][ T1039] kthread+0x70e/0x8a0 [ 75.219372][ T1039] ? __pfx_worker_thread+0x10/0x10 [ 75.221618][ T1039] ? __pfx_kthread+0x10/0x10 [ 75.223727][ T1039] ? _raw_spin_unlock_irq+0x23/0x50 [ 75.226020][ T1039] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.228285][ T1039] ? __pfx_kthread+0x10/0x10 [ 75.230315][ T1039] ret_from_fork+0x3fc/0x770 [ 75.232382][ T1039] ? __pfx_ret_from_fork+0x10/0x10 [ 75.234564][ T1039] ? __pfx_kthread+0x10/0x10 [ 75.236639][ T1039] ret_from_fork_asm+0x1a/0x30 [ 75.238877][ T1039] [ 75.240634][ T1039] Kernel Offset: disabled [ 75.242525][ T1039] Rebooting in 86400 seconds..