program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="000000047fe90001"], 0x24}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0x1f}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x60}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r10, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r11, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r10, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r11, @ANYBLOB="0500000000000000000021"], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="5000000008021100000108021100000008021100000000000000000000000000010001000006020202020202010182"], 0x54) r13 = socket$nl_generic(0x10, 0x3, 0x10) r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r13, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r13, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r14, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r15}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r13, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x28, r14, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r15}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$NL80211_CMD_TDLS_OPER(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x30, r8, 0xfd39e943ccf1163b, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000010}, 0x50) r16 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r16, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x40, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x5}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="50000000080211000001080200800000000000000000000000000000000000576341c52d496703605c55c50ad27f00"], 0x2f) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) [ 68.880061][ T4660] Bluetooth: hci0: command tx timeout [ 68.917291][ T5314] netlink: 8 bytes leftover after parsing attributes in process `syz.0.0'. [ 68.951261][ T5314] netlink: 4 bytes leftover after parsing attributes in process `syz.0.0'. [ 68.962305][ T5314] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 68.982394][ T5314] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 68.985677][ T5314] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 68.996479][ T5314] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 69.053307][ T1041] wlan1: authenticated [ 69.054884][ T1041] ------------[ cut here ]------------ [ 69.056814][ T1041] wlan1: STA 08:02:11:00:00:00 not found [ 69.057221][ T1041] WARNING: CPU: 0 PID: 1041 at net/mac80211/mlme.c:4713 ieee80211_mark_sta_auth+0x36a/0x400 [ 69.063608][ T1041] Modules linked in: [ 69.065289][ T1041] CPU: 0 UID: 0 PID: 1041 Comm: kworker/u4:8 Not tainted 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) [ 69.069942][ T1041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.073992][ T1041] Workqueue: events_unbound cfg80211_wiphy_work [ 69.076382][ T1041] RIP: 0010:ieee80211_mark_sta_auth+0x36a/0x400 [ 69.078807][ T1041] Code: f6 90 0f 0b 90 e9 8b fd ff ff e8 61 39 db f6 c6 05 7c 53 84 04 01 90 48 c7 c7 a0 f3 8c 8c 4c 89 fe 48 89 ea e8 27 97 9f f6 90 <0f> 0b 90 90 eb 8f 48 c7 c1 50 f8 7e 8f 80 e1 07 80 c1 03 38 c1 0f [ 69.086543][ T1041] RSP: 0018:ffffc90002697500 EFLAGS: 00010246 [ 69.089141][ T1041] RAX: e1ad9920223dc800 RBX: 00000000ffffa530 RCX: 0000000000100000 [ 69.093580][ T1041] RDX: ffffc90023007000 RSI: 0000000000000a1f RDI: 0000000000000a20 [ 69.097576][ T1041] RBP: ffff888042f3cb40 R08: ffff88801fe23e93 R09: 1ffff11003fc47d2 [ 69.101682][ T1041] R10: dffffc0000000000 R11: ffffed1003fc47d3 R12: 00000000ffffa721 [ 69.105516][ T1041] R13: ffff888043039b38 R14: ffff888043038d80 R15: ffff888043039738 [ 69.109026][ T1041] FS: 0000000000000000(0000) GS:ffff88808d6cc000(0000) knlGS:0000000000000000 [ 69.113325][ T1041] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.115899][ T1041] CR2: 00007fa99bf83170 CR3: 0000000042dfe000 CR4: 0000000000352ef0 [ 69.118888][ T1041] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.122171][ T1041] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.125124][ T1041] Call Trace: [ 69.126435][ T1041] [ 69.127600][ T1041] ieee80211_sta_rx_queued_mgmt+0x2205/0x4420 [ 69.129899][ T1041] ? unwind_next_frame+0xa5/0x2390 [ 69.131914][ T1041] ? __pfx_ieee80211_sta_rx_queued_mgmt+0x10/0x10 [ 69.134365][ T1041] ? unwind_next_frame+0xa5/0x2390 [ 69.136405][ T1041] ? rcu_is_watching+0x15/0xb0 [ 69.138267][ T1041] ? do_raw_spin_unlock+0x4d/0x240 [ 69.140491][ T1041] ? __lock_acquire+0xaac/0xd20 [ 69.142488][ T1041] ? __lock_acquire+0xaac/0xd20 [ 69.144444][ T1041] ? __lock_acquire+0xaac/0xd20 [ 69.146447][ T1041] ? kcov_remote_start+0x4d3/0x7f0 [ 69.148498][ T1041] ieee80211_iface_work+0x6c9/0xfe0 [ 69.150708][ T1041] cfg80211_wiphy_work+0x2dc/0x460 [ 69.152648][ T1041] ? process_scheduled_works+0x9ec/0x17a0 [ 69.154733][ T1041] process_scheduled_works+0xadb/0x17a0 [ 69.156839][ T1041] ? __pfx_process_scheduled_works+0x10/0x10 [ 69.159105][ T1041] worker_thread+0x8a0/0xda0 [ 69.161026][ T1041] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 69.163370][ T1041] ? __kthread_parkme+0x7b/0x200 [ 69.165214][ T1041] kthread+0x70e/0x8a0 [ 69.166899][ T1041] ? __pfx_worker_thread+0x10/0x10 [ 69.168882][ T1041] ? __pfx_kthread+0x10/0x10 [ 69.170819][ T1041] ? __pfx_kthread+0x10/0x10 [ 69.172606][ T1041] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.174564][ T1041] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.176541][ T1041] ? __pfx_kthread+0x10/0x10 [ 69.178336][ T1041] ret_from_fork+0x4b/0x80 [ 69.180214][ T1041] ? __pfx_kthread+0x10/0x10 [ 69.182000][ T1041] ret_from_fork_asm+0x1a/0x30 [ 69.183897][ T1041] [ 69.184930][ T1041] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 69.187567][ T1041] CPU: 0 UID: 0 PID: 1041 Comm: kworker/u4:8 Not tainted 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) [ 69.192062][ T1041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.196075][ T1041] Workqueue: events_unbound cfg80211_wiphy_work [ 69.198442][ T1041] Call Trace: [ 69.199795][ T1041] [ 69.200941][ T1041] dump_stack_lvl+0x99/0x250 [ 69.202786][ T1041] ? __asan_memcpy+0x40/0x70 [ 69.204665][ T1041] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.206718][ T1041] ? __pfx__printk+0x10/0x10 [ 69.208535][ T1041] panic+0x2db/0x790 [ 69.210189][ T1041] ? __pfx_panic+0x10/0x10 [ 69.211949][ T1041] ? show_trace_log_lvl+0x4fb/0x550 [ 69.214000][ T1041] ? ret_from_fork_asm+0x1a/0x30 [ 69.215922][ T1041] __warn+0x31b/0x4b0 [ 69.217507][ T1041] ? ieee80211_mark_sta_auth+0x36a/0x400 [ 69.219658][ T1041] ? ieee80211_mark_sta_auth+0x36a/0x400 [ 69.221846][ T1041] report_bug+0x2be/0x4f0 [ 69.223530][ T1041] ? ieee80211_mark_sta_auth+0x36a/0x400 [ 69.225625][ T1041] ? ieee80211_mark_sta_auth+0x36a/0x400 [ 69.227842][ T1041] ? ieee80211_mark_sta_auth+0x36c/0x400 [ 69.229872][ T1041] handle_bug+0x84/0x160 [ 69.231403][ T1041] exc_invalid_op+0x1a/0x50 [ 69.233165][ T1041] asm_exc_invalid_op+0x1a/0x20 [ 69.235142][ T1041] RIP: 0010:ieee80211_mark_sta_auth+0x36a/0x400 [ 69.238114][ T1041] Code: f6 90 0f 0b 90 e9 8b fd ff ff e8 61 39 db f6 c6 05 7c 53 84 04 01 90 48 c7 c7 a0 f3 8c 8c 4c 89 fe 48 89 ea e8 27 97 9f f6 90 <0f> 0b 90 90 eb 8f 48 c7 c1 50 f8 7e 8f 80 e1 07 80 c1 03 38 c1 0f [ 69.246670][ T1041] RSP: 0018:ffffc90002697500 EFLAGS: 00010246 [ 69.249120][ T1041] RAX: e1ad9920223dc800 RBX: 00000000ffffa530 RCX: 0000000000100000 [ 69.252443][ T1041] RDX: ffffc90023007000 RSI: 0000000000000a1f RDI: 0000000000000a20 [ 69.255526][ T1041] RBP: ffff888042f3cb40 R08: ffff88801fe23e93 R09: 1ffff11003fc47d2 [ 69.258514][ T1041] R10: dffffc0000000000 R11: ffffed1003fc47d3 R12: 00000000ffffa721 [ 69.261935][ T1041] R13: ffff888043039b38 R14: ffff888043038d80 R15: ffff888043039738 [ 69.265229][ T1041] ieee80211_sta_rx_queued_mgmt+0x2205/0x4420 [ 69.267858][ T1041] ? unwind_next_frame+0xa5/0x2390 [ 69.269922][ T1041] ? __pfx_ieee80211_sta_rx_queued_mgmt+0x10/0x10 [ 69.272474][ T1041] ? unwind_next_frame+0xa5/0x2390 [ 69.274523][ T1041] ? rcu_is_watching+0x15/0xb0 [ 69.276284][ T1041] ? do_raw_spin_unlock+0x4d/0x240 [ 69.278344][ T1041] ? __lock_acquire+0xaac/0xd20 [ 69.280303][ T1041] ? __lock_acquire+0xaac/0xd20 [ 69.282179][ T1041] ? __lock_acquire+0xaac/0xd20 [ 69.284080][ T1041] ? kcov_remote_start+0x4d3/0x7f0 [ 69.286063][ T1041] ieee80211_iface_work+0x6c9/0xfe0 [ 69.287980][ T1041] cfg80211_wiphy_work+0x2dc/0x460 [ 69.290024][ T1041] ? process_scheduled_works+0x9ec/0x17a0 [ 69.292325][ T1041] process_scheduled_works+0xadb/0x17a0 [ 69.294440][ T1041] ? __pfx_process_scheduled_works+0x10/0x10 [ 69.296822][ T1041] worker_thread+0x8a0/0xda0 [ 69.298702][ T1041] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 69.301108][ T1041] ? __kthread_parkme+0x7b/0x200 [ 69.303075][ T1041] kthread+0x70e/0x8a0 [ 69.304711][ T1041] ? __pfx_worker_thread+0x10/0x10 [ 69.306810][ T1041] ? __pfx_kthread+0x10/0x10 [ 69.308639][ T1041] ? __pfx_kthread+0x10/0x10 [ 69.310398][ T1041] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.312426][ T1041] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.314443][ T1041] ? __pfx_kthread+0x10/0x10 [ 69.316206][ T1041] ret_from_fork+0x4b/0x80 [ 69.317823][ T1041] ? __pfx_kthread+0x10/0x10 [ 69.319589][ T1041] ret_from_fork_asm+0x1a/0x30 [ 69.321340][ T1041] [ 69.322721][ T1041] Kernel Offset: disabled [ 69.324351][ T1041] Rebooting in 86400 seconds..