program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) r6 = semget(0x0, 0x3, 0x208) semctl$GETZCNT(r6, 0x4, 0xf, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r12 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_REG(r12, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0) r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x28, r13, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r14}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x3c, @void}, 0x1e) [ 75.348879][ T4672] Bluetooth: hci0: command tx timeout [ 75.411067][ T5327] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 75.442739][ T5318] ------------[ cut here ]------------ [ 75.445146][ T5318] WARNING: CPU: 0 PID: 5318 at net/mac80211/mlme.c:1129 ieee80211_prep_channel+0x49d2/0x6130 [ 75.449898][ T5318] Modules linked in: [ 75.452195][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: kworker/0:4 Not tainted syzkaller #0 PREEMPT(full) [ 75.456225][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.461388][ T5318] Workqueue: events cfg80211_conn_work [ 75.463598][ T5318] RIP: 0010:ieee80211_prep_channel+0x49d2/0x6130 [ 75.466149][ T5318] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 c5 f8 4e f7 48 83 3b 00 0f 84 96 04 00 00 e8 16 ab e7 f6 eb 3c e8 0f ab e7 f6 90 <0f> 0b 90 e9 26 01 00 00 e8 01 ab e7 f6 c6 05 0a b5 8e 04 01 48 c7 [ 75.473338][ T5318] RSP: 0018:ffffc9000d4ceb00 EFLAGS: 00010293 [ 75.475804][ T5318] RAX: ffffffff8ad86841 RBX: 0000000000000000 RCX: ffff888000ddc900 [ 75.479366][ T5318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 75.482878][ T5318] RBP: ffffc9000d4ceee0 R08: ffff888000ddc900 R09: 000000000000000e [ 75.486256][ T5318] R10: 000000000000000d R11: 0000000000000000 R12: dffffc0000000000 [ 75.489704][ T5318] R13: 1ffff1100a4aa501 R14: ffffc9000d4cedb0 R15: ffff888052552808 [ 75.492974][ T5318] FS: 0000000000000000(0000) GS:ffff88808d72d000(0000) knlGS:0000000000000000 [ 75.496733][ T5318] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.499725][ T5318] CR2: 00007fc91ebbb558 CR3: 000000000dd38000 CR4: 0000000000352ef0 [ 75.503070][ T5318] Call Trace: [ 75.504485][ T5318] [ 75.505709][ T5318] ? ieee80211_prep_channel+0x20c/0x6130 [ 75.508004][ T5318] ? __pfx_get_page_from_freelist+0x10/0x10 [ 75.510763][ T5318] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 75.513392][ T5318] ? __lruvec_stat_mod_folio+0x6f/0x2e0 [ 75.515635][ T5318] ? ieee80211_prep_connection+0x545/0x13f0 [ 75.518179][ T5318] ieee80211_prep_connection+0xdd9/0x13f0 [ 75.520781][ T5318] ? ieee80211_prep_connection+0x545/0x13f0 [ 75.523324][ T5318] ieee80211_mgd_auth+0xee6/0x1770 [ 75.525558][ T5318] ? __lock_acquire+0xab9/0xd20 [ 75.528000][ T5318] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.530753][ T5318] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 75.533308][ T5318] ? rcu_is_watching+0x15/0xb0 [ 75.535626][ T5318] cfg80211_mlme_auth+0x632/0x9c0 [ 75.538371][ T5318] cfg80211_conn_do_work+0x501/0xd10 [ 75.541419][ T5318] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 75.544041][ T5318] ? __schedule+0x17ae/0x4cc0 [ 75.546107][ T5318] ? cfg80211_conn_work+0x298/0x460 [ 75.548413][ T5318] cfg80211_conn_work+0x2c0/0x460 [ 75.550821][ T5318] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 75.554541][ T5318] ? __pfx_cfg80211_conn_work+0x10/0x10 [ 75.557205][ T5318] ? stack_trace_save+0x9c/0xe0 [ 75.559520][ T5318] ? __pfx_stack_trace_save+0x10/0x10 [ 75.562105][ T5318] ? check_path+0x21/0x40 [ 75.564050][ T5318] ? lockdep_unlock+0x89/0x120 [ 75.566165][ T5318] ? validate_chain+0x897/0x2140 [ 75.568369][ T5318] ? __lock_acquire+0xab9/0xd20 [ 75.570597][ T5318] ? process_scheduled_works+0x9ef/0x17b0 [ 75.573104][ T5318] ? _raw_spin_unlock_irq+0x23/0x50 [ 75.575395][ T5318] ? process_scheduled_works+0x9ef/0x17b0 [ 75.578170][ T5318] ? process_scheduled_works+0x9ef/0x17b0 [ 75.581510][ T5318] process_scheduled_works+0xae1/0x17b0 [ 75.583871][ T5318] ? __pfx_process_scheduled_works+0x10/0x10 [ 75.586586][ T5318] worker_thread+0x8a0/0xda0 [ 75.588878][ T5318] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 75.591659][ T5318] ? __kthread_parkme+0x7b/0x200 [ 75.593812][ T5318] kthread+0x711/0x8a0 [ 75.595645][ T5318] ? __pfx_worker_thread+0x10/0x10 [ 75.597840][ T5318] ? __pfx_kthread+0x10/0x10 [ 75.599663][ T5318] ? _raw_spin_unlock_irq+0x23/0x50 [ 75.601691][ T5318] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.603796][ T5318] ? __pfx_kthread+0x10/0x10 [ 75.605807][ T5318] ret_from_fork+0x4bc/0x870 [ 75.607871][ T5318] ? __pfx_ret_from_fork+0x10/0x10 [ 75.610149][ T5318] ? __pfx_kthread+0x10/0x10 [ 75.612154][ T5318] ret_from_fork_asm+0x1a/0x30 [ 75.614184][ T5318] [ 75.615544][ T5318] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.618518][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: kworker/0:4 Not tainted syzkaller #0 PREEMPT(full) [ 75.622458][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.626917][ T5318] Workqueue: events cfg80211_conn_work [ 75.629482][ T5318] Call Trace: [ 75.630954][ T5318] [ 75.632236][ T5318] dump_stack_lvl+0x99/0x250 [ 75.634305][ T5318] ? __asan_memcpy+0x40/0x70 [ 75.636350][ T5318] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.638568][ T5318] ? __pfx__printk+0x10/0x10 [ 75.640417][ T5318] vpanic+0x237/0x6d0 [ 75.642147][ T5318] ? __pfx_vpanic+0x10/0x10 [ 75.644065][ T5318] panic+0xb9/0xc0 [ 75.645465][ T5318] ? __pfx_panic+0x10/0x10 [ 75.647336][ T5318] __warn+0x31b/0x4b0 [ 75.649029][ T5318] ? ieee80211_prep_channel+0x49d2/0x6130 [ 75.651398][ T5318] ? ieee80211_prep_channel+0x49d2/0x6130 [ 75.653894][ T5318] report_bug+0x2be/0x4f0 [ 75.655793][ T5318] ? ieee80211_prep_channel+0x49d2/0x6130 [ 75.658090][ T5318] ? ieee80211_prep_channel+0x49d2/0x6130 [ 75.660382][ T5318] ? ieee80211_prep_channel+0x49d4/0x6130 [ 75.662728][ T5318] handle_bug+0x84/0x160 [ 75.664336][ T5318] exc_invalid_op+0x1a/0x50 [ 75.666172][ T5318] asm_exc_invalid_op+0x1a/0x20 [ 75.668053][ T5318] RIP: 0010:ieee80211_prep_channel+0x49d2/0x6130 [ 75.670592][ T5318] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 c5 f8 4e f7 48 83 3b 00 0f 84 96 04 00 00 e8 16 ab e7 f6 eb 3c e8 0f ab e7 f6 90 <0f> 0b 90 e9 26 01 00 00 e8 01 ab e7 f6 c6 05 0a b5 8e 04 01 48 c7 [ 75.678546][ T5318] RSP: 0018:ffffc9000d4ceb00 EFLAGS: 00010293 [ 75.681219][ T5318] RAX: ffffffff8ad86841 RBX: 0000000000000000 RCX: ffff888000ddc900 [ 75.684597][ T5318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 75.688137][ T5318] RBP: ffffc9000d4ceee0 R08: ffff888000ddc900 R09: 000000000000000e [ 75.691471][ T5318] R10: 000000000000000d R11: 0000000000000000 R12: dffffc0000000000 [ 75.695003][ T5318] R13: 1ffff1100a4aa501 R14: ffffc9000d4cedb0 R15: ffff888052552808 [ 75.698802][ T5318] ? ieee80211_prep_channel+0x49d1/0x6130 [ 75.700955][ T5318] ? ieee80211_prep_channel+0x20c/0x6130 [ 75.703107][ T5318] ? __pfx_get_page_from_freelist+0x10/0x10 [ 75.706230][ T5318] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 75.709290][ T5318] ? __lruvec_stat_mod_folio+0x6f/0x2e0 [ 75.711666][ T5318] ? ieee80211_prep_connection+0x545/0x13f0 [ 75.713974][ T5318] ieee80211_prep_connection+0xdd9/0x13f0 [ 75.716276][ T5318] ? ieee80211_prep_connection+0x545/0x13f0 [ 75.718767][ T5318] ieee80211_mgd_auth+0xee6/0x1770 [ 75.720996][ T5318] ? __lock_acquire+0xab9/0xd20 [ 75.722930][ T5318] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.725155][ T5318] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 75.727513][ T5318] ? rcu_is_watching+0x15/0xb0 [ 75.729558][ T5318] cfg80211_mlme_auth+0x632/0x9c0 [ 75.731762][ T5318] cfg80211_conn_do_work+0x501/0xd10 [ 75.733914][ T5318] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 75.736545][ T5318] ? __schedule+0x17ae/0x4cc0 [ 75.738375][ T5318] ? cfg80211_conn_work+0x298/0x460 [ 75.740655][ T5318] cfg80211_conn_work+0x2c0/0x460 [ 75.742599][ T5318] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 75.745137][ T5318] ? __pfx_cfg80211_conn_work+0x10/0x10 [ 75.747364][ T5318] ? stack_trace_save+0x9c/0xe0 [ 75.749293][ T5318] ? __pfx_stack_trace_save+0x10/0x10 [ 75.751602][ T5318] ? check_path+0x21/0x40 [ 75.753241][ T5318] ? lockdep_unlock+0x89/0x120 [ 75.755050][ T5318] ? validate_chain+0x897/0x2140 [ 75.757084][ T5318] ? __lock_acquire+0xab9/0xd20 [ 75.759001][ T5318] ? process_scheduled_works+0x9ef/0x17b0 [ 75.761343][ T5318] ? _raw_spin_unlock_irq+0x23/0x50 [ 75.763545][ T5318] ? process_scheduled_works+0x9ef/0x17b0 [ 75.765914][ T5318] ? process_scheduled_works+0x9ef/0x17b0 [ 75.768394][ T5318] process_scheduled_works+0xae1/0x17b0 [ 75.770760][ T5318] ? __pfx_process_scheduled_works+0x10/0x10 [ 75.773185][ T5318] worker_thread+0x8a0/0xda0 [ 75.775141][ T5318] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 75.777842][ T5318] ? __kthread_parkme+0x7b/0x200 [ 75.779956][ T5318] kthread+0x711/0x8a0 [ 75.781656][ T5318] ? __pfx_worker_thread+0x10/0x10 [ 75.783828][ T5318] ? __pfx_kthread+0x10/0x10 [ 75.785791][ T5318] ? _raw_spin_unlock_irq+0x23/0x50 [ 75.787987][ T5318] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.790021][ T5318] ? __pfx_kthread+0x10/0x10 [ 75.791908][ T5318] ret_from_fork+0x4bc/0x870 [ 75.793807][ T5318] ? __pfx_ret_from_fork+0x10/0x10 [ 75.795906][ T5318] ? __pfx_kthread+0x10/0x10 [ 75.797827][ T5318] ret_from_fork_asm+0x1a/0x30 [ 75.799870][ T5318] [ 75.801438][ T5318] Kernel Offset: disabled [ 75.802998][ T5318] Rebooting in 86400 seconds..