program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_REG(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000480)={'wlan1\x00'}) sendmsg$NL80211_CMD_CONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000007c0)={0x4c, r9, 0x5, 0x0, 0x0, {{}, {@void, @val={0xc, 0x99, {0xa8, 0x49}}}}, [@NL80211_ATTR_DISABLE_HT={0x4}, @NL80211_ATTR_PREV_BSSID={0xa}, @NL80211_ATTR_KEYS={0x10, 0x51, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x5}]}]}, @NL80211_ATTR_PREV_BSSID={0xa}]}, 0x4c}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000600)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @val={0x6, 0x2, 0x2}, @void, @val={0x72, 0x6}, @void}, 0x3b) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000640)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @val, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x1, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x1, 0x7f, 0xa1, 0x1}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x300, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x66) syz_80211_inject_frame(&(0x7f0000000580)=@device_b, &(0x7f00000006c0)=@ctrl_frame=@ba={{}, {0x3}, @device_a, @device_a, @basic={{0x0, 0x0, 0x0, 0x0, 0xf}, {0x1, 0x8}, "9204bdb0366b8cb0c00644ea4ceca68dc625fef6e54644555403ce553f931fc3a3dc5d80a255c2a5e8b8d6f543784fec9157dbb24bd67579e6ee37520cfc8bbd6356f66350eac2db1019a0e28ef6a5b3e58006fec96c156e16f19f0c89db168124b33dce2794e2119b387b3896df615e2c060a049418c897943d53ee89937ce6"}}, 0x94) io_uring_enter(0xffffffffffffffff, 0xc8e, 0x8d48, 0x44, &(0x7f0000000540)={[0x3]}, 0x8) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000500)={0x0, 0x0}) perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0xff, 0x3, 0x0, 0x1, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100019, 0x8, 0x0, 0x0, 0x200000004}, r10, 0x0, 0xffffffffffffffff, 0x0) r11 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r12 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000)) ioctl$PAGEMAP_SCAN(r12, 0xc0606610, &(0x7f0000000280)={0x60, 0x0, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x8, &(0x7f0000000440)=[{0x7ff, 0xfffffffffffffffa, 0x6}, {0x800, 0x3067, 0x7}, {0xfffffffffffffc00, 0x0, 0x100000000}, {0x9, 0x2, 0xfff}, {0x4, 0x9, 0x2}, {0x46cd, 0x3}], 0x6, 0x3, 0x28, 0x10, 0x10}) setsockopt$inet_group_source_req(r11, 0x0, 0x2e, &(0x7f0000000040)={0x6, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @broadcast}}}, 0x108) [ 76.273091][ T5299] Bluetooth: hci0: command tx timeout [ 76.358835][ T5319] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 76.376524][ T5317] ------------[ cut here ]------------ [ 76.378892][ T5317] WARNING: CPU: 0 PID: 5317 at net/mac80211/mlme.c:1129 ieee80211_prep_channel+0x49d2/0x6130 [ 76.383700][ T5317] Modules linked in: [ 76.385424][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) [ 76.389179][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.393854][ T5317] Workqueue: events cfg80211_conn_work [ 76.396174][ T5317] RIP: 0010:ieee80211_prep_channel+0x49d2/0x6130 [ 76.398848][ T5317] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 35 07 4f f7 48 83 3b 00 0f 84 96 04 00 00 e8 a6 bb e7 f6 eb 3c e8 9f bb e7 f6 90 <0f> 0b 90 e9 26 01 00 00 e8 91 bb e7 f6 c6 05 c6 be 8e 04 01 48 c7 [ 76.406822][ T5317] RSP: 0018:ffffc9000d306b00 EFLAGS: 00010293 [ 76.409515][ T5317] RAX: ffffffff8ad857c1 RBX: 0000000000000000 RCX: ffff88801f2f2480 [ 76.416115][ T5317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 76.419839][ T5317] RBP: ffffc9000d306ee0 R08: ffff88801f2f2480 R09: 000000000000000e [ 76.423351][ T5317] R10: 000000000000000d R11: 0000000000000000 R12: dffffc0000000000 [ 76.426630][ T5317] R13: 1ffff1100a38ed01 R14: ffffc9000d306db0 R15: ffff888051c76808 [ 76.430045][ T5317] FS: 0000000000000000(0000) GS:ffff88808d72f000(0000) knlGS:0000000000000000 [ 76.434302][ T5317] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.437504][ T5317] CR2: 00007fbf8a7bb558 CR3: 000000003ec83000 CR4: 0000000000352ef0 [ 76.441013][ T5317] Call Trace: [ 76.442375][ T5317] [ 76.443970][ T5317] ? ieee80211_prep_channel+0x20c/0x6130 [ 76.446493][ T5317] ? __pfx_get_page_from_freelist+0x10/0x10 [ 76.449190][ T5317] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 76.451776][ T5317] ? __lruvec_stat_mod_folio+0x6f/0x2e0 [ 76.454287][ T5317] ? ieee80211_prep_connection+0x545/0x13f0 [ 76.456875][ T5317] ieee80211_prep_connection+0xdd9/0x13f0 [ 76.459428][ T5317] ? ieee80211_prep_connection+0x545/0x13f0 [ 76.462103][ T5317] ieee80211_mgd_auth+0xee6/0x1770 [ 76.464386][ T5317] ? __lock_acquire+0xab9/0xd20 [ 76.466461][ T5317] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.468894][ T5317] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 76.471308][ T5317] ? rcu_is_watching+0x15/0xb0 [ 76.473636][ T5317] cfg80211_mlme_auth+0x632/0x9c0 [ 76.475778][ T5317] cfg80211_conn_do_work+0x501/0xd10 [ 76.478175][ T5317] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 76.480755][ T5317] ? __schedule+0x17ae/0x4cc0 [ 76.483047][ T5317] ? cfg80211_conn_work+0x298/0x460 [ 76.485214][ T5317] cfg80211_conn_work+0x2c0/0x460 [ 76.487440][ T5317] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 76.490188][ T5317] ? __pfx_cfg80211_conn_work+0x10/0x10 [ 76.492800][ T5317] ? stack_trace_save+0x9c/0xe0 [ 76.494869][ T5317] ? __pfx_stack_trace_save+0x10/0x10 [ 76.497260][ T5317] ? check_path+0x21/0x40 [ 76.499344][ T5317] ? lockdep_unlock+0x89/0x120 [ 76.501507][ T5317] ? validate_chain+0x897/0x2140 [ 76.503788][ T5317] ? __lock_acquire+0xab9/0xd20 [ 76.505934][ T5317] ? process_scheduled_works+0x9ef/0x17b0 [ 76.508532][ T5317] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.510832][ T5317] ? process_scheduled_works+0x9ef/0x17b0 [ 76.513435][ T5317] ? process_scheduled_works+0x9ef/0x17b0 [ 76.515878][ T5317] process_scheduled_works+0xae1/0x17b0 [ 76.518584][ T5317] ? __pfx_process_scheduled_works+0x10/0x10 [ 76.521362][ T5317] worker_thread+0x8a0/0xda0 [ 76.523607][ T5317] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 76.526307][ T5317] ? __kthread_parkme+0x7b/0x200 [ 76.528555][ T5317] kthread+0x711/0x8a0 [ 76.530508][ T5317] ? __pfx_worker_thread+0x10/0x10 [ 76.532928][ T5317] ? __pfx_kthread+0x10/0x10 [ 76.534880][ T5317] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.537175][ T5317] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.540016][ T5317] ? __pfx_kthread+0x10/0x10 [ 76.542967][ T5317] ret_from_fork+0x4bc/0x870 [ 76.545309][ T5317] ? __pfx_ret_from_fork+0x10/0x10 [ 76.547694][ T5317] ? __pfx_kthread+0x10/0x10 [ 76.549826][ T5317] ret_from_fork_asm+0x1a/0x30 [ 76.551921][ T5317] [ 76.553341][ T5317] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 76.556684][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) [ 76.560489][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.564936][ T5317] Workqueue: events cfg80211_conn_work [ 76.567445][ T5317] Call Trace: [ 76.569024][ T5317] [ 76.570266][ T5317] dump_stack_lvl+0x99/0x250 [ 76.572267][ T5317] ? __asan_memcpy+0x40/0x70 [ 76.574250][ T5317] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.576432][ T5317] ? __pfx__printk+0x10/0x10 [ 76.578197][ T5317] vpanic+0x237/0x6d0 [ 76.579837][ T5317] ? __pfx_vpanic+0x10/0x10 [ 76.581621][ T5317] panic+0xb9/0xc0 [ 76.583103][ T5317] ? __pfx_panic+0x10/0x10 [ 76.584891][ T5317] __warn+0x31b/0x4b0 [ 76.586520][ T5317] ? ieee80211_prep_channel+0x49d2/0x6130 [ 76.588842][ T5317] ? ieee80211_prep_channel+0x49d2/0x6130 [ 76.591159][ T5317] report_bug+0x2be/0x4f0 [ 76.593018][ T5317] ? ieee80211_prep_channel+0x49d2/0x6130 [ 76.595487][ T5317] ? ieee80211_prep_channel+0x49d2/0x6130 [ 76.597895][ T5317] ? ieee80211_prep_channel+0x49d4/0x6130 [ 76.599955][ T5317] handle_bug+0x84/0x160 [ 76.601728][ T5317] exc_invalid_op+0x1a/0x50 [ 76.603706][ T5317] asm_exc_invalid_op+0x1a/0x20 [ 76.605814][ T5317] RIP: 0010:ieee80211_prep_channel+0x49d2/0x6130 [ 76.608526][ T5317] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 35 07 4f f7 48 83 3b 00 0f 84 96 04 00 00 e8 a6 bb e7 f6 eb 3c e8 9f bb e7 f6 90 <0f> 0b 90 e9 26 01 00 00 e8 91 bb e7 f6 c6 05 c6 be 8e 04 01 48 c7 [ 76.617818][ T5317] RSP: 0018:ffffc9000d306b00 EFLAGS: 00010293 [ 76.621234][ T5317] RAX: ffffffff8ad857c1 RBX: 0000000000000000 RCX: ffff88801f2f2480 [ 76.624831][ T5317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 76.628015][ T5317] RBP: ffffc9000d306ee0 R08: ffff88801f2f2480 R09: 000000000000000e [ 76.631418][ T5317] R10: 000000000000000d R11: 0000000000000000 R12: dffffc0000000000 [ 76.636844][ T5317] R13: 1ffff1100a38ed01 R14: ffffc9000d306db0 R15: ffff888051c76808 [ 76.640311][ T5317] ? ieee80211_prep_channel+0x49d1/0x6130 [ 76.642838][ T5317] ? ieee80211_prep_channel+0x20c/0x6130 [ 76.645089][ T5317] ? __pfx_get_page_from_freelist+0x10/0x10 [ 76.647755][ T5317] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 76.650487][ T5317] ? __lruvec_stat_mod_folio+0x6f/0x2e0 [ 76.653176][ T5317] ? ieee80211_prep_connection+0x545/0x13f0 [ 76.656033][ T5317] ieee80211_prep_connection+0xdd9/0x13f0 [ 76.658793][ T5317] ? ieee80211_prep_connection+0x545/0x13f0 [ 76.661572][ T5317] ieee80211_mgd_auth+0xee6/0x1770 [ 76.663840][ T5317] ? __lock_acquire+0xab9/0xd20 [ 76.666011][ T5317] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.668168][ T5317] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 76.670314][ T5317] ? rcu_is_watching+0x15/0xb0 [ 76.672302][ T5317] cfg80211_mlme_auth+0x632/0x9c0 [ 76.674451][ T5317] cfg80211_conn_do_work+0x501/0xd10 [ 76.676679][ T5317] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 76.679417][ T5317] ? __schedule+0x17ae/0x4cc0 [ 76.681569][ T5317] ? cfg80211_conn_work+0x298/0x460 [ 76.683813][ T5317] cfg80211_conn_work+0x2c0/0x460 [ 76.686236][ T5317] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 76.689669][ T5317] ? __pfx_cfg80211_conn_work+0x10/0x10 [ 76.692460][ T5317] ? stack_trace_save+0x9c/0xe0 [ 76.694522][ T5317] ? __pfx_stack_trace_save+0x10/0x10 [ 76.696583][ T5317] ? check_path+0x21/0x40 [ 76.698249][ T5317] ? lockdep_unlock+0x89/0x120 [ 76.700111][ T5317] ? validate_chain+0x897/0x2140 [ 76.701995][ T5317] ? __lock_acquire+0xab9/0xd20 [ 76.703870][ T5317] ? process_scheduled_works+0x9ef/0x17b0 [ 76.706016][ T5317] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.708074][ T5317] ? process_scheduled_works+0x9ef/0x17b0 [ 76.710382][ T5317] ? process_scheduled_works+0x9ef/0x17b0 [ 76.712801][ T5317] process_scheduled_works+0xae1/0x17b0 [ 76.715172][ T5317] ? __pfx_process_scheduled_works+0x10/0x10 [ 76.717687][ T5317] worker_thread+0x8a0/0xda0 [ 76.719685][ T5317] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 76.722125][ T5317] ? __kthread_parkme+0x7b/0x200 [ 76.724030][ T5317] kthread+0x711/0x8a0 [ 76.725466][ T5317] ? __pfx_worker_thread+0x10/0x10 [ 76.727689][ T5317] ? __pfx_kthread+0x10/0x10 [ 76.729534][ T5317] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.731867][ T5317] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.734302][ T5317] ? __pfx_kthread+0x10/0x10 [ 76.736331][ T5317] ret_from_fork+0x4bc/0x870 [ 76.738254][ T5317] ? __pfx_ret_from_fork+0x10/0x10 [ 76.740427][ T5317] ? __pfx_kthread+0x10/0x10 [ 76.742381][ T5317] ret_from_fork_asm+0x1a/0x30 [ 76.744379][ T5317] [ 76.745939][ T5317] Kernel Offset: disabled [ 76.747755][ T5317] Rebooting in 86400 seconds..