program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=ANY=[@ANYBLOB="80000000080211000001080211000001080211000000000000000000000000006400010005037c200825030002"], 0x64) syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000280)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @random=0x9, 0x2800, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x1, 0xffffffffffffffff, 0x1, 0x1, 0x0, 0x4, 0x21}}}, 0x3f) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32) [ 68.101190][ T5334] Bluetooth: hci0: command tx timeout [ 68.165258][ T5353] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 68.205042][ T5347] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 68.208250][ T5347] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 68.222819][ T180] wlan1: authenticated [ 68.225389][ T5354] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 68.230615][ T180] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 68.235455][ T5353] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 68.240232][ T180] wlan1: associated [ 68.243897][ T5353] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 68.249421][ T5353] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 68.256261][ T180] ------------[ cut here ]------------ [ 68.258712][ T180] WARNING: CPU: 0 PID: 180 at net/wireless/scan.c:1666 cfg80211_rehash_bss+0x1e6/0x540 [ 68.263028][ T180] Modules linked in: [ 68.264859][ T180] CPU: 0 UID: 0 PID: 180 Comm: kworker/u4:5 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(full) [ 68.271666][ T180] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.276207][ T180] Workqueue: events_unbound cfg80211_wiphy_work [ 68.278929][ T180] RIP: 0010:cfg80211_rehash_bss+0x1e6/0x540 [ 68.281463][ T180] Code: e8 48 c1 e8 03 42 0f b6 04 30 84 c0 0f 85 33 03 00 00 ff 45 00 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 3c 56 af 00 cc 90 <0f> 0b 90 4c 8b 2c 24 4c 89 ef e8 eb b6 02 fa 84 c0 74 78 e8 32 c5 [ 68.289786][ T180] RSP: 0018:ffffc90001a46f20 EFLAGS: 00010246 [ 68.292505][ T180] RAX: ffffffff8acef3e5 RBX: 0000000000000000 RCX: 0000000000000002 [ 68.295894][ T180] RDX: ffff888000bbc880 RSI: 0000000000000000 RDI: 0000000000000000 [ 68.299214][ T180] RBP: ffff88803ff44468 R08: 0000000000000000 R09: 0000000000000002 [ 68.302632][ T180] R10: 0000000000000002 R11: 0000000000000002 R12: ffff8880436d01a0 [ 68.306194][ T180] R13: ffff88803ffb1830 R14: dffffc0000000000 R15: ffff88803ffb1420 [ 68.309642][ T180] FS: 0000000000000000(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000 [ 68.313804][ T180] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.316738][ T180] CR2: 00007f50459b5f70 CR3: 0000000034983000 CR4: 0000000000352ef0 [ 68.320137][ T180] Call Trace: [ 68.321725][ T180] [ 68.323040][ T180] cfg80211_update_assoc_bss_entry+0x3f6/0x6a0 [ 68.325714][ T180] cfg80211_ch_switch_notify+0x3c1/0x780 [ 68.328191][ T180] ieee80211_sta_process_chanswitch+0xad4/0x2870 [ 68.331099][ T180] ? ieee80211_bss_info_update+0x79b/0x9e0 [ 68.333603][ T180] ? __pfx_ieee80211_sta_process_chanswitch+0x10/0x10 [ 68.336489][ T180] ? rcu_is_watching+0x15/0xb0 [ 68.338608][ T180] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 68.341012][ T180] ieee80211_rx_mgmt_beacon+0x19c7/0x2cd0 [ 68.343335][ T180] ? __pfx_ieee80211_rx_mgmt_beacon+0x10/0x10 [ 68.345855][ T180] ? unwind_next_frame+0xa5/0x2390 [ 68.348032][ T180] ? unwind_next_frame+0xa5/0x2390 [ 68.350168][ T180] ? rcu_is_watching+0x15/0xb0 [ 68.352308][ T180] ? unwind_next_frame+0xa5/0x2390 [ 68.354552][ T180] ? rcu_is_watching+0x15/0xb0 [ 68.356537][ T180] ? unwind_next_frame+0xa5/0x2390 [ 68.358645][ T180] ? unwind_next_frame+0xa5/0x2390 [ 68.360713][ T180] ? rcu_is_watching+0x15/0xb0 [ 68.362824][ T180] ? unwind_next_frame+0xa5/0x2390 [ 68.365079][ T180] ieee80211_sta_rx_queued_mgmt+0x4ed/0x4470 [ 68.367629][ T180] ? unwind_next_frame+0xa5/0x2390 [ 68.369875][ T180] ? unwind_next_frame+0x19ae/0x2390 [ 68.372268][ T180] ? __pfx_ieee80211_sta_rx_queued_mgmt+0x10/0x10 [ 68.374998][ T180] ? unwind_next_frame+0xa5/0x2390 [ 68.377096][ T180] ? ret_from_fork_asm+0x1a/0x30 [ 68.379343][ T180] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 68.381987][ T180] ? arch_stack_walk+0x11c/0x150 [ 68.384175][ T180] ? ret_from_fork_asm+0x1a/0x30 [ 68.386348][ T180] ? stack_trace_save+0x9c/0xe0 [ 68.388462][ T180] ? stack_depot_save_flags+0x40/0x860 [ 68.390760][ T180] ? ieee80211_sta_work+0xca5/0x3600 [ 68.393069][ T180] ? kthread+0x70e/0x8a0 [ 68.394884][ T180] ? ret_from_fork+0x380/0x770 [ 68.396851][ T180] ? ret_from_fork_asm+0x1a/0x30 [ 68.399037][ T180] ? do_raw_spin_lock+0x121/0x290 [ 68.401341][ T180] ? rcu_is_watching+0x15/0xb0 [ 68.403463][ T180] ? cpuacct_charge+0x10e/0x320 [ 68.405562][ T180] ? __mutex_trylock_common+0x153/0x260 [ 68.408089][ T180] ? __pfx___mutex_trylock_common+0x10/0x10 [ 68.410592][ T180] ? update_load_avg+0x572/0x1880 [ 68.412858][ T180] ? do_raw_spin_lock+0x121/0x290 [ 68.415065][ T180] ? rcu_is_watching+0x15/0xb0 [ 68.417191][ T180] ? rcu_is_watching+0x15/0xb0 [ 68.419680][ T180] ? rcu_is_watching+0x15/0xb0 [ 68.421734][ T180] ? kcov_remote_start+0x97/0x7f0 [ 68.424361][ T180] ieee80211_iface_work+0x652/0x12d0 [ 68.426885][ T180] cfg80211_wiphy_work+0x2bb/0x470 [ 68.429094][ T180] ? process_scheduled_works+0x9ef/0x17b0 [ 68.431660][ T180] process_scheduled_works+0xade/0x17b0 [ 68.434082][ T180] ? __pfx_process_scheduled_works+0x10/0x10 [ 68.436654][ T180] worker_thread+0x8a0/0xda0 [ 68.438685][ T180] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 68.441602][ T180] ? __kthread_parkme+0x7b/0x200 [ 68.443940][ T180] kthread+0x70e/0x8a0 [ 68.445898][ T180] ? __pfx_worker_thread+0x10/0x10 [ 68.448158][ T180] ? __pfx_kthread+0x10/0x10 [ 68.450156][ T180] ? _raw_spin_unlock_irq+0x23/0x50 [ 68.452472][ T180] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.454737][ T180] ? __pfx_kthread+0x10/0x10 [ 68.456846][ T180] ret_from_fork+0x3f9/0x770 [ 68.458841][ T180] ? __pfx_ret_from_fork+0x10/0x10 [ 68.461189][ T180] ? __pfx_kthread+0x10/0x10 [ 68.463114][ T180] ret_from_fork_asm+0x1a/0x30 [ 68.465135][ T180] [ 68.466455][ T180] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 68.469535][ T180] CPU: 0 UID: 0 PID: 180 Comm: kworker/u4:5 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(full) [ 68.474392][ T180] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.479031][ T180] Workqueue: events_unbound cfg80211_wiphy_work [ 68.481634][ T180] Call Trace: [ 68.483090][ T180] [ 68.484435][ T180] dump_stack_lvl+0x99/0x250 [ 68.486433][ T180] ? __asan_memcpy+0x40/0x70 [ 68.488482][ T180] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.490795][ T180] ? __pfx__printk+0x10/0x10 [ 68.492814][ T180] vpanic+0x281/0x750 [ 68.494572][ T180] ? __pfx__printk+0x10/0x10 [ 68.496558][ T180] ? __pfx_vpanic+0x10/0x10 [ 68.498635][ T180] ? is_bpf_text_address+0x26/0x2b0 [ 68.500854][ T180] panic+0xb9/0xc0 [ 68.502514][ T180] ? __pfx_panic+0x10/0x10 [ 68.504438][ T180] __warn+0x31b/0x4b0 [ 68.506189][ T180] ? cfg80211_rehash_bss+0x1e6/0x540 [ 68.508466][ T180] ? cfg80211_rehash_bss+0x1e6/0x540 [ 68.510734][ T180] report_bug+0x2be/0x4f0 [ 68.512621][ T180] ? cfg80211_rehash_bss+0x1e6/0x540 [ 68.515162][ T180] ? cfg80211_rehash_bss+0x1e6/0x540 [ 68.517840][ T180] ? cfg80211_rehash_bss+0x1e8/0x540 [ 68.519950][ T180] handle_bug+0x84/0x160 [ 68.521636][ T180] exc_invalid_op+0x1a/0x50 [ 68.523525][ T180] asm_exc_invalid_op+0x1a/0x20 [ 68.525613][ T180] RIP: 0010:cfg80211_rehash_bss+0x1e6/0x540 [ 68.528100][ T180] Code: e8 48 c1 e8 03 42 0f b6 04 30 84 c0 0f 85 33 03 00 00 ff 45 00 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 3c 56 af 00 cc 90 <0f> 0b 90 4c 8b 2c 24 4c 89 ef e8 eb b6 02 fa 84 c0 74 78 e8 32 c5 [ 68.536030][ T180] RSP: 0018:ffffc90001a46f20 EFLAGS: 00010246 [ 68.538540][ T180] RAX: ffffffff8acef3e5 RBX: 0000000000000000 RCX: 0000000000000002 [ 68.541997][ T180] RDX: ffff888000bbc880 RSI: 0000000000000000 RDI: 0000000000000000 [ 68.545425][ T180] RBP: ffff88803ff44468 R08: 0000000000000000 R09: 0000000000000002 [ 68.548849][ T180] R10: 0000000000000002 R11: 0000000000000002 R12: ffff8880436d01a0 [ 68.552266][ T180] R13: ffff88803ffb1830 R14: dffffc0000000000 R15: ffff88803ffb1420 [ 68.555660][ T180] ? cfg80211_rehash_bss+0xe5/0x540 [ 68.557933][ T180] cfg80211_update_assoc_bss_entry+0x3f6/0x6a0 [ 68.560643][ T180] cfg80211_ch_switch_notify+0x3c1/0x780 [ 68.562895][ T180] ieee80211_sta_process_chanswitch+0xad4/0x2870 [ 68.565558][ T180] ? ieee80211_bss_info_update+0x79b/0x9e0 [ 68.568039][ T180] ? __pfx_ieee80211_sta_process_chanswitch+0x10/0x10 [ 68.571128][ T180] ? rcu_is_watching+0x15/0xb0 [ 68.573382][ T180] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 68.575966][ T180] ieee80211_rx_mgmt_beacon+0x19c7/0x2cd0 [ 68.578389][ T180] ? __pfx_ieee80211_rx_mgmt_beacon+0x10/0x10 [ 68.581097][ T180] ? unwind_next_frame+0xa5/0x2390 [ 68.583407][ T180] ? unwind_next_frame+0xa5/0x2390 [ 68.585762][ T180] ? rcu_is_watching+0x15/0xb0 [ 68.587956][ T180] ? unwind_next_frame+0xa5/0x2390 [ 68.590248][ T180] ? rcu_is_watching+0x15/0xb0 [ 68.592449][ T180] ? unwind_next_frame+0xa5/0x2390 [ 68.594872][ T180] ? unwind_next_frame+0xa5/0x2390 [ 68.597246][ T180] ? rcu_is_watching+0x15/0xb0 [ 68.599409][ T180] ? unwind_next_frame+0xa5/0x2390 [ 68.601609][ T180] ieee80211_sta_rx_queued_mgmt+0x4ed/0x4470 [ 68.604126][ T180] ? unwind_next_frame+0xa5/0x2390 [ 68.606440][ T180] ? unwind_next_frame+0x19ae/0x2390 [ 68.608729][ T180] ? __pfx_ieee80211_sta_rx_queued_mgmt+0x10/0x10 [ 68.611484][ T180] ? unwind_next_frame+0xa5/0x2390 [ 68.613664][ T180] ? ret_from_fork_asm+0x1a/0x30 [ 68.615755][ T180] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 68.618429][ T180] ? arch_stack_walk+0x11c/0x150 [ 68.620540][ T180] ? ret_from_fork_asm+0x1a/0x30 [ 68.622755][ T180] ? stack_trace_save+0x9c/0xe0 [ 68.624864][ T180] ? stack_depot_save_flags+0x40/0x860 [ 68.627206][ T180] ? ieee80211_sta_work+0xca5/0x3600 [ 68.629517][ T180] ? kthread+0x70e/0x8a0 [ 68.631401][ T180] ? ret_from_fork+0x380/0x770 [ 68.633453][ T180] ? ret_from_fork_asm+0x1a/0x30 [ 68.635694][ T180] ? do_raw_spin_lock+0x121/0x290 [ 68.637921][ T180] ? rcu_is_watching+0x15/0xb0 [ 68.640109][ T180] ? cpuacct_charge+0x10e/0x320 [ 68.642429][ T180] ? __mutex_trylock_common+0x153/0x260 [ 68.645036][ T180] ? __pfx___mutex_trylock_common+0x10/0x10 [ 68.647631][ T180] ? update_load_avg+0x572/0x1880 [ 68.649824][ T180] ? do_raw_spin_lock+0x121/0x290 [ 68.652020][ T180] ? rcu_is_watching+0x15/0xb0 [ 68.654166][ T180] ? rcu_is_watching+0x15/0xb0 [ 68.656243][ T180] ? rcu_is_watching+0x15/0xb0 [ 68.658332][ T180] ? kcov_remote_start+0x97/0x7f0 [ 68.660546][ T180] ieee80211_iface_work+0x652/0x12d0 [ 68.662900][ T180] cfg80211_wiphy_work+0x2bb/0x470 [ 68.665281][ T180] ? process_scheduled_works+0x9ef/0x17b0 [ 68.667960][ T180] process_scheduled_works+0xade/0x17b0 [ 68.670397][ T180] ? __pfx_process_scheduled_works+0x10/0x10 [ 68.672844][ T180] worker_thread+0x8a0/0xda0 [ 68.674886][ T180] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 68.677365][ T180] ? __kthread_parkme+0x7b/0x200 [ 68.679553][ T180] kthread+0x70e/0x8a0 [ 68.681347][ T180] ? __pfx_worker_thread+0x10/0x10 [ 68.683552][ T180] ? __pfx_kthread+0x10/0x10 [ 68.685314][ T180] ? _raw_spin_unlock_irq+0x23/0x50 [ 68.687357][ T180] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.689529][ T180] ? __pfx_kthread+0x10/0x10 [ 68.691577][ T180] ret_from_fork+0x3f9/0x770 [ 68.693729][ T180] ? __pfx_ret_from_fork+0x10/0x10 [ 68.695812][ T180] ? __pfx_kthread+0x10/0x10 [ 68.697810][ T180] ret_from_fork_asm+0x1a/0x30 [ 68.699743][ T180] [ 68.701459][ T180] Kernel Offset: disabled [ 68.703285][ T180] Rebooting in 86400 seconds..