program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r4, &(0x7f00000015c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001580)={&(0x7f0000001540)={0x2c, r2, 0x200, 0x70bd25, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x2, 0x33}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x52}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000380)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_REG(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000500)={0x60, r8, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STATUS_CODE={0x6}, @NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5}, @NL80211_ATTR_TDLS_ACTION={0x5}, @NL80211_ATTR_IE={0x20, 0x2a, [@preq={0x82, 0x1a, {{}, 0xb4, 0x5, 0x6, @device_a, 0x933, @void, 0x4, 0x200}}]}, @NL80211_ATTR_MAC={0xa}]}, 0x60}}, 0x0) [ 85.515082][ T4671] Bluetooth: hci0: command tx timeout [ 85.608154][ T5330] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 85.613721][ T5330] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 85.619977][ T5330] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 85.636891][ T9] ------------[ cut here ]------------ [ 85.639523][ T9] WARNING: CPU: 0 PID: 9 at net/mac80211/mlme.c:1129 ieee80211_prep_channel+0x49d2/0x6130 [ 85.643901][ T9] Modules linked in: [ 85.646030][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted syzkaller #0 PREEMPT(full) [ 85.649898][ T9] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.654495][ T9] Workqueue: events cfg80211_conn_work [ 85.656862][ T9] RIP: 0010:ieee80211_prep_channel+0x49d2/0x6130 [ 85.659566][ T9] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 55 93 4f f7 48 83 3b 00 0f 84 96 04 00 00 e8 76 54 e8 f6 eb 3c e8 6f 54 e8 f6 90 <0f> 0b 90 e9 26 01 00 00 e8 61 54 e8 f6 c6 05 5b 3d 8f 04 01 48 c7 [ 85.667750][ T9] RSP: 0018:ffffc900001b6b00 EFLAGS: 00010293 [ 85.670460][ T9] RAX: ffffffff8ad7bf21 RBX: 0000000000000000 RCX: ffff88801beac900 [ 85.673858][ T9] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 85.677981][ T9] RBP: ffffc900001b6ee0 R08: ffff88801beac900 R09: 000000000000000e [ 85.681668][ T9] R10: 000000000000000d R11: 0000000000000000 R12: dffffc0000000000 [ 85.685264][ T9] R13: 1ffff1100a46f501 R14: ffffc900001b6db0 R15: ffff88805237a808 [ 85.688567][ T9] FS: 0000000000000000(0000) GS:ffff88808d733000(0000) knlGS:0000000000000000 [ 85.692262][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.695511][ T9] CR2: 00002000000015c0 CR3: 0000000042c11000 CR4: 0000000000352ef0 [ 85.698904][ T9] Call Trace: [ 85.700348][ T9] [ 85.701673][ T9] ? ieee80211_prep_channel+0x20c/0x6130 [ 85.704126][ T9] ? __pfx_get_page_from_freelist+0x10/0x10 [ 85.706899][ T9] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 85.709652][ T9] ? __lruvec_stat_mod_folio+0x6f/0x2e0 [ 85.712209][ T9] ? ieee80211_prep_connection+0x545/0x13f0 [ 85.715063][ T9] ieee80211_prep_connection+0xdd9/0x13f0 [ 85.717481][ T9] ? ieee80211_prep_connection+0x545/0x13f0 [ 85.719948][ T9] ieee80211_mgd_auth+0xee6/0x1770 [ 85.722170][ T9] ? __lock_acquire+0xab9/0xd20 [ 85.724443][ T9] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.726588][ T9] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 85.728999][ T9] ? rcu_is_watching+0x15/0xb0 [ 85.731415][ T9] cfg80211_mlme_auth+0x632/0x9c0 [ 85.733668][ T9] cfg80211_conn_do_work+0x501/0xd10 [ 85.736038][ T9] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 85.738638][ T9] ? lockdep_unlock+0x89/0x120 [ 85.740689][ T9] ? validate_chain+0x897/0x2140 [ 85.742920][ T9] ? cfg80211_conn_work+0x298/0x460 [ 85.745415][ T9] cfg80211_conn_work+0x2c0/0x460 [ 85.747641][ T9] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 85.750368][ T9] ? __pfx_cfg80211_conn_work+0x10/0x10 [ 85.752800][ T9] ? stack_trace_save+0x9c/0xe0 [ 85.755014][ T9] ? __pfx_stack_trace_save+0x10/0x10 [ 85.757310][ T9] ? check_path+0x21/0x40 [ 85.759096][ T9] ? lockdep_unlock+0x89/0x120 [ 85.761211][ T9] ? validate_chain+0x897/0x2140 [ 85.763378][ T9] ? __lock_acquire+0xab9/0xd20 [ 85.765616][ T9] ? process_scheduled_works+0x9ef/0x17b0 [ 85.768029][ T9] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.770308][ T9] ? process_scheduled_works+0x9ef/0x17b0 [ 85.772680][ T9] ? process_scheduled_works+0x9ef/0x17b0 [ 85.775119][ T9] process_scheduled_works+0xae1/0x17b0 [ 85.777446][ T9] ? __pfx_process_scheduled_works+0x10/0x10 [ 85.780075][ T9] worker_thread+0x8a0/0xda0 [ 85.782181][ T9] kthread+0x711/0x8a0 [ 85.784010][ T9] ? __pfx_worker_thread+0x10/0x10 [ 85.786369][ T9] ? __pfx_kthread+0x10/0x10 [ 85.788374][ T9] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.790673][ T9] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.792971][ T9] ? __pfx_kthread+0x10/0x10 [ 85.795054][ T9] ret_from_fork+0x4bc/0x870 [ 85.797092][ T9] ? __pfx_ret_from_fork+0x10/0x10 [ 85.799411][ T9] ? __pfx_kthread+0x10/0x10 [ 85.801508][ T9] ret_from_fork_asm+0x1a/0x30 [ 85.803660][ T9] [ 85.805172][ T9] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.808284][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted syzkaller #0 PREEMPT(full) [ 85.812185][ T9] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.816866][ T9] Workqueue: events cfg80211_conn_work [ 85.819287][ T9] Call Trace: [ 85.820776][ T9] [ 85.822038][ T9] dump_stack_lvl+0x99/0x250 [ 85.824035][ T9] ? __asan_memcpy+0x40/0x70 [ 85.826087][ T9] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.828285][ T9] ? __pfx__printk+0x10/0x10 [ 85.830337][ T9] vpanic+0x237/0x6d0 [ 85.832098][ T9] ? __pfx_vpanic+0x10/0x10 [ 85.834145][ T9] panic+0xb9/0xc0 [ 85.835765][ T9] ? __pfx_panic+0x10/0x10 [ 85.837660][ T9] __warn+0x31b/0x4b0 [ 85.839299][ T9] ? ieee80211_prep_channel+0x49d2/0x6130 [ 85.841717][ T9] ? ieee80211_prep_channel+0x49d2/0x6130 [ 85.844158][ T9] report_bug+0x2be/0x4f0 [ 85.846276][ T9] ? ieee80211_prep_channel+0x49d2/0x6130 [ 85.848611][ T9] ? ieee80211_prep_channel+0x49d2/0x6130 [ 85.850904][ T9] ? ieee80211_prep_channel+0x49d4/0x6130 [ 85.853384][ T9] handle_bug+0x84/0x160 [ 85.855250][ T9] exc_invalid_op+0x1a/0x50 [ 85.857241][ T9] asm_exc_invalid_op+0x1a/0x20 [ 85.859372][ T9] RIP: 0010:ieee80211_prep_channel+0x49d2/0x6130 [ 85.862068][ T9] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 55 93 4f f7 48 83 3b 00 0f 84 96 04 00 00 e8 76 54 e8 f6 eb 3c e8 6f 54 e8 f6 90 <0f> 0b 90 e9 26 01 00 00 e8 61 54 e8 f6 c6 05 5b 3d 8f 04 01 48 c7 [ 85.870159][ T9] RSP: 0018:ffffc900001b6b00 EFLAGS: 00010293 [ 85.872728][ T9] RAX: ffffffff8ad7bf21 RBX: 0000000000000000 RCX: ffff88801beac900 [ 85.876369][ T9] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 85.879835][ T9] RBP: ffffc900001b6ee0 R08: ffff88801beac900 R09: 000000000000000e [ 85.883253][ T9] R10: 000000000000000d R11: 0000000000000000 R12: dffffc0000000000 [ 85.886718][ T9] R13: 1ffff1100a46f501 R14: ffffc900001b6db0 R15: ffff88805237a808 [ 85.890086][ T9] ? ieee80211_prep_channel+0x49d1/0x6130 [ 85.892693][ T9] ? ieee80211_prep_channel+0x20c/0x6130 [ 85.895184][ T9] ? __pfx_get_page_from_freelist+0x10/0x10 [ 85.897759][ T9] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 85.900332][ T9] ? __lruvec_stat_mod_folio+0x6f/0x2e0 [ 85.903185][ T9] ? ieee80211_prep_connection+0x545/0x13f0 [ 85.906212][ T9] ieee80211_prep_connection+0xdd9/0x13f0 [ 85.908653][ T9] ? ieee80211_prep_connection+0x545/0x13f0 [ 85.911199][ T9] ieee80211_mgd_auth+0xee6/0x1770 [ 85.913765][ T9] ? __lock_acquire+0xab9/0xd20 [ 85.915964][ T9] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.918281][ T9] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 85.920679][ T9] ? rcu_is_watching+0x15/0xb0 [ 85.922760][ T9] cfg80211_mlme_auth+0x632/0x9c0 [ 85.925052][ T9] cfg80211_conn_do_work+0x501/0xd10 [ 85.927343][ T9] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 85.929903][ T9] ? lockdep_unlock+0x89/0x120 [ 85.931974][ T9] ? validate_chain+0x897/0x2140 [ 85.934210][ T9] ? cfg80211_conn_work+0x298/0x460 [ 85.937066][ T9] cfg80211_conn_work+0x2c0/0x460 [ 85.939399][ T9] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 85.942071][ T9] ? __pfx_cfg80211_conn_work+0x10/0x10 [ 85.944426][ T9] ? stack_trace_save+0x9c/0xe0 [ 85.946534][ T9] ? __pfx_stack_trace_save+0x10/0x10 [ 85.948994][ T9] ? check_path+0x21/0x40 [ 85.950884][ T9] ? lockdep_unlock+0x89/0x120 [ 85.953025][ T9] ? validate_chain+0x897/0x2140 [ 85.955201][ T9] ? __lock_acquire+0xab9/0xd20 [ 85.957384][ T9] ? process_scheduled_works+0x9ef/0x17b0 [ 85.960077][ T9] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.962461][ T9] ? process_scheduled_works+0x9ef/0x17b0 [ 85.965006][ T9] ? process_scheduled_works+0x9ef/0x17b0 [ 85.967445][ T9] process_scheduled_works+0xae1/0x17b0 [ 85.969879][ T9] ? __pfx_process_scheduled_works+0x10/0x10 [ 85.972254][ T9] worker_thread+0x8a0/0xda0 [ 85.974170][ T9] kthread+0x711/0x8a0 [ 85.975822][ T9] ? __pfx_worker_thread+0x10/0x10 [ 85.977990][ T9] ? __pfx_kthread+0x10/0x10 [ 85.979897][ T9] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.981974][ T9] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.984002][ T9] ? __pfx_kthread+0x10/0x10 [ 85.985898][ T9] ret_from_fork+0x4bc/0x870 [ 85.987772][ T9] ? __pfx_ret_from_fork+0x10/0x10 [ 85.989835][ T9] ? __pfx_kthread+0x10/0x10 [ 85.991704][ T9] ret_from_fork_asm+0x1a/0x30 [ 85.993696][ T9] [ 85.995325][ T9] Kernel Offset: disabled [ 85.997107][ T9] Rebooting in 86400 seconds..