program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f0000000040)=@device_b, &(0x7f0000000280)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @broadcast, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0xb}]}, @void, @void, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x1, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x3, 0x21}}, [{0xdd, 0x6, "7c1cc1478551"}]}, 0x48) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_REG(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000000)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0xa004, 0x0, @random=0xc, @val, @val={0x2d, 0x1a, {0xc50, 0x0, 0x4, 0x0, {0x54, 0x93e, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8, 0xc2b, 0x8}}}, 0x3c) [ 78.644952][ T5304] Bluetooth: hci0: command tx timeout [ 78.651051][ T1309] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.674738][ T1309] ieee802154 phy1 wpan1: encryption failed: -22 [ 78.781302][ T5320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 78.792740][ T5320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 78.800398][ T5320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 78.815047][ T56] wlan1: No basic rates, using min rate instead [ 78.818458][ T56] ------------[ cut here ]------------ [ 78.821067][ T56] WARNING: CPU: 0 PID: 56 at net/mac80211/mlme.c:1012 ieee80211_prep_channel+0x389b/0x5120 [ 78.825919][ T56] Modules linked in: [ 78.827562][ T56] CPU: 0 UID: 0 PID: 56 Comm: kworker/0:2 Not tainted 6.14.0-rc3-syzkaller-00166-g334426094588 #0 [ 78.831626][ T56] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.835677][ T56] Workqueue: events cfg80211_conn_work [ 78.837694][ T56] RIP: 0010:ieee80211_prep_channel+0x389b/0x5120 [ 78.840055][ T56] Code: c6 05 15 8b 95 04 01 48 c7 c7 37 18 4b 8d be 78 03 00 00 48 c7 c2 a0 19 4b 8d e8 90 aa 0b f6 e9 7e ca ff ff e8 66 50 30 f6 90 <0f> 0b 90 48 8b 7c 24 30 e8 88 06 8c f6 48 c7 44 24 30 ea ff ff ff [ 78.849080][ T56] RSP: 0018:ffffc9000103ec60 EFLAGS: 00010293 [ 78.851453][ T56] RAX: ffffffff8b916a2a RBX: 0000000000000000 RCX: ffff88801f49a440 [ 78.854544][ T56] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 78.857469][ T56] RBP: ffffc9000103efb0 R08: ffffffff8b913f49 R09: ffffffff8b6007a9 [ 78.860530][ T56] R10: 000000000000000e R11: ffff88801f49a440 R12: dffffc0000000000 [ 78.864506][ T56] R13: ffff888044162758 R14: ffffc9000103ee70 R15: ffffc9000103eeb0 [ 78.867984][ T56] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 78.871335][ T56] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.873577][ T56] CR2: 00007f760797c170 CR3: 0000000051d48000 CR4: 0000000000352ef0 [ 78.876423][ T56] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 78.879211][ T56] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 78.882589][ T56] Call Trace: [ 78.884436][ T56] [ 78.885974][ T56] ? __warn+0x165/0x4d0 [ 78.887594][ T56] ? ieee80211_prep_channel+0x389b/0x5120 [ 78.889617][ T56] ? report_bug+0x2b3/0x500 [ 78.891396][ T56] ? ieee80211_prep_channel+0x389b/0x5120 [ 78.893624][ T56] ? handle_bug+0x60/0x90 [ 78.895231][ T56] ? exc_invalid_op+0x1a/0x50 [ 78.896955][ T56] ? asm_exc_invalid_op+0x1a/0x20 [ 78.898828][ T56] ? cfg80211_get_end_freq+0x79/0x1d0 [ 78.901005][ T56] ? ieee80211_prep_channel+0xdb9/0x5120 [ 78.903436][ T56] ? ieee80211_prep_channel+0x389a/0x5120 [ 78.906083][ T56] ? ieee80211_prep_channel+0x389b/0x5120 [ 78.908666][ T56] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 78.910857][ T56] ? ieee80211_prep_channel+0x20a/0x5120 [ 78.913089][ T56] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 78.915460][ T56] ? rcu_is_watching+0x15/0xb0 [ 78.917312][ T56] ? __pfx_lock_release+0x10/0x10 [ 78.919389][ T56] ieee80211_prep_connection+0xda1/0x1310 [ 78.921762][ T56] ieee80211_mgd_auth+0xedb/0x1750 [ 78.924196][ T56] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 78.926411][ T56] ? rcu_is_watching+0x15/0xb0 [ 78.928235][ T56] cfg80211_mlme_auth+0x59f/0x970 [ 78.930173][ T56] cfg80211_conn_do_work+0x601/0xeb0 [ 78.932111][ T56] ? mark_lock+0x9a/0x360 [ 78.934427][ T56] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 78.937217][ T56] ? __pfx_validate_chain+0x10/0x10 [ 78.939075][ T56] ? cfg80211_conn_work+0x273/0x530 [ 78.940905][ T56] cfg80211_conn_work+0x2c0/0x530 [ 78.942766][ T56] ? __pfx_cfg80211_conn_work+0x10/0x10 [ 78.945225][ T56] ? lockdep_unlock+0x16a/0x300 [ 78.947120][ T56] ? mark_lock+0x2ae/0x360 [ 78.948745][ T56] ? __lock_acquire+0x1397/0x2100 [ 78.950684][ T56] ? do_raw_spin_unlock+0x58/0x8b0 [ 78.952522][ T56] ? __pfx_lock_acquire+0x10/0x10 [ 78.954759][ T56] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 78.957574][ T56] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 78.960547][ T56] ? process_scheduled_works+0x9c6/0x18e0 [ 78.962787][ T56] process_scheduled_works+0xabe/0x18e0 [ 78.964972][ T56] ? __pfx_process_scheduled_works+0x10/0x10 [ 78.967202][ T56] ? assign_work+0x364/0x3d0 [ 78.968881][ T56] worker_thread+0x870/0xd30 [ 78.970652][ T56] ? __kthread_parkme+0x169/0x1d0 [ 78.972550][ T56] ? __pfx_worker_thread+0x10/0x10 [ 78.974550][ T56] kthread+0x7a9/0x920 [ 78.976273][ T56] ? __pfx_kthread+0x10/0x10 [ 78.979126][ T56] ? __pfx_worker_thread+0x10/0x10 [ 78.982215][ T56] ? __pfx_kthread+0x10/0x10 [ 78.984794][ T56] ? __pfx_kthread+0x10/0x10 [ 78.986816][ T56] ? __pfx_kthread+0x10/0x10 [ 78.988541][ T56] ? _raw_spin_unlock_irq+0x23/0x50 [ 78.990441][ T56] ? lockdep_hardirqs_on+0x99/0x150 [ 78.992796][ T56] ? __pfx_kthread+0x10/0x10 [ 78.994876][ T56] ret_from_fork+0x4b/0x80 [ 78.996558][ T56] ? __pfx_kthread+0x10/0x10 [ 78.998318][ T56] ret_from_fork_asm+0x1a/0x30 [ 79.000088][ T56] [ 79.001253][ T56] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 79.004251][ T56] CPU: 0 UID: 0 PID: 56 Comm: kworker/0:2 Not tainted 6.14.0-rc3-syzkaller-00166-g334426094588 #0 [ 79.008797][ T56] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 79.013517][ T56] Workqueue: events cfg80211_conn_work [ 79.015535][ T56] Call Trace: [ 79.016810][ T56] [ 79.017985][ T56] dump_stack_lvl+0x241/0x360 [ 79.019741][ T56] ? __pfx_dump_stack_lvl+0x10/0x10 [ 79.021689][ T56] ? __pfx__printk+0x10/0x10 [ 79.023567][ T56] ? _printk+0xd5/0x120 [ 79.025244][ T56] ? __init_begin+0x41000/0x41000 [ 79.027433][ T56] ? vscnprintf+0x5d/0x90 [ 79.029518][ T56] panic+0x349/0x880 [ 79.031506][ T56] ? __warn+0x174/0x4d0 [ 79.033405][ T56] ? __pfx_panic+0x10/0x10 [ 79.034996][ T56] ? ret_from_fork_asm+0x1a/0x30 [ 79.036503][ T56] __warn+0x344/0x4d0 [ 79.037922][ T56] ? ieee80211_prep_channel+0x389b/0x5120 [ 79.039983][ T56] report_bug+0x2b3/0x500 [ 79.041539][ T56] ? ieee80211_prep_channel+0x389b/0x5120 [ 79.043511][ T56] handle_bug+0x60/0x90 [ 79.045054][ T56] exc_invalid_op+0x1a/0x50 [ 79.046911][ T56] asm_exc_invalid_op+0x1a/0x20 [ 79.048909][ T56] RIP: 0010:ieee80211_prep_channel+0x389b/0x5120 [ 79.051467][ T56] Code: c6 05 15 8b 95 04 01 48 c7 c7 37 18 4b 8d be 78 03 00 00 48 c7 c2 a0 19 4b 8d e8 90 aa 0b f6 e9 7e ca ff ff e8 66 50 30 f6 90 <0f> 0b 90 48 8b 7c 24 30 e8 88 06 8c f6 48 c7 44 24 30 ea ff ff ff [ 79.058500][ T56] RSP: 0018:ffffc9000103ec60 EFLAGS: 00010293 [ 79.060699][ T56] RAX: ffffffff8b916a2a RBX: 0000000000000000 RCX: ffff88801f49a440 [ 79.063687][ T56] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 79.067566][ T56] RBP: ffffc9000103efb0 R08: ffffffff8b913f49 R09: ffffffff8b6007a9 [ 79.071775][ T56] R10: 000000000000000e R11: ffff88801f49a440 R12: dffffc0000000000 [ 79.074688][ T56] R13: ffff888044162758 R14: ffffc9000103ee70 R15: ffffc9000103eeb0 [ 79.077769][ T56] ? cfg80211_get_end_freq+0x79/0x1d0 [ 79.079770][ T56] ? ieee80211_prep_channel+0xdb9/0x5120 [ 79.081826][ T56] ? ieee80211_prep_channel+0x389a/0x5120 [ 79.083869][ T56] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 79.085998][ T56] ? ieee80211_prep_channel+0x20a/0x5120 [ 79.087808][ T56] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 79.089974][ T56] ? rcu_is_watching+0x15/0xb0 [ 79.091904][ T56] ? __pfx_lock_release+0x10/0x10 [ 79.093963][ T56] ieee80211_prep_connection+0xda1/0x1310 [ 79.096125][ T56] ieee80211_mgd_auth+0xedb/0x1750 [ 79.098105][ T56] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 79.100426][ T56] ? rcu_is_watching+0x15/0xb0 [ 79.102262][ T56] cfg80211_mlme_auth+0x59f/0x970 [ 79.104198][ T56] cfg80211_conn_do_work+0x601/0xeb0 [ 79.106130][ T56] ? mark_lock+0x9a/0x360 [ 79.107660][ T56] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 79.109888][ T56] ? __pfx_validate_chain+0x10/0x10 [ 79.112251][ T56] ? cfg80211_conn_work+0x273/0x530 [ 79.115096][ T56] cfg80211_conn_work+0x2c0/0x530 [ 79.117400][ T56] ? __pfx_cfg80211_conn_work+0x10/0x10 [ 79.119483][ T56] ? lockdep_unlock+0x16a/0x300 [ 79.121351][ T56] ? mark_lock+0x2ae/0x360 [ 79.123149][ T56] ? __lock_acquire+0x1397/0x2100 [ 79.125074][ T56] ? do_raw_spin_unlock+0x58/0x8b0 [ 79.127049][ T56] ? __pfx_lock_acquire+0x10/0x10 [ 79.128823][ T56] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 79.131026][ T56] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 79.133081][ T56] ? process_scheduled_works+0x9c6/0x18e0 [ 79.135171][ T56] process_scheduled_works+0xabe/0x18e0 [ 79.137547][ T56] ? __pfx_process_scheduled_works+0x10/0x10 [ 79.139899][ T56] ? assign_work+0x364/0x3d0 [ 79.141511][ T56] worker_thread+0x870/0xd30 [ 79.143197][ T56] ? __kthread_parkme+0x169/0x1d0 [ 79.145200][ T56] ? __pfx_worker_thread+0x10/0x10 [ 79.147666][ T56] kthread+0x7a9/0x920 [ 79.149596][ T56] ? __pfx_kthread+0x10/0x10 [ 79.151519][ T56] ? __pfx_worker_thread+0x10/0x10 [ 79.153992][ T56] ? __pfx_kthread+0x10/0x10 [ 79.156047][ T56] ? __pfx_kthread+0x10/0x10 [ 79.158001][ T56] ? __pfx_kthread+0x10/0x10 [ 79.159614][ T56] ? _raw_spin_unlock_irq+0x23/0x50 [ 79.161422][ T56] ? lockdep_hardirqs_on+0x99/0x150 [ 79.163520][ T56] ? __pfx_kthread+0x10/0x10 [ 79.165230][ T56] ret_from_fork+0x4b/0x80 [ 79.166776][ T56] ? __pfx_kthread+0x10/0x10 [ 79.168407][ T56] ret_from_fork_asm+0x1a/0x30 [ 79.170520][ T56] [ 79.171939][ T56] Kernel Offset: disabled [ 79.173779][ T56] Rebooting in 86400 seconds..