program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0x30, r4, 0x5, 0x70bd27, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}, 0x1, 0x0, 0x0, 0x84}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) nanosleep(0x0, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_REG(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8914, &(0x7f0000000080)) [ 70.629571][ T5305] Bluetooth: hci0: command tx timeout [ 70.722710][ T5323] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 70.736295][ T5323] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 70.743248][ T5323] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 70.753553][ T5318] ------------[ cut here ]------------ [ 70.755827][ T5318] WARNING: CPU: 0 PID: 5318 at net/mac80211/mlme.c:1012 ieee80211_prep_channel+0x389b/0x5120 [ 70.760171][ T5318] Modules linked in: [ 70.761789][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: kworker/0:5 Not tainted 6.14.0-rc6-syzkaller-00205-g3571e8b091f4 #0 [ 70.765923][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.770461][ T5318] Workqueue: events cfg80211_conn_work [ 70.772711][ T5318] RIP: 0010:ieee80211_prep_channel+0x389b/0x5120 [ 70.775278][ T5318] Code: c6 05 9f 04 95 04 01 48 c7 c7 77 34 4b 8d be 78 03 00 00 48 c7 c2 e0 35 4b 8d e8 10 39 0b f6 e9 7e ca ff ff e8 66 de 2f f6 90 <0f> 0b 90 48 8b 7c 24 30 e8 a8 9d 8b f6 48 c7 44 24 30 ea ff ff ff [ 70.782456][ T5318] RSP: 0018:ffffc9000d21ec60 EFLAGS: 00010293 [ 70.784698][ T5318] RAX: ffffffff8b92016a RBX: 0000000000000000 RCX: ffff88801ae48000 [ 70.787755][ T5318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 70.791045][ T5318] RBP: ffffc9000d21efb0 R08: ffffffff8b91d689 R09: ffffffff8b6093a9 [ 70.794150][ T5318] R10: 000000000000000e R11: ffff88801ae48000 R12: dffffc0000000000 [ 70.797210][ T5318] R13: ffff888040f8a758 R14: ffffc9000d21ee70 R15: ffffc9000d21eeb0 [ 70.800362][ T5318] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 70.803690][ T5318] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.806061][ T5318] CR2: 0000000000000000 CR3: 0000000012248000 CR4: 0000000000352ef0 [ 70.808891][ T5318] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.812400][ T5318] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.815300][ T5318] Call Trace: [ 70.816561][ T5318] [ 70.817718][ T5318] ? __warn+0x165/0x4d0 [ 70.819400][ T5318] ? ieee80211_prep_channel+0x389b/0x5120 [ 70.821543][ T5318] ? report_bug+0x2b3/0x500 [ 70.823178][ T5318] ? ieee80211_prep_channel+0x389b/0x5120 [ 70.825239][ T5318] ? handle_bug+0x60/0x90 [ 70.826817][ T5318] ? exc_invalid_op+0x1a/0x50 [ 70.828528][ T5318] ? asm_exc_invalid_op+0x1a/0x20 [ 70.830575][ T5318] ? cfg80211_get_end_freq+0x79/0x1d0 [ 70.832502][ T5318] ? ieee80211_prep_channel+0xdb9/0x5120 [ 70.834560][ T5318] ? ieee80211_prep_channel+0x389a/0x5120 [ 70.836571][ T5318] ? ieee80211_prep_channel+0x389b/0x5120 [ 70.838624][ T5318] ? ieee80211_prep_channel+0x20a/0x5120 [ 70.840912][ T5318] ? mark_lock+0x9a/0x360 [ 70.842695][ T5318] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 70.844876][ T5318] ? __pfx_lock_release+0x10/0x10 [ 70.846719][ T5318] ieee80211_prep_connection+0xda1/0x1310 [ 70.848758][ T5318] ieee80211_mgd_auth+0xedb/0x1750 [ 70.850798][ T5318] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 70.852755][ T5318] ? rcu_is_watching+0x15/0xb0 [ 70.854522][ T5318] cfg80211_mlme_auth+0x59f/0x970 [ 70.856342][ T5318] cfg80211_conn_do_work+0x601/0xeb0 [ 70.858277][ T5318] ? mark_lock+0x9a/0x360 [ 70.859976][ T5318] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 70.862121][ T5318] ? __pfx_validate_chain+0x10/0x10 [ 70.864000][ T5318] ? cfg80211_conn_work+0x273/0x530 [ 70.865983][ T5318] cfg80211_conn_work+0x2c0/0x530 [ 70.867836][ T5318] ? __pfx_cfg80211_conn_work+0x10/0x10 [ 70.870136][ T5318] ? lockdep_unlock+0x16a/0x300 [ 70.872000][ T5318] ? mark_lock+0x2ae/0x360 [ 70.873628][ T5318] ? __lock_acquire+0x1397/0x2100 [ 70.875459][ T5318] ? do_raw_spin_unlock+0x58/0x8b0 [ 70.877337][ T5318] ? __pfx_lock_acquire+0x10/0x10 [ 70.879336][ T5318] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 70.881575][ T5318] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 70.883851][ T5318] ? process_scheduled_works+0x9c6/0x18e0 [ 70.885961][ T5318] process_scheduled_works+0xabe/0x18e0 [ 70.888027][ T5318] ? __pfx_process_scheduled_works+0x10/0x10 [ 70.890463][ T5318] ? assign_work+0x364/0x3d0 [ 70.892353][ T5318] worker_thread+0x870/0xd30 [ 70.894261][ T5318] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 70.896644][ T5318] ? __kthread_parkme+0x169/0x1d0 [ 70.898685][ T5318] ? __pfx_worker_thread+0x10/0x10 [ 70.900701][ T5318] kthread+0x7a9/0x920 [ 70.902192][ T5318] ? __pfx_kthread+0x10/0x10 [ 70.903928][ T5318] ? __pfx_worker_thread+0x10/0x10 [ 70.905792][ T5318] ? __pfx_kthread+0x10/0x10 [ 70.907431][ T5318] ? __pfx_kthread+0x10/0x10 [ 70.909161][ T5318] ? __pfx_kthread+0x10/0x10 [ 70.911094][ T5318] ? _raw_spin_unlock_irq+0x23/0x50 [ 70.913073][ T5318] ? lockdep_hardirqs_on+0x99/0x150 [ 70.915047][ T5318] ? __pfx_kthread+0x10/0x10 [ 70.916770][ T5318] ret_from_fork+0x4b/0x80 [ 70.918467][ T5318] ? __pfx_kthread+0x10/0x10 [ 70.920400][ T5318] ret_from_fork_asm+0x1a/0x30 [ 70.922271][ T5318] [ 70.923428][ T5318] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 70.926096][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: kworker/0:5 Not tainted 6.14.0-rc6-syzkaller-00205-g3571e8b091f4 #0 [ 70.929923][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.933812][ T5318] Workqueue: events cfg80211_conn_work [ 70.935804][ T5318] Call Trace: [ 70.937068][ T5318] [ 70.938189][ T5318] dump_stack_lvl+0x241/0x360 [ 70.939973][ T5318] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.941909][ T5318] ? __pfx__printk+0x10/0x10 [ 70.943605][ T5318] ? _printk+0xd5/0x120 [ 70.945160][ T5318] ? __init_begin+0x41000/0x41000 [ 70.947053][ T5318] ? vscnprintf+0x5d/0x90 [ 70.948622][ T5318] panic+0x349/0x880 [ 70.950166][ T5318] ? __warn+0x174/0x4d0 [ 70.951822][ T5318] ? __pfx_panic+0x10/0x10 [ 70.953532][ T5318] ? ret_from_fork_asm+0x1a/0x30 [ 70.955408][ T5318] __warn+0x344/0x4d0 [ 70.956920][ T5318] ? ieee80211_prep_channel+0x389b/0x5120 [ 70.959038][ T5318] report_bug+0x2b3/0x500 [ 70.960685][ T5318] ? ieee80211_prep_channel+0x389b/0x5120 [ 70.962755][ T5318] handle_bug+0x60/0x90 [ 70.964251][ T5318] exc_invalid_op+0x1a/0x50 [ 70.967040][ T5318] asm_exc_invalid_op+0x1a/0x20 [ 70.969655][ T5318] RIP: 0010:ieee80211_prep_channel+0x389b/0x5120 [ 70.972192][ T5318] Code: c6 05 9f 04 95 04 01 48 c7 c7 77 34 4b 8d be 78 03 00 00 48 c7 c2 e0 35 4b 8d e8 10 39 0b f6 e9 7e ca ff ff e8 66 de 2f f6 90 <0f> 0b 90 48 8b 7c 24 30 e8 a8 9d 8b f6 48 c7 44 24 30 ea ff ff ff [ 70.979457][ T5318] RSP: 0018:ffffc9000d21ec60 EFLAGS: 00010293 [ 70.981773][ T5318] RAX: ffffffff8b92016a RBX: 0000000000000000 RCX: ffff88801ae48000 [ 70.984692][ T5318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 70.987635][ T5318] RBP: ffffc9000d21efb0 R08: ffffffff8b91d689 R09: ffffffff8b6093a9 [ 70.990703][ T5318] R10: 000000000000000e R11: ffff88801ae48000 R12: dffffc0000000000 [ 70.993876][ T5318] R13: ffff888040f8a758 R14: ffffc9000d21ee70 R15: ffffc9000d21eeb0 [ 70.996949][ T5318] ? cfg80211_get_end_freq+0x79/0x1d0 [ 70.998979][ T5318] ? ieee80211_prep_channel+0xdb9/0x5120 [ 71.001206][ T5318] ? ieee80211_prep_channel+0x389a/0x5120 [ 71.003398][ T5318] ? ieee80211_prep_channel+0x20a/0x5120 [ 71.005463][ T5318] ? mark_lock+0x9a/0x360 [ 71.007083][ T5318] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 71.009250][ T5318] ? __pfx_lock_release+0x10/0x10 [ 71.011180][ T5318] ieee80211_prep_connection+0xda1/0x1310 [ 71.013290][ T5318] ieee80211_mgd_auth+0xedb/0x1750 [ 71.015232][ T5318] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 71.017326][ T5318] ? rcu_is_watching+0x15/0xb0 [ 71.019147][ T5318] cfg80211_mlme_auth+0x59f/0x970 [ 71.021060][ T5318] cfg80211_conn_do_work+0x601/0xeb0 [ 71.022973][ T5318] ? mark_lock+0x9a/0x360 [ 71.024814][ T5318] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 71.027276][ T5318] ? __pfx_validate_chain+0x10/0x10 [ 71.029505][ T5318] ? cfg80211_conn_work+0x273/0x530 [ 71.031513][ T5318] cfg80211_conn_work+0x2c0/0x530 [ 71.033282][ T5318] ? __pfx_cfg80211_conn_work+0x10/0x10 [ 71.035717][ T5318] ? lockdep_unlock+0x16a/0x300 [ 71.037621][ T5318] ? mark_lock+0x2ae/0x360 [ 71.039452][ T5318] ? __lock_acquire+0x1397/0x2100 [ 71.041441][ T5318] ? do_raw_spin_unlock+0x58/0x8b0 [ 71.043407][ T5318] ? __pfx_lock_acquire+0x10/0x10 [ 71.045327][ T5318] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 71.047624][ T5318] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 71.049997][ T5318] ? process_scheduled_works+0x9c6/0x18e0 [ 71.052141][ T5318] process_scheduled_works+0xabe/0x18e0 [ 71.054253][ T5318] ? __pfx_process_scheduled_works+0x10/0x10 [ 71.056475][ T5318] ? assign_work+0x364/0x3d0 [ 71.058228][ T5318] worker_thread+0x870/0xd30 [ 71.060036][ T5318] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 71.062351][ T5318] ? __kthread_parkme+0x169/0x1d0 [ 71.064206][ T5318] ? __pfx_worker_thread+0x10/0x10 [ 71.066150][ T5318] kthread+0x7a9/0x920 [ 71.067697][ T5318] ? __pfx_kthread+0x10/0x10 [ 71.069450][ T5318] ? __pfx_worker_thread+0x10/0x10 [ 71.071345][ T5318] ? __pfx_kthread+0x10/0x10 [ 71.073076][ T5318] ? __pfx_kthread+0x10/0x10 [ 71.074797][ T5318] ? __pfx_kthread+0x10/0x10 [ 71.076567][ T5318] ? _raw_spin_unlock_irq+0x23/0x50 [ 71.078523][ T5318] ? lockdep_hardirqs_on+0x99/0x150 [ 71.080667][ T5318] ? __pfx_kthread+0x10/0x10 [ 71.082441][ T5318] ret_from_fork+0x4b/0x80 [ 71.084061][ T5318] ? __pfx_kthread+0x10/0x10 [ 71.085819][ T5318] ret_from_fork_asm+0x1a/0x30 [ 71.087586][ T5318] [ 71.088983][ T5318] Kernel Offset: disabled [ 71.090740][ T5318] Rebooting in 86400 seconds..