program: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_STATION(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x34, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0xfffffff9, 0xfffffffe}}]}, 0x34}}, 0x0) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "0f03c8c7e8da000000000000ffffff017f000000cce67e1d0000e565aa9a9d32c7627ffe7a54cdbd77b3000000000000000000060000000000000000deff00", 0x1b}, 0x60) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r0, 0x118, 0x1, 0x0, 0x0) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_REG(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r11, @ANYBLOB="629f2b41b3011b2f2af020de814da8c8f25873952984c70221bd099f38d6543f508c8b7efd5c5d017fd0dea3aa5c9bafbbeda702d15f11ac5389c7266c00f2df2127c58f74018000005545b8403a81931e00"/91], 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r11, @ANYBLOB='\n\x004'], 0x30}}, 0x0) [ 70.996181][ T5309] Bluetooth: hci0: command tx timeout [ 71.087021][ T5324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 71.113084][ T5324] netlink: 8 bytes leftover after parsing attributes in process `syz.0.0'. [ 71.120759][ T8] ------------[ cut here ]------------ [ 71.123427][ T8] WARNING: CPU: 0 PID: 8 at net/mac80211/mlme.c:1012 ieee80211_prep_channel+0x389b/0x5120 [ 71.128465][ T8] Modules linked in: [ 71.130105][ T8] CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.14.0-rc4-syzkaller #0 [ 71.133617][ T8] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.138027][ T8] Workqueue: events cfg80211_conn_work [ 71.140172][ T8] RIP: 0010:ieee80211_prep_channel+0x389b/0x5120 [ 71.143039][ T8] Code: c6 05 a7 80 95 04 01 48 c7 c7 17 18 4b 8d be 78 03 00 00 48 c7 c2 80 19 4b 8d e8 d0 9f 0b f6 e9 7e ca ff ff e8 a6 45 30 f6 90 <0f> 0b 90 48 8b 7c 24 30 e8 18 fc 8b f6 48 c7 44 24 30 ea ff ff ff [ 71.150622][ T8] RSP: 0018:ffffc900001a6c60 EFLAGS: 00010293 [ 71.153807][ T8] RAX: ffffffff8b91785a RBX: 0000000000000000 RCX: ffff88801cad2440 [ 71.156785][ T8] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 71.159506][ T8] RBP: ffffc900001a6fb0 R08: ffffffff8b914d79 R09: ffffffff8b6015d9 [ 71.162834][ T8] R10: 000000000000000e R11: ffff88801cad2440 R12: dffffc0000000000 [ 71.166493][ T8] R13: ffff88804407e758 R14: ffffc900001a6e70 R15: ffffc900001a6eb0 [ 71.169460][ T8] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 71.174109][ T8] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.177907][ T8] CR2: 00007fc34737c170 CR3: 000000000e938000 CR4: 0000000000352ef0 [ 71.181507][ T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.184785][ T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.188322][ T8] Call Trace: [ 71.190039][ T8] [ 71.191658][ T8] ? __warn+0x165/0x4d0 [ 71.193910][ T8] ? ieee80211_prep_channel+0x389b/0x5120 [ 71.196687][ T8] ? report_bug+0x2b3/0x500 [ 71.198608][ T8] ? ieee80211_prep_channel+0x389b/0x5120 [ 71.201006][ T8] ? handle_bug+0x60/0x90 [ 71.202848][ T8] ? exc_invalid_op+0x1a/0x50 [ 71.204658][ T8] ? asm_exc_invalid_op+0x1a/0x20 [ 71.207019][ T8] ? cfg80211_get_end_freq+0x79/0x1d0 [ 71.209383][ T8] ? ieee80211_prep_channel+0xdb9/0x5120 [ 71.212004][ T8] ? ieee80211_prep_channel+0x389a/0x5120 [ 71.214216][ T8] ? ieee80211_prep_channel+0x389b/0x5120 [ 71.216530][ T8] ? ieee80211_prep_channel+0x20a/0x5120 [ 71.218794][ T8] ? mark_lock+0x9a/0x360 [ 71.220872][ T8] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 71.223899][ T8] ? __pfx_lock_release+0x10/0x10 [ 71.226231][ T8] ieee80211_prep_connection+0xda1/0x1310 [ 71.228374][ T8] ieee80211_mgd_auth+0xedb/0x1750 [ 71.230413][ T8] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 71.232533][ T8] ? rcu_is_watching+0x15/0xb0 [ 71.234395][ T8] cfg80211_mlme_auth+0x59f/0x970 [ 71.236607][ T8] cfg80211_conn_do_work+0x601/0xeb0 [ 71.239152][ T8] ? mark_lock+0x9a/0x360 [ 71.241421][ T8] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 71.243920][ T8] ? __pfx_validate_chain+0x10/0x10 [ 71.246331][ T8] ? cfg80211_conn_work+0x273/0x530 [ 71.248390][ T8] cfg80211_conn_work+0x2c0/0x530 [ 71.250438][ T8] ? __pfx_cfg80211_conn_work+0x10/0x10 [ 71.252739][ T8] ? lockdep_unlock+0x16a/0x300 [ 71.254699][ T8] ? mark_lock+0x2ae/0x360 [ 71.256549][ T8] ? __lock_acquire+0x1397/0x2100 [ 71.258678][ T8] ? do_raw_spin_unlock+0x58/0x8b0 [ 71.261140][ T8] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 71.264741][ T8] ? __pfx_lock_acquire+0x10/0x10 [ 71.267484][ T8] ? lockdep_hardirqs_on+0x99/0x150 [ 71.269518][ T8] ? process_scheduled_works+0x9c6/0x18e0 [ 71.271821][ T8] process_scheduled_works+0xabe/0x18e0 [ 71.274099][ T8] ? __pfx_process_scheduled_works+0x10/0x10 [ 71.276862][ T8] ? assign_work+0x364/0x3d0 [ 71.278774][ T8] worker_thread+0x870/0xd30 [ 71.280669][ T8] ? __kthread_parkme+0x169/0x1d0 [ 71.282912][ T8] ? __pfx_worker_thread+0x10/0x10 [ 71.285041][ T8] kthread+0x7a9/0x920 [ 71.287038][ T8] ? __pfx_kthread+0x10/0x10 [ 71.288706][ T8] ? __pfx_worker_thread+0x10/0x10 [ 71.290511][ T8] ? __pfx_kthread+0x10/0x10 [ 71.292165][ T8] ? __pfx_kthread+0x10/0x10 [ 71.293980][ T8] ? __pfx_kthread+0x10/0x10 [ 71.295970][ T8] ? _raw_spin_unlock_irq+0x23/0x50 [ 71.298512][ T8] ? lockdep_hardirqs_on+0x99/0x150 [ 71.301111][ T8] ? __pfx_kthread+0x10/0x10 [ 71.303394][ T8] ret_from_fork+0x4b/0x80 [ 71.305300][ T8] ? __pfx_kthread+0x10/0x10 [ 71.307236][ T8] ret_from_fork_asm+0x1a/0x30 [ 71.309191][ T8] [ 71.310464][ T8] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 71.313388][ T8] CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.14.0-rc4-syzkaller #0 [ 71.316929][ T8] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.321342][ T8] Workqueue: events cfg80211_conn_work [ 71.323963][ T8] Call Trace: [ 71.325556][ T8] [ 71.327044][ T8] dump_stack_lvl+0x241/0x360 [ 71.329142][ T8] ? __pfx_dump_stack_lvl+0x10/0x10 [ 71.331188][ T8] ? __pfx__printk+0x10/0x10 [ 71.333029][ T8] ? _printk+0xd5/0x120 [ 71.334745][ T8] ? __init_begin+0x41000/0x41000 [ 71.336865][ T8] ? vscnprintf+0x5d/0x90 [ 71.338815][ T8] panic+0x349/0x880 [ 71.340486][ T8] ? __warn+0x174/0x4d0 [ 71.342526][ T8] ? __pfx_panic+0x10/0x10 [ 71.344675][ T8] ? ret_from_fork_asm+0x1a/0x30 [ 71.347023][ T8] __warn+0x344/0x4d0 [ 71.348616][ T8] ? ieee80211_prep_channel+0x389b/0x5120 [ 71.350917][ T8] report_bug+0x2b3/0x500 [ 71.352715][ T8] ? ieee80211_prep_channel+0x389b/0x5120 [ 71.355038][ T8] handle_bug+0x60/0x90 [ 71.356785][ T8] exc_invalid_op+0x1a/0x50 [ 71.358993][ T8] asm_exc_invalid_op+0x1a/0x20 [ 71.361491][ T8] RIP: 0010:ieee80211_prep_channel+0x389b/0x5120 [ 71.364688][ T8] Code: c6 05 a7 80 95 04 01 48 c7 c7 17 18 4b 8d be 78 03 00 00 48 c7 c2 80 19 4b 8d e8 d0 9f 0b f6 e9 7e ca ff ff e8 a6 45 30 f6 90 <0f> 0b 90 48 8b 7c 24 30 e8 18 fc 8b f6 48 c7 44 24 30 ea ff ff ff [ 71.372861][ T8] RSP: 0018:ffffc900001a6c60 EFLAGS: 00010293 [ 71.375343][ T8] RAX: ffffffff8b91785a RBX: 0000000000000000 RCX: ffff88801cad2440 [ 71.378488][ T8] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 71.382032][ T8] RBP: ffffc900001a6fb0 R08: ffffffff8b914d79 R09: ffffffff8b6015d9 [ 71.386166][ T8] R10: 000000000000000e R11: ffff88801cad2440 R12: dffffc0000000000 [ 71.389758][ T8] R13: ffff88804407e758 R14: ffffc900001a6e70 R15: ffffc900001a6eb0 [ 71.393095][ T8] ? cfg80211_get_end_freq+0x79/0x1d0 [ 71.395238][ T8] ? ieee80211_prep_channel+0xdb9/0x5120 [ 71.397546][ T8] ? ieee80211_prep_channel+0x389a/0x5120 [ 71.399784][ T8] ? ieee80211_prep_channel+0x20a/0x5120 [ 71.402141][ T8] ? mark_lock+0x9a/0x360 [ 71.404071][ T8] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 71.406658][ T8] ? __pfx_lock_release+0x10/0x10 [ 71.409120][ T8] ieee80211_prep_connection+0xda1/0x1310 [ 71.411387][ T8] ieee80211_mgd_auth+0xedb/0x1750 [ 71.413454][ T8] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 71.415592][ T8] ? rcu_is_watching+0x15/0xb0 [ 71.417871][ T8] cfg80211_mlme_auth+0x59f/0x970 [ 71.420460][ T8] cfg80211_conn_do_work+0x601/0xeb0 [ 71.423132][ T8] ? mark_lock+0x9a/0x360 [ 71.424886][ T8] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 71.427385][ T8] ? __pfx_validate_chain+0x10/0x10 [ 71.429542][ T8] ? cfg80211_conn_work+0x273/0x530 [ 71.431561][ T8] cfg80211_conn_work+0x2c0/0x530 [ 71.433673][ T8] ? __pfx_cfg80211_conn_work+0x10/0x10 [ 71.435993][ T8] ? lockdep_unlock+0x16a/0x300 [ 71.438151][ T8] ? mark_lock+0x2ae/0x360 [ 71.440276][ T8] ? __lock_acquire+0x1397/0x2100 [ 71.443030][ T8] ? do_raw_spin_unlock+0x58/0x8b0 [ 71.445302][ T8] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 71.447992][ T8] ? __pfx_lock_acquire+0x10/0x10 [ 71.450193][ T8] ? lockdep_hardirqs_on+0x99/0x150 [ 71.452415][ T8] ? process_scheduled_works+0x9c6/0x18e0 [ 71.454886][ T8] process_scheduled_works+0xabe/0x18e0 [ 71.457594][ T8] ? __pfx_process_scheduled_works+0x10/0x10 [ 71.460185][ T8] ? assign_work+0x364/0x3d0 [ 71.462241][ T8] worker_thread+0x870/0xd30 [ 71.464317][ T8] ? __kthread_parkme+0x169/0x1d0 [ 71.466840][ T8] ? __pfx_worker_thread+0x10/0x10 [ 71.469036][ T8] kthread+0x7a9/0x920 [ 71.470844][ T8] ? __pfx_kthread+0x10/0x10 [ 71.472708][ T8] ? __pfx_worker_thread+0x10/0x10 [ 71.474731][ T8] ? __pfx_kthread+0x10/0x10 [ 71.476580][ T8] ? __pfx_kthread+0x10/0x10 [ 71.478673][ T8] ? __pfx_kthread+0x10/0x10 [ 71.481100][ T8] ? _raw_spin_unlock_irq+0x23/0x50 [ 71.484045][ T8] ? lockdep_hardirqs_on+0x99/0x150 [ 71.486494][ T8] ? __pfx_kthread+0x10/0x10 [ 71.488127][ T8] ret_from_fork+0x4b/0x80 [ 71.489739][ T8] ? __pfx_kthread+0x10/0x10 [ 71.491482][ T8] ret_from_fork_asm+0x1a/0x30 [ 71.493402][ T8] [ 71.495024][ T8] Kernel Offset: disabled [ 71.496879][ T8] Rebooting in 86400 seconds..