program: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r1, 0x4000000000, {0x1, 0xff, 0x1}}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1, 0x0, {0x2}, 0xff}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)='dat', 0x3}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00'}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f0000000040)=@device_b, &(0x7f0000000280)=ANY=[@ANYBLOB="50000000080211000001ffffffffffff0802110000000000000000000000000064000100000602020202020201010b"], 0x48) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f00000021c0)=ANY=[@ANYBLOB="b00000000802110000010802110000000802110000001000000002"], 0x1e) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_REG(r9, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000080211000001080211000000080211000000200004a000000c0001"], 0x3c) [ 75.708449][ T5309] Bluetooth: hci0: command tx timeout [ 75.773912][ T5330] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 75.789125][ T5330] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 75.798693][ T5330] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 75.809286][ T5328] wlan1: No basic rates, using min rate instead [ 75.812377][ T5328] ------------[ cut here ]------------ [ 75.814742][ T5328] WARNING: CPU: 0 PID: 5328 at net/mac80211/mlme.c:1129 ieee80211_prep_channel+0x49d2/0x6130 [ 75.819105][ T5328] Modules linked in: [ 75.820884][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) [ 75.824998][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.829917][ T5328] Workqueue: events cfg80211_conn_work [ 75.832467][ T5328] RIP: 0010:ieee80211_prep_channel+0x49d2/0x6130 [ 75.835372][ T5328] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 35 57 53 f7 48 83 3b 00 0f 84 96 04 00 00 e8 66 30 ec f6 eb 3c e8 5f 30 ec f6 90 <0f> 0b 90 e9 26 01 00 00 e8 51 30 ec f6 c6 05 c1 f8 73 04 01 48 c7 [ 75.843685][ T5328] RSP: 0018:ffffc9000d3ceb20 EFLAGS: 00010293 [ 75.846300][ T5328] RAX: ffffffff8ad23e81 RBX: 0000000000000000 RCX: ffff88801f4b0000 [ 75.849776][ T5328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 75.853154][ T5328] RBP: ffffc9000d3cef00 R08: ffff88801f4b0000 R09: 000000000000000e [ 75.856599][ T5328] R10: 000000000000000d R11: 0000000000000000 R12: dffffc0000000000 [ 75.859680][ T5328] R13: 1ffff1100a470501 R14: ffffc9000d3cedd0 R15: ffff888052382808 [ 75.862836][ T5328] FS: 0000000000000000(0000) GS:ffff88808d96d000(0000) knlGS:0000000000000000 [ 75.866446][ T5328] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.869014][ T5328] CR2: 00002000000021c0 CR3: 0000000042c8c000 CR4: 0000000000352ef0 [ 75.871712][ T5328] Call Trace: [ 75.873086][ T5328] [ 75.874330][ T5328] ? ieee80211_prep_channel+0x20c/0x6130 [ 75.876441][ T5328] ? __pfx_console_unlock+0x10/0x10 [ 75.878611][ T5328] ? __wake_up_klogd+0xd9/0x110 [ 75.880714][ T5328] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 75.882976][ T5328] ? __lruvec_stat_mod_folio+0x6f/0x2e0 [ 75.885247][ T5328] ? ieee80211_prep_connection+0x545/0x13f0 [ 75.887636][ T5328] ieee80211_prep_connection+0xdd9/0x13f0 [ 75.890028][ T5328] ? ieee80211_prep_connection+0x545/0x13f0 [ 75.892609][ T5328] ieee80211_mgd_auth+0xee6/0x1770 [ 75.894815][ T5328] ? __lock_acquire+0xab9/0xd20 [ 75.896996][ T5328] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.898787][ T5328] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 75.900571][ T5328] ? rcu_is_watching+0x15/0xb0 [ 75.902099][ T5328] cfg80211_mlme_auth+0x62f/0x9c0 [ 75.903793][ T5328] cfg80211_conn_do_work+0x501/0xd10 [ 75.906008][ T5328] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 75.908633][ T5328] ? lockdep_unlock+0x89/0x120 [ 75.910700][ T5328] ? validate_chain+0x897/0x2140 [ 75.912808][ T5328] ? cfg80211_conn_work+0x298/0x460 [ 75.914933][ T5328] cfg80211_conn_work+0x2c0/0x460 [ 75.917260][ T5328] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 75.919886][ T5328] ? __pfx_cfg80211_conn_work+0x10/0x10 [ 75.922389][ T5328] ? stack_trace_save+0x9c/0xe0 [ 75.924066][ T5328] ? __pfx_stack_trace_save+0x10/0x10 [ 75.926294][ T5328] ? check_path+0x21/0x40 [ 75.928206][ T5328] ? lockdep_unlock+0x89/0x120 [ 75.930173][ T5328] ? validate_chain+0x897/0x2140 [ 75.932088][ T5328] ? __lock_acquire+0xab9/0xd20 [ 75.933845][ T5328] ? process_scheduled_works+0x9ef/0x17b0 [ 75.936065][ T5328] ? _raw_spin_unlock_irq+0x23/0x50 [ 75.938597][ T5328] ? process_scheduled_works+0x9ef/0x17b0 [ 75.941166][ T5328] ? process_scheduled_works+0x9ef/0x17b0 [ 75.943708][ T5328] process_scheduled_works+0xade/0x17b0 [ 75.946128][ T5328] ? __pfx_process_scheduled_works+0x10/0x10 [ 75.948913][ T5328] worker_thread+0x8a0/0xda0 [ 75.951039][ T5328] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 75.953581][ T5328] ? __kthread_parkme+0x7b/0x200 [ 75.955690][ T5328] kthread+0x70e/0x8a0 [ 75.957546][ T5328] ? __pfx_worker_thread+0x10/0x10 [ 75.959760][ T5328] ? __pfx_kthread+0x10/0x10 [ 75.961724][ T5328] ? _raw_spin_unlock_irq+0x23/0x50 [ 75.963759][ T5328] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.966235][ T5328] ? __pfx_kthread+0x10/0x10 [ 75.968349][ T5328] ret_from_fork+0x439/0x7d0 [ 75.970407][ T5328] ? __pfx_ret_from_fork+0x10/0x10 [ 75.972619][ T5328] ? __pfx_kthread+0x10/0x10 [ 75.974365][ T5328] ret_from_fork_asm+0x1a/0x30 [ 75.976179][ T5328] [ 75.977527][ T5328] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.980521][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) [ 75.984647][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.989222][ T5328] Workqueue: events cfg80211_conn_work [ 75.991599][ T5328] Call Trace: [ 75.993022][ T5328] [ 75.994288][ T5328] dump_stack_lvl+0x99/0x250 [ 75.996331][ T5328] ? __asan_memcpy+0x40/0x70 [ 75.998223][ T5328] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.000377][ T5328] ? __pfx__printk+0x10/0x10 [ 76.002197][ T5328] vpanic+0x237/0x6d0 [ 76.003829][ T5328] ? __pfx_vpanic+0x10/0x10 [ 76.005690][ T5328] panic+0xb9/0xc0 [ 76.007236][ T5328] ? __pfx_panic+0x10/0x10 [ 76.009183][ T5328] __warn+0x31b/0x4b0 [ 76.010811][ T5328] ? ieee80211_prep_channel+0x49d2/0x6130 [ 76.013132][ T5328] ? ieee80211_prep_channel+0x49d2/0x6130 [ 76.015510][ T5328] report_bug+0x2be/0x4f0 [ 76.017431][ T5328] ? ieee80211_prep_channel+0x49d2/0x6130 [ 76.019737][ T5328] ? ieee80211_prep_channel+0x49d2/0x6130 [ 76.022162][ T5328] ? ieee80211_prep_channel+0x49d4/0x6130 [ 76.024520][ T5328] handle_bug+0x84/0x160 [ 76.026294][ T5328] exc_invalid_op+0x1a/0x50 [ 76.028170][ T5328] asm_exc_invalid_op+0x1a/0x20 [ 76.030469][ T5328] RIP: 0010:ieee80211_prep_channel+0x49d2/0x6130 [ 76.033307][ T5328] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 35 57 53 f7 48 83 3b 00 0f 84 96 04 00 00 e8 66 30 ec f6 eb 3c e8 5f 30 ec f6 90 <0f> 0b 90 e9 26 01 00 00 e8 51 30 ec f6 c6 05 c1 f8 73 04 01 48 c7 [ 76.041413][ T5328] RSP: 0018:ffffc9000d3ceb20 EFLAGS: 00010293 [ 76.043985][ T5328] RAX: ffffffff8ad23e81 RBX: 0000000000000000 RCX: ffff88801f4b0000 [ 76.047033][ T5328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 76.050205][ T5328] RBP: ffffc9000d3cef00 R08: ffff88801f4b0000 R09: 000000000000000e [ 76.053492][ T5328] R10: 000000000000000d R11: 0000000000000000 R12: dffffc0000000000 [ 76.056842][ T5328] R13: 1ffff1100a470501 R14: ffffc9000d3cedd0 R15: ffff888052382808 [ 76.060014][ T5328] ? ieee80211_prep_channel+0x49d1/0x6130 [ 76.062521][ T5328] ? ieee80211_prep_channel+0x20c/0x6130 [ 76.065003][ T5328] ? __pfx_console_unlock+0x10/0x10 [ 76.067296][ T5328] ? __wake_up_klogd+0xd9/0x110 [ 76.069418][ T5328] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 76.071968][ T5328] ? __lruvec_stat_mod_folio+0x6f/0x2e0 [ 76.074353][ T5328] ? ieee80211_prep_connection+0x545/0x13f0 [ 76.076833][ T5328] ieee80211_prep_connection+0xdd9/0x13f0 [ 76.079357][ T5328] ? ieee80211_prep_connection+0x545/0x13f0 [ 76.081758][ T5328] ieee80211_mgd_auth+0xee6/0x1770 [ 76.083912][ T5328] ? __lock_acquire+0xab9/0xd20 [ 76.086045][ T5328] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.088357][ T5328] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 76.090872][ T5328] ? rcu_is_watching+0x15/0xb0 [ 76.093139][ T5328] cfg80211_mlme_auth+0x62f/0x9c0 [ 76.095532][ T5328] cfg80211_conn_do_work+0x501/0xd10 [ 76.097943][ T5328] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 76.100327][ T5328] ? lockdep_unlock+0x89/0x120 [ 76.102544][ T5328] ? validate_chain+0x897/0x2140 [ 76.104866][ T5328] ? cfg80211_conn_work+0x298/0x460 [ 76.107208][ T5328] cfg80211_conn_work+0x2c0/0x460 [ 76.109496][ T5328] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 76.112291][ T5328] ? __pfx_cfg80211_conn_work+0x10/0x10 [ 76.114789][ T5328] ? stack_trace_save+0x9c/0xe0 [ 76.116972][ T5328] ? __pfx_stack_trace_save+0x10/0x10 [ 76.119273][ T5328] ? check_path+0x21/0x40 [ 76.121328][ T5328] ? lockdep_unlock+0x89/0x120 [ 76.123458][ T5328] ? validate_chain+0x897/0x2140 [ 76.125566][ T5328] ? __lock_acquire+0xab9/0xd20 [ 76.127628][ T5328] ? process_scheduled_works+0x9ef/0x17b0 [ 76.129919][ T5328] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.132091][ T5328] ? process_scheduled_works+0x9ef/0x17b0 [ 76.134430][ T5328] ? process_scheduled_works+0x9ef/0x17b0 [ 76.136816][ T5328] process_scheduled_works+0xade/0x17b0 [ 76.139042][ T5328] ? __pfx_process_scheduled_works+0x10/0x10 [ 76.141841][ T5328] worker_thread+0x8a0/0xda0 [ 76.143904][ T5328] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 76.146635][ T5328] ? __kthread_parkme+0x7b/0x200 [ 76.148820][ T5328] kthread+0x70e/0x8a0 [ 76.150588][ T5328] ? __pfx_worker_thread+0x10/0x10 [ 76.152938][ T5328] ? __pfx_kthread+0x10/0x10 [ 76.154960][ T5328] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.157186][ T5328] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.159306][ T5328] ? __pfx_kthread+0x10/0x10 [ 76.161283][ T5328] ret_from_fork+0x439/0x7d0 [ 76.163197][ T5328] ? __pfx_ret_from_fork+0x10/0x10 [ 76.165343][ T5328] ? __pfx_kthread+0x10/0x10 [ 76.167274][ T5328] ret_from_fork_asm+0x1a/0x30 [ 76.169344][ T5328] [ 76.170950][ T5328] Kernel Offset: disabled [ 76.172869][ T5328] Rebooting in 86400 seconds..