quoted

This code was designed for regulatory changes, but the WARN_ON()
indicates that we got connected on a channel that we think isn't
actually usable. We quite possibly should reject that connection
there, but it seems to me it should've been rejected elsewhere
already...?

But this is prior to connection, right? This warning happens upon
authenticate.

Yeah the warning happens in authentication.

So in nl80211_authenticate() we do:

chan = nl80211_get_valid_chan(&rdev->wiphy,
			      info->attrs[NL80211_ATTR_WIPHY_FREQ]);

and in cfg80211_mlme_auth():

req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
			   IEEE80211_BSS_TYPE_ESS,
			   IEEE80211_PRIVACY_ANY);

That might not be what's going on - the OP said he was getting this
with iw, which doesn't go through nl80211_authenticate() but
nl80211_connect().

After that the chain is:

ieee80211_mgd_auth() ->
	ieee80211_prep_connection() ->
		ieee80211_prep_channel() ->
			ieee80211_determine_chantype()

And somehow that determines that even a 20MHz no-HT channel isn't
valid.

johannes