program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @random=0x401, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x4, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_REG(r9, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r11, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r12, @ANYBLOB='\n\x004'], 0x30}}, 0x0) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)={0x30, r1, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x14}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004841}, 0x80) [ 69.102683][ T4667] Bluetooth: hci0: command tx timeout [ 69.199406][ T5324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 69.216806][ T5324] netlink: 8 bytes leftover after parsing attributes in process `syz.0.0'. [ 69.237716][ T9] ------------[ cut here ]------------ [ 69.240077][ T9] WARNING: CPU: 0 PID: 9 at net/mac80211/mlme.c:1012 ieee80211_prep_channel+0x389b/0x5120 [ 69.244036][ T9] Modules linked in: [ 69.245565][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.14.0-rc2-syzkaller-00228-g04f41cbf03ec #0 [ 69.249877][ T9] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.254599][ T9] Workqueue: events cfg80211_conn_work [ 69.256784][ T9] RIP: 0010:ieee80211_prep_channel+0x389b/0x5120 [ 69.259309][ T9] Code: c6 05 14 a5 95 04 01 48 c7 c7 77 0f 4b 8d be 78 03 00 00 48 c7 c2 e0 10 4b 8d e8 d0 d0 0b f6 e9 7e ca ff ff e8 56 74 30 f6 90 <0f> 0b 90 48 8b 7c 24 30 e8 48 2e 8c f6 48 c7 44 24 30 ea ff ff ff [ 69.267809][ T9] RSP: 0018:ffffc900001b6c60 EFLAGS: 00010293 [ 69.270427][ T9] RAX: ffffffff8b9143ea RBX: 0000000000000000 RCX: ffff88801cae4880 [ 69.273558][ T9] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 69.276585][ T9] RBP: ffffc900001b6fb0 R08: ffffffff8b911909 R09: ffffffff8b5fe169 [ 69.280115][ T9] R10: 000000000000000e R11: ffff88801cae4880 R12: dffffc0000000000 [ 69.283645][ T9] R13: ffff888043ed6758 R14: ffffc900001b6e70 R15: ffffc900001b6eb0 [ 69.286882][ T9] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 69.290603][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.293413][ T9] CR2: 00007fc4ff37d538 CR3: 000000000e938000 CR4: 0000000000352ef0 [ 69.296861][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.300483][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.304344][ T9] Call Trace: [ 69.305988][ T9] [ 69.307622][ T9] ? __warn+0x165/0x4d0 [ 69.309564][ T9] ? ieee80211_prep_channel+0x389b/0x5120 [ 69.311693][ T9] ? report_bug+0x2b3/0x500 [ 69.313599][ T9] ? ieee80211_prep_channel+0x389b/0x5120 [ 69.315792][ T9] ? handle_bug+0x60/0x90 [ 69.317426][ T9] ? exc_invalid_op+0x1a/0x50 [ 69.319246][ T9] ? asm_exc_invalid_op+0x1a/0x20 [ 69.321286][ T9] ? cfg80211_get_end_freq+0x79/0x1d0 [ 69.324005][ T9] ? ieee80211_prep_channel+0xdb9/0x5120 [ 69.326386][ T9] ? ieee80211_prep_channel+0x389a/0x5120 [ 69.328676][ T9] ? ieee80211_prep_channel+0x389b/0x5120 [ 69.330811][ T9] ? ieee80211_prep_channel+0x20a/0x5120 [ 69.333074][ T9] ? mark_lock+0x9a/0x360 [ 69.334770][ T9] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 69.337617][ T9] ? __pfx_lock_release+0x10/0x10 [ 69.339829][ T9] ieee80211_prep_connection+0xda1/0x1310 [ 69.342756][ T9] ieee80211_mgd_auth+0xedb/0x1750 [ 69.344631][ T9] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 69.346732][ T9] ? rcu_is_watching+0x15/0xb0 [ 69.348595][ T9] cfg80211_mlme_auth+0x59f/0x970 [ 69.350572][ T9] cfg80211_conn_do_work+0x601/0xeb0 [ 69.352744][ T9] ? mark_lock+0x9a/0x360 [ 69.354527][ T9] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 69.356965][ T9] ? __pfx_validate_chain+0x10/0x10 [ 69.359224][ T9] ? cfg80211_conn_work+0x273/0x530 [ 69.361424][ T9] cfg80211_conn_work+0x2c0/0x530 [ 69.363591][ T9] ? __pfx_cfg80211_conn_work+0x10/0x10 [ 69.365684][ T9] ? lockdep_unlock+0x16a/0x300 [ 69.367766][ T9] ? mark_lock+0x2ae/0x360 [ 69.369956][ T9] ? __lock_acquire+0x1397/0x2100 [ 69.372549][ T9] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.374464][ T9] ? __pfx_lock_acquire+0x10/0x10 [ 69.376419][ T9] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 69.379187][ T9] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 69.381553][ T9] ? process_scheduled_works+0x9c6/0x18e0 [ 69.383846][ T9] process_scheduled_works+0xabe/0x18e0 [ 69.386332][ T9] ? __pfx_process_scheduled_works+0x10/0x10 [ 69.389392][ T9] ? assign_work+0x364/0x3d0 [ 69.391448][ T9] worker_thread+0x870/0xd30 [ 69.393468][ T9] ? __kthread_parkme+0x169/0x1d0 [ 69.395253][ T9] ? __pfx_worker_thread+0x10/0x10 [ 69.397589][ T9] kthread+0x7a9/0x920 [ 69.399193][ T9] ? __pfx_kthread+0x10/0x10 [ 69.401056][ T9] ? __pfx_worker_thread+0x10/0x10 [ 69.403785][ T9] ? __pfx_kthread+0x10/0x10 [ 69.405974][ T9] ? __pfx_kthread+0x10/0x10 [ 69.408075][ T9] ? __pfx_kthread+0x10/0x10 [ 69.409966][ T9] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.412224][ T9] ? lockdep_hardirqs_on+0x99/0x150 [ 69.414283][ T9] ? __pfx_kthread+0x10/0x10 [ 69.416147][ T9] ret_from_fork+0x4b/0x80 [ 69.418136][ T9] ? __pfx_kthread+0x10/0x10 [ 69.420428][ T9] ret_from_fork_asm+0x1a/0x30 [ 69.422918][ T9] [ 69.424340][ T9] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 69.427160][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.14.0-rc2-syzkaller-00228-g04f41cbf03ec #0 [ 69.431115][ T9] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.435609][ T9] Workqueue: events cfg80211_conn_work [ 69.438260][ T9] Call Trace: [ 69.439778][ T9] [ 69.441101][ T9] dump_stack_lvl+0x241/0x360 [ 69.442972][ T9] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.445038][ T9] ? __pfx__printk+0x10/0x10 [ 69.447003][ T9] ? _printk+0xd5/0x120 [ 69.449072][ T9] ? __init_begin+0x41000/0x41000 [ 69.451452][ T9] ? vscnprintf+0x5d/0x90 [ 69.453359][ T9] panic+0x349/0x880 [ 69.454862][ T9] ? __warn+0x174/0x4d0 [ 69.456339][ T9] ? __pfx_panic+0x10/0x10 [ 69.458276][ T9] ? ret_from_fork_asm+0x1a/0x30 [ 69.460383][ T9] __warn+0x344/0x4d0 [ 69.462284][ T9] ? ieee80211_prep_channel+0x389b/0x5120 [ 69.464843][ T9] report_bug+0x2b3/0x500 [ 69.466432][ T9] ? ieee80211_prep_channel+0x389b/0x5120 [ 69.468636][ T9] handle_bug+0x60/0x90 [ 69.470316][ T9] exc_invalid_op+0x1a/0x50 [ 69.472178][ T9] asm_exc_invalid_op+0x1a/0x20 [ 69.474454][ T9] RIP: 0010:ieee80211_prep_channel+0x389b/0x5120 [ 69.477438][ T9] Code: c6 05 14 a5 95 04 01 48 c7 c7 77 0f 4b 8d be 78 03 00 00 48 c7 c2 e0 10 4b 8d e8 d0 d0 0b f6 e9 7e ca ff ff e8 56 74 30 f6 90 <0f> 0b 90 48 8b 7c 24 30 e8 48 2e 8c f6 48 c7 44 24 30 ea ff ff ff [ 69.484976][ T9] RSP: 0018:ffffc900001b6c60 EFLAGS: 00010293 [ 69.487533][ T9] RAX: ffffffff8b9143ea RBX: 0000000000000000 RCX: ffff88801cae4880 [ 69.491366][ T9] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 69.495457][ T9] RBP: ffffc900001b6fb0 R08: ffffffff8b911909 R09: ffffffff8b5fe169 [ 69.498975][ T9] R10: 000000000000000e R11: ffff88801cae4880 R12: dffffc0000000000 [ 69.502242][ T9] R13: ffff888043ed6758 R14: ffffc900001b6e70 R15: ffffc900001b6eb0 [ 69.505429][ T9] ? cfg80211_get_end_freq+0x79/0x1d0 [ 69.507747][ T9] ? ieee80211_prep_channel+0xdb9/0x5120 [ 69.510256][ T9] ? ieee80211_prep_channel+0x389a/0x5120 [ 69.512935][ T9] ? ieee80211_prep_channel+0x20a/0x5120 [ 69.515311][ T9] ? mark_lock+0x9a/0x360 [ 69.516929][ T9] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 69.519296][ T9] ? __pfx_lock_release+0x10/0x10 [ 69.521315][ T9] ieee80211_prep_connection+0xda1/0x1310 [ 69.523796][ T9] ieee80211_mgd_auth+0xedb/0x1750 [ 69.526510][ T9] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 69.528991][ T9] ? rcu_is_watching+0x15/0xb0 [ 69.530962][ T9] cfg80211_mlme_auth+0x59f/0x970 [ 69.532968][ T9] cfg80211_conn_do_work+0x601/0xeb0 [ 69.535085][ T9] ? mark_lock+0x9a/0x360 [ 69.536765][ T9] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 69.539259][ T9] ? __pfx_validate_chain+0x10/0x10 [ 69.541894][ T9] ? cfg80211_conn_work+0x273/0x530 [ 69.544407][ T9] cfg80211_conn_work+0x2c0/0x530 [ 69.546495][ T9] ? __pfx_cfg80211_conn_work+0x10/0x10 [ 69.548765][ T9] ? lockdep_unlock+0x16a/0x300 [ 69.550684][ T9] ? mark_lock+0x2ae/0x360 [ 69.552492][ T9] ? __lock_acquire+0x1397/0x2100 [ 69.554666][ T9] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.557139][ T9] ? __pfx_lock_acquire+0x10/0x10 [ 69.559531][ T9] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 69.562200][ T9] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 69.564659][ T9] ? process_scheduled_works+0x9c6/0x18e0 [ 69.566919][ T9] process_scheduled_works+0xabe/0x18e0 [ 69.569169][ T9] ? __pfx_process_scheduled_works+0x10/0x10 [ 69.572197][ T9] ? assign_work+0x364/0x3d0 [ 69.574909][ T9] worker_thread+0x870/0xd30 [ 69.577097][ T9] ? __kthread_parkme+0x169/0x1d0 [ 69.579239][ T9] ? __pfx_worker_thread+0x10/0x10 [ 69.581193][ T9] kthread+0x7a9/0x920 [ 69.582883][ T9] ? __pfx_kthread+0x10/0x10 [ 69.584740][ T9] ? __pfx_worker_thread+0x10/0x10 [ 69.586909][ T9] ? __pfx_kthread+0x10/0x10 [ 69.588805][ T9] ? __pfx_kthread+0x10/0x10 [ 69.590621][ T9] ? __pfx_kthread+0x10/0x10 [ 69.592245][ T9] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.594064][ T9] ? lockdep_hardirqs_on+0x99/0x150 [ 69.596136][ T9] ? __pfx_kthread+0x10/0x10 [ 69.598108][ T9] ret_from_fork+0x4b/0x80 [ 69.599797][ T9] ? __pfx_kthread+0x10/0x10 [ 69.601461][ T9] ret_from_fork_asm+0x1a/0x30 [ 69.603133][ T9] [ 69.604672][ T9] Kernel Offset: disabled [ 69.606688][ T9] Rebooting in 86400 seconds..