program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f0000000040)=@device_b, &(0x7f0000000280)=ANY=[@ANYBLOB="50000000080211000001ffffffffffff0802110000000000000000000000000064000100000602020202020201010b"], 0x48) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f00000021c0)=ANY=[@ANYBLOB="b00000000802110000010802110000000802110000001000000002"], 0x1e) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000080211000001080211000000080211000000200004a000000c0001"], 0x3c) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_TDLS_OPER(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, r1, 0xfd39e943ccf1163b, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000010}, 0x50) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) r7 = socket$pptp(0x18, 0x1, 0x2) r8 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x42041) syz_usb_disconnect(r8) close_range(r7, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)=0x20) syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000500)='./file0\x00', 0x18418, &(0x7f0000000200)=ANY=[@ANYRES8=0x0, @ANYRES8], 0xfe, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==") ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) open_by_handle_at(r9, &(0x7f0000000000)=ANY=[@ANYBLOB='\f\x00\x00\x00Q'], 0x0) r10 = syz_clone(0x34802000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r10) ptrace$poke(0x5, r10, &(0x7f0000000080), 0x0) syz_open_procfs(r10, &(0x7f0000000040)='fd/3\x00') [ 74.596672][ T5294] Bluetooth: hci0: command tx timeout [ 74.854309][ T5314] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.888701][ T5312] wlan1: No basic rates, using min rate instead [ 74.892747][ T5312] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 74.897456][ T5312] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 74.910863][ T1132] wlan1: authenticated [ 74.912817][ T5312] wlan1: associating to AP 08:02:11:00:00:00 with corrupt probe response [ 74.917158][ T1132] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 74.921378][ T5314] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.929901][ T1132] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0xa004 status=0 aid=12) [ 74.933750][ T1132] wlan1: No basic rates, using min rate instead [ 74.937415][ T1132] wlan1: associated [ 74.939701][ T5314] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 75.196668][ T5312] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 75.349622][ T5312] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 75.353975][ T5312] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 75.358560][ T5312] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 75.376114][ T5312] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.405069][ T5314] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 75.422939][ T5312] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 75.613571][ T5312] usb 5-1: USB disconnect, device number 2 [ 75.829509][ T5314] loop0: detected capacity change from 0 to 128 [ 75.833174][ T30] ------------[ cut here ]------------ [ 75.835654][ T30] !sta [ 75.835664][ T30] WARNING: net/mac80211/mlme.c:4504 at ieee80211_mgd_probe_ap_send+0x497/0x560, CPU#0: kworker/u4:2/30 [ 75.841669][ T30] Modules linked in: [ 75.843555][ T30] CPU: 0 UID: 0 PID: 30 Comm: kworker/u4:2 Not tainted syzkaller #0 PREEMPT(full) [ 75.847836][ T30] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 75.852356][ T30] Workqueue: events_unbound cfg80211_wiphy_work [ 75.854984][ T30] RIP: 0010:ieee80211_mgd_probe_ap_send+0x497/0x560 [ 75.858033][ T30] Code: 4c 89 fe 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 4d 13 78 f6 e8 58 2b 8c f6 90 0f 0b 90 e9 3a fc ff ff e8 4a 2b 8c f6 90 <0f> 0b 90 e9 d3 fc ff ff e8 3c 2b 8c f6 90 0f 0b 90 e9 3c ff ff ff [ 75.865775][ T30] RSP: 0018:ffffc90000387a60 EFLAGS: 00010293 [ 75.868454][ T30] RAX: ffffffff8b397026 RBX: ffff888012fecdc0 RCX: ffff88801eec2480 [ 75.871916][ T30] RDX: 0000000000000000 RSI: ffffffff8e166428 RDI: ffff88801eec2480 [ 75.875361][ T30] RBP: 0000000000000001 R08: ffff88801eec2480 R09: 000000000000000c [ 75.878932][ T30] R10: 000000000000000c R11: 0000000000000000 R12: ffff888012feeae2 [ 75.882462][ T30] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff888012fedd40 [ 75.885815][ T30] FS: 0000000000000000(0000) GS:ffff88808ca59000(0000) knlGS:0000000000000000 [ 75.889738][ T30] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.892396][ T30] CR2: 00007fab83c0fe00 CR3: 0000000011a99000 CR4: 0000000000352ef0 [ 75.895678][ T30] Call Trace: [ 75.897254][ T30] [ 75.898526][ T30] cfg80211_wiphy_work+0x2ab/0x4a0 [ 75.900843][ T30] ? process_scheduled_works+0xa25/0x1830 [ 75.903212][ T30] process_scheduled_works+0xb02/0x1830 [ 75.905482][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 75.907876][ T30] ? assign_work+0x3d5/0x5e0 [ 75.909736][ T30] worker_thread+0xa50/0xfc0 [ 75.911502][ T30] kthread+0x388/0x470 [ 75.913264][ T30] ? __pfx_worker_thread+0x10/0x10 [ 75.915506][ T30] ? __pfx_kthread+0x10/0x10 [ 75.917727][ T30] ret_from_fork+0x51e/0xb90 [ 75.919602][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 75.921690][ T30] ? __switch_to+0xc7d/0x1450 [ 75.923792][ T30] ? __pfx_kthread+0x10/0x10 [ 75.925838][ T30] ret_from_fork_asm+0x1a/0x30 [ 75.928075][ T30] [ 75.929449][ T30] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.932887][ T30] CPU: 0 UID: 0 PID: 30 Comm: kworker/u4:2 Not tainted syzkaller #0 PREEMPT(full) [ 75.936927][ T30] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 75.941174][ T30] Workqueue: events_unbound cfg80211_wiphy_work [ 75.943783][ T30] Call Trace: [ 75.945237][ T30] [ 75.946479][ T30] vpanic+0x56c/0xa60 [ 75.948055][ T30] ? __pfx__printk+0x10/0x10 [ 75.949911][ T30] ? __pfx_vpanic+0x10/0x10 [ 75.951859][ T30] ? is_bpf_text_address+0x292/0x2b0 [ 75.954104][ T30] ? is_bpf_text_address+0x26/0x2b0 [ 75.956481][ T30] panic+0xc5/0xd0 [ 75.958050][ T30] ? __pfx_panic+0x10/0x10 [ 75.960078][ T30] ? ret_from_fork_asm+0x1a/0x30 [ 75.962165][ T30] __warn+0x315/0x4f0 [ 75.963780][ T30] ? ieee80211_mgd_probe_ap_send+0x497/0x560 [ 75.966195][ T30] ? ieee80211_mgd_probe_ap_send+0x497/0x560 [ 75.968638][ T30] __report_bug+0x29a/0x540 [ 75.970508][ T30] ? lockdep_hardirqs_on+0x7a/0x110 [ 75.972800][ T30] ? ieee80211_mgd_probe_ap_send+0x497/0x560 [ 75.975415][ T30] ? __pfx___report_bug+0x10/0x10 [ 75.977699][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 75.979767][ T30] ? nla_put+0xd0/0x150 [ 75.981515][ T30] ? ieee80211_mgd_probe_ap_send+0x497/0x560 [ 75.983935][ T30] report_bug+0x16a/0x220 [ 75.985854][ T30] ? ieee80211_mgd_probe_ap_send+0x497/0x560 [ 75.988340][ T30] ? ieee80211_mgd_probe_ap_send+0x499/0x560 [ 75.990997][ T30] handle_bug+0x98/0x200 [ 75.992930][ T30] exc_invalid_op+0x1a/0x50 [ 75.994938][ T30] asm_exc_invalid_op+0x1a/0x20 [ 75.997014][ T30] RIP: 0010:ieee80211_mgd_probe_ap_send+0x497/0x560 [ 75.999930][ T30] Code: 4c 89 fe 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 4d 13 78 f6 e8 58 2b 8c f6 90 0f 0b 90 e9 3a fc ff ff e8 4a 2b 8c f6 90 <0f> 0b 90 e9 d3 fc ff ff e8 3c 2b 8c f6 90 0f 0b 90 e9 3c ff ff ff [ 76.007889][ T30] RSP: 0018:ffffc90000387a60 EFLAGS: 00010293 [ 76.010410][ T30] RAX: ffffffff8b397026 RBX: ffff888012fecdc0 RCX: ffff88801eec2480 [ 76.013826][ T30] RDX: 0000000000000000 RSI: ffffffff8e166428 RDI: ffff88801eec2480 [ 76.017541][ T30] RBP: 0000000000000001 R08: ffff88801eec2480 R09: 000000000000000c [ 76.020714][ T30] R10: 000000000000000c R11: 0000000000000000 R12: ffff888012feeae2 [ 76.024155][ T30] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff888012fedd40 [ 76.027299][ T30] ? ieee80211_mgd_probe_ap_send+0x496/0x560 [ 76.029632][ T30] cfg80211_wiphy_work+0x2ab/0x4a0 [ 76.031898][ T30] ? process_scheduled_works+0xa25/0x1830 [ 76.034309][ T30] process_scheduled_works+0xb02/0x1830 [ 76.036688][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 76.039218][ T30] ? assign_work+0x3d5/0x5e0 [ 76.041280][ T30] worker_thread+0xa50/0xfc0 [ 76.043317][ T30] kthread+0x388/0x470 [ 76.045088][ T30] ? __pfx_worker_thread+0x10/0x10 [ 76.047236][ T30] ? __pfx_kthread+0x10/0x10 [ 76.049202][ T30] ret_from_fork+0x51e/0xb90 [ 76.051186][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 76.053408][ T30] ? __switch_to+0xc7d/0x1450 [ 76.055399][ T30] ? __pfx_kthread+0x10/0x10 [ 76.057296][ T30] ret_from_fork_asm+0x1a/0x30 [ 76.059294][ T30] [ 76.061002][ T30] Kernel Offset: disabled [ 76.062941][ T30] Rebooting in 86400 seconds..