program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)={0x1f, r1, 0xbda8f8e3b12ca7f7, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x4f}}}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xc}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0x0, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x0, 0xe7, "a9bd9f91894b5b6c96da36d945a8ebfef84b9b23daf15324"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0x0, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0x0, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x0, 0xe7, "ee6fa02286b39d56a3976d175140e00e23e3bf210a653c74"}], @NL80211_ATTR_IFTYPE={0x0, 0x5, 0xb}, @NL80211_ATTR_MESH_ID]}, 0x30}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r3) sendmsg$NL80211_CMD_TDLS_MGMT(r3, &(0x7f0000000640)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x28, r4, 0x400, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x23}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x3}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x40008c4) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) mq_unlink(&(0x7f0000001f40)=',\x00') sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000800)=@data_frame={@msdu=@type00={{0x0, 0x2, 0x9, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, {0xa3}, @broadcast, @broadcast, @initial, {0xb, 0x7}, "", @value={0x6, 0x0, 0x2, 0x0, 0x8}}, @a_msdu=[{@broadcast, @broadcast, 0xe4, "f432f3a876f57fd6f4a176a79b99ad5c1c8f49fe7af48749c7d501550375c2ef6fb6fd7e55db087312da4681bd9e4e1ae01ffef52c953e97483e4f475596217b56d8a31da1aefc6acf751ae51b302e3c17134dea70971ba00397a6c0bb9df6b5ae527f861840fd9e6c16d1e5effee14839f031751aa6b69e5138f50490a0d840ffe216c2efa6b63a357508e5cb66e5768c641a25c7ad6c0688af530e39accb1a5bb74fa48d4471910ee8a7016ffa34d9c9f1ee3199f27559e565c2dd1a66bedf910c7bec930064fd02715fd9b2be18fc1827c03f1e2768f3a3715a0949bfbc52d641d758"}, {@broadcast, @broadcast, 0x7, "5210545d0e6d36"}, {@device_a, @device_a, 0x5b, "47def87ecc6c56e3548377365078ac80ae10beb8b751fb84e9e5ea8250f989c1613507ec54f3a8daf08ea4860f6b35a6d16481e70ddad9d4e80a763761474edaa15d46f8253997e00f3472b9b9c5c03e54a2f0984fa24c1d41e974"}, {@device_a, @broadcast, 0x2c, "ed03dc17881197f8d14f3f4b1d0000fa3d9e4f99fcceb9b0a07c9a7d530db8e00a8078ad5c5ce8c31e639e32"}, {@device_b, @device_b, 0x1d, "c830e5703b40a1edaf7dc7cf30dfa3eb34c7917ed76226776609b1727f"}, {@device_a, @broadcast, 0xa3, "8e1d15ea37aade0b2e6caabc7efce2ff50c8b78fa1c974cc16559696ac1f84562577e4b17eee515f8b671cfe9cab59ed3fbba686bc4e7a1b81d6708331274f96222b07418da35d75fd97d0328b29218a8adb2e64adeef9748772f5926c07e95449f49fe233f61a7b89acf6c64f83226a4889c95d65f0aa4cce2244122066efa9c63aa3fe0032f6a726a909f62e066d4f4c456f9c5db504acd0d47ac5fc62e85d9afa31"}, {@device_a, @device_a, 0x6c, "7b5cd90246ee92d63123e326dda7bf20a098b0c4f7918d30ac31a62d6bcf951b39de828666259a52d22e738fc1df2cde9657a2f066e8fe62c81fc6c73c7be6b84bf8ddc9e95935651ec606eb9218440a502bc33a0055bed14ff7c0bbef757362d6a0cc1382ddd8712f4184d3"}]}, 0x32a) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@ctrl_frame=@pspoll={{}, @default, @random="12bf5ca2913e", @device_b}, 0x10) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000540)=ANY=[@ANYBLOB="1000000008021100000108021100000008021100000020001b00000001000100c036a938d5eecd01104c65b19360eee407fc05af0b75311f0e91dc5da1c12161a30349e0a8a45d82fbee2f66e8dd673a3a833855fa0769004ed76c9d791903099c825bcad086d05ddbe19bd84dec7b4bd38c73dcace3599801e5ce54b7d4955bb5ebd840056340593754c8ee47f31e5431e3a3b6c2900c85e00b7742f198396287cdb9d8036af4f8b1b9e300"/195], 0x20) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000010c0)={0x9f4, r8, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x2d, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac=@device_b}, 0x0, @default, 0x1, @void, @val={0x1, 0x3, [{0x3f15f4b61768d1fe, 0x1}, {0x30}, {0x2}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16c1}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_PRIVACY={0x4}, @beacon=[@NL80211_ATTR_BEACON_TAIL={0x192, 0xf, [@preq={0x82, 0x41, {{0x0, 0x1, 0x0, 0x0, 0x1}, 0x14, 0x3, 0x9, @device_b, 0x100, @value=@device_b, 0x7, 0x6, 0x3, [{{}, @device_b, 0x8}, {{}, @broadcast, 0x10000}, {{0x0, 0x0, 0x1}, @broadcast, 0x10001}]}}, @ssid={0x0, 0x6, @default_ap_ssid}, @random={0x4, 0x40, "663ae74ca5fbc790a084a5fe7a37fe9bc133edd3d78eff3715bf612f656509d5bebe8eae78e73addd09a1ce2de2ce1fff7fb7583e8f1f2baf4887e089fd556da"}, @rann={0x7e, 0x15, {{0x0, 0x74}, 0x3, 0x9, @broadcast, 0x9, 0x6, 0x1}}, @random_vendor={0xdd, 0xe8, "9490237509f6645b5904df59cc4314cb98fbc8843c38b32736f15f6815573d62ba7beb6ee85ce006b1f01dbb01a56b38bb49ea29687bfb4a881c39e93bffc200dc2a94ee3a0a253e26f6d275e691a7f62707640d153eda2e1ae3e98691e6337cb17f62dd0ee62cbf845a34215690be22b366170dcd0c80cddf32c782a34b3103f7d899e442a1180b6c17ee8243769b279891309c7312d1bd348c88a503330b05a1f67522d90264d10b0770ab09d15564f63ca79ec467641f849c3a0f353b2be44de4488300ea4f6fbe190d155949e2f2308ce0e2b74ee993849aad051adf00e75e149636b0ef7daa"}]}, @NL80211_ATTR_BEACON_HEAD={0x196, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1}, {0x7ff0}, @device_b, @device_a, @from_mac=@broadcast, {0xf, 0x9}}, 0x7, @default, 0x4049, @void, @void, @val={0x3, 0x1, 0x2c}, @void, @void, @void, @val={0x25, 0x3, {0x1, 0x36, 0x77}}, @val={0x2a, 0x1, {0x1, 0x0, 0x1}}, @val={0x3c, 0x4, {0x1, 0xdf, 0x6, 0x80}}, @val={0x2d, 0x1a, {0x2000, 0x2, 0x1, 0x0, {0x0, 0x9, 0x0, 0x5, 0x0, 0x1, 0x0, 0x2}, 0x800, 0x7ff, 0x2}}, @void, @void, @void, [{0xdd, 0x81, "77fe15e7a7cc8d53ec7eae761ccf733b400f701ad3dbec763885e150201e173a98c854a9dcf4e819dbdf67d9d1c373c0482100e4e5f69a858b0f3f74942e0bf540f9f590ab263eb2cf5b48d2fa8a4b7b9525fc052b21cd1aad835a9ef299ce9fb9f0969c5eba6986a436fdc2c3e13cac3dd6abb6762ebb3197a4103067de060dd1"}, {0xdd, 0x1c, "318577edd114b1881c4fc08f8267f964659727eb0b247065ee7e1ae1d3da72f8d2"}, {0xdd, 0x99, "e77f5e0b3c42e90e0f85b941b0aa9bab8d485673eaa5672f9aef40700151d96a37d2c8e60fc130e260080ba62a55ec876f36e56c7ba1a5a2db9e199f619095da8f8d4a879d61f7afbbf8741f18f9ca5a4653f3c4fa6ee9c881bae5ee1ba4a5dbf74cd92d5e3080d9ee2208e63c0cc3c9fa8a4215db3b5410765044ac45b828d0bebb86cb9f90dc3047ad219d8bce2575f9bd97b6c264470e6e"}]}}, @NL80211_ATTR_IE={0xc3, 0x2a, [@rann={0x7e, 0x15, {{0x1, 0x64}, 0x8, 0xec, @device_b, 0x57eb, 0x81, 0xfff}}, @random_vendor={0xdd, 0xa6, "9d3db878536124e209a22a66b1ac38ba5f08ffd6e88d309e670643617447b08201fc381a223c47638db3a14e6ac16a97f35bf28b0de390783dc69bfb7e0ec464cdc8af3cc1b3dee5eee4a067ed82e71c64e679bc7e85fc0d420618a94bbae3622d73377f33640e12f5ae27ddda1f026a12cb77e78f592919fe403a95d9d4ae473f04e326fe90a44e4bb59d07816a012893bc21059b7b636a11451e52770b88ba16067a9a95f8"}]}, @NL80211_ATTR_BEACON_TAIL={0x2ba, 0xf, [@fast_bss_trans={0x37, 0xc1, {0x2b, 0x4, "5a8516db4a4f6f86ca81d14a47aed1d9", "56375d5261f02bf3d054e4dcf4ace6476afe5d5df0285fdbe4ca4f7fae46bc1e", "c7a2e527faeaae8b6e9a8b16956c817370a929dcf9db4f195bc31eeb9531675d", [{0x1, 0x1a, "bb3bf5a67d637388b1911eb1f98e8ae52702c4cd72fb835a6ad7"}, {0x4, 0x23, "2e377367c796b8c076a00f678282110c6554ec14ab231e364f5472bf76a1c62b91dd3d"}, {0x8, 0xb, "4914e9547e3115e7a46008"}, {0x4, 0x1f, "67023ab6830c00be189719210e704bcc8176bbd1cba65d9be09134c3ac8d3b"}]}}, @mesh_config={0x71, 0x7, {0x0, 0x0, 0x1, 0x1, 0xffffffffffffffff, 0x2, 0x1}}, @prep={0x83, 0x25, {{0x0, 0x1}, 0xe, 0xd5, @device_b, 0x5, @value=@device_b, 0x100, 0xc, @device_b, 0x5}}, @mic={0x8c, 0x10, {0xedb, "eed622b10320", @short="8b250e97a5a2c429"}}, @random={0x2, 0xfb, "fe5aed8cd1c2c49176ec06a8aa4ca557f5031d16ccc3ae87f8932b5b8ca8ef071c7a1d72e7f998672a39dbfdb23b847bd2a66ee59c270a274860d6afa2b596a28044f1924389765399664af6009e902e1c6a2faa89310500331220be8245db487ade0304a86caf6a76c3f4c5c4679c78fbde33149f1c34af994a26f7927e85428ac5319bb12f745810984bebe6344a0031542822c073261aa8fd446fa3167c70d5ecc5e7a3dc7306be8509f4732d4de1c440f316c6ffbce7a8e6450720cf03727894db5468834dfea4ff0ea14aa693518225d4a53eeaa1902e81fa243b3ffb654c01ac8c2eb079e6ecc16b9a5ae07ff37b3c203018b442bf216960"}, @ibss={0x6, 0x2, 0x2}, @fast_bss_trans={0x37, 0xa3, {0xd8, 0x4, "fc3736dbfcb74b7cfa219f75403b8657", "fbbac0e5b9b1eaa972a71e9af617bf85749eed8e1b11d591427a5236c0d12719", "628727a4052dceb66a065ef18c48fea8651af41b950493f4d4dc28a155fb8f66", [{0x3, 0x11, "1e36530d3a780f334523373994d42ce91e"}, {0x2, 0x22, "7a6952f52708b6560fd94a69d1a330b05c4b75e9aeeb7b6912773ea53b024c5e4d03"}, {0x1, 0x11, "08f83c8c0074eb6579dd62018612cb3e5e"}, {0x2, 0x5, "e1a42ffed1"}]}}, @erp={0x2a, 0x1, {0x1, 0x1}}, @gcr_ga={0xbd, 0x6, @broadcast}]}, @NL80211_ATTR_IE_PROBE_RESP={0x84, 0x7f, [@supported_rates={0x1, 0x6, [{0x2e}, {0x4}, {0x3, 0x1}, {0x29, 0x1}, {0x3}, {0x2, 0x1}]}, @rann={0x7e, 0x15, {{0x1, 0x7}, 0x7, 0x6d, @device_b, 0xd, 0x0, 0x3}}, @preq={0x82, 0x3b, {{0x1}, 0x62, 0x1, 0x8, @device_b, 0x7, @void, 0x95, 0xb, 0x3, [{{0x1, 0x0, 0x1}, @device_b, 0x9}, {{0x0, 0x0, 0x1}, @device_b, 0x3ff}, {{0x1}, @device_a, 0x1000}]}}, @link_id={0x65, 0x12, {@from_mac=@device_b, @broadcast, @broadcast}}, @peer_mgmt={0x75, 0x6, {0x1, 0x8, @val=0x3, @void, @void}}, @gcr_ga={0xbd, 0x6, @device_b}]}], @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x4}, @NL80211_ATTR_TX_RATES={0x25c, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x58, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x21, 0x1, [0x48, 0x2, 0x18, 0xc, 0x9, 0x9, 0x9, 0x4, 0x3, 0x36, 0x0, 0x46dc277ef74653dd, 0x60, 0x4, 0x48, 0x1, 0x36, 0x9, 0x36, 0x6, 0x6, 0x24, 0x9, 0x6, 0x1b, 0x36, 0x0, 0x30, 0x2]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x8, 0x0, 0x73, 0x0, 0x4, 0x8000]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x400, 0x8, 0xf, 0x400, 0x1ff, 0x4, 0x3]}}]}, @NL80211_BAND_6GHZ={0xa0, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x9, 0x8001, 0x2, 0xff, 0x8, 0xfff6, 0xb]}}, @NL80211_TXRATE_HT={0x32, 0x2, [{0x2, 0x9}, {0x5, 0x5}, {0x7, 0x1}, {0x5, 0x3}, {0x7}, {0x6, 0x4}, {0x5, 0x3}, {0x6, 0x9}, {0x2, 0x2}, {0x5, 0x6}, {0x3, 0x3}, {0x6, 0x5}, {0x1, 0x6}, {0x6, 0x5}, {0x5, 0x8}, {0x2, 0xa}, {0x4, 0x3}, {0x4, 0xa}, {0x0, 0x7}, {0x0, 0x7}, {0x3, 0x5}, {0x6, 0x8}, {0x1, 0x3}, {0x7, 0x4}, {0x1, 0x4}, {0x1}, {0x0, 0x1}, {0x6, 0x2}, {0x7, 0x3}, {0x3, 0x2}, {0x4, 0x8}, {0x0, 0x9}, {0x5, 0x7}, {0x2, 0x7}, {0x5, 0x1}, {0x3, 0x1}, {0x0, 0x2}, {0x3}, {0x6, 0x7}, {0x1, 0x8}, {0x5, 0x4}, {0x1, 0x8}, {0x3, 0x5}, {0x3, 0xa}, {0x5, 0x2}, {}]}, @NL80211_TXRATE_LEGACY={0x19, 0x1, [0x24, 0x4, 0x5, 0x24, 0x9, 0x3, 0x21, 0x6, 0x4, 0x4, 0x48, 0xb, 0xc, 0x6, 0x57, 0x60, 0x36, 0x18, 0x30, 0x2, 0x16]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x3, 0x7, 0xfffa, 0xd2e8, 0x54, 0x2, 0x1]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x77b0, 0x1c8b, 0x0, 0x8000, 0x5, 0x69d, 0x6]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0xedce3c680e4352ce}]}, @NL80211_BAND_6GHZ={0x30, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x2, 0x7, 0xa, 0xd, 0xa, 0x6, 0x1ff, 0x9]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_2GHZ={0x7c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HT={0x35, 0x2, [{0x3, 0x2}, {0x1, 0xa}, {0x0, 0x9}, {0x0, 0x5}, {0x0, 0x7}, {0x0, 0x5}, {0x5, 0x4}, {0x0, 0xa}, {0x0, 0x7}, {0x0, 0x7}, {0x1, 0x4}, {0x1, 0x6}, {0x4, 0x4}, {0x0, 0x8}, {0x3}, {0x6, 0x5}, {0x6, 0x6}, {0x6, 0x4}, {0x3, 0x1}, {0x0, 0xa}, {0x5, 0x6}, {0x1, 0xa}, {0x7, 0x3}, {0x5, 0x4}, {0x1, 0x2}, {0x1, 0x3}, {0x5, 0x7}, {0x5, 0x6}, {0x6, 0x4}, {0x2, 0xa}, {0x7, 0x5}, {0x5, 0xa}, {0x0, 0x3}, {0x3, 0x8}, {0x0, 0x8}, {0x3}, {0x6, 0x9}, {0x3}, {0x4, 0x8}, {0x6, 0x6}, {0x0, 0x5}, {0x3, 0x4}, {0x0, 0x4}, {0x3, 0xa}, {0x5}, {0x1, 0x6}, {0x5, 0x8}, {0x6, 0x2}, {0x4, 0x2}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xc, 0x6, 0x1ff, 0x4, 0x11, 0x0, 0x6, 0x4]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_LEGACY={0xa, 0x1, [0x16, 0x30, 0x48, 0x1, 0x4, 0xb]}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_6GHZ={0x28, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x6, 0x3, 0x6, 0x1, 0x6, 0x1, 0xff80]}}, @NL80211_TXRATE_LEGACY={0x6, 0x1, [0x30, 0x6]}]}, @NL80211_BAND_5GHZ={0x44, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x400, 0x8001, 0x3, 0x1, 0x644, 0x4, 0x2, 0x2]}}, @NL80211_TXRATE_LEGACY={0x13, 0x1, [0x0, 0x16, 0x18, 0x1b, 0x16, 0x0, 0x18, 0x60, 0x6, 0x9, 0x2, 0x9, 0xb, 0x30, 0x1b]}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_5GHZ={0x48, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x9, 0x3, 0xfb01, 0x3, 0x0, 0x829b, 0xfa32]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xad, 0x400, 0x6e, 0x10, 0x5cf3, 0x7, 0xfbe, 0xfffb]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x4, 0x3, 0xff, 0x200, 0xe43, 0x340d, 0x90af]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}]}]}, 0x9f4}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r11, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000480)={0x3c, r12, 0xb97534d5fe9704cf, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) r14 = socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xd0101, 0x0) r15 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r14, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r14, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r15, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r16}, @void}}}, 0x1c}}, 0x0) [ 74.175838][ T5303] Bluetooth: hci0: command tx timeout [ 74.234686][ T5324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.300322][ T5324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.306483][ T5324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.327765][ T5324] ------------[ cut here ]------------ [ 74.331406][ T5324] WARNING: CPU: 0 PID: 5324 at net/mac80211/rate.c:53 rate_control_rate_init+0x64a/0x6e0 [ 74.336160][ T5324] Modules linked in: [ 74.338052][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 74.343303][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.348001][ T5324] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 74.351021][ T5324] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 98 ee 8b 00 cc e8 92 6a e2 f6 90 0f 0b 90 eb e1 e8 87 6a e2 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 74.360244][ T5324] RSP: 0018:ffffc9000d506ff0 EFLAGS: 00010283 [ 74.362883][ T5324] RAX: ffffffff8adde419 RBX: ffff888043c0c000 RCX: 0000000000100000 [ 74.366330][ T5324] RDX: ffffc9000e08a000 RSI: 000000000000034b RDI: 000000000000034c [ 74.369958][ T5324] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8adddf33 [ 74.373728][ T5324] R10: dffffc0000000000 R11: ffffed1008781831 R12: 1ffff1100878180a [ 74.377703][ T5324] R13: ffff888000a80e40 R14: 0000000000000001 R15: ffffffff8adddf33 [ 74.381313][ T5324] FS: 00007fe67c5156c0(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000 [ 74.385112][ T5324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.387904][ T5324] CR2: 00007fe67c4e7d60 CR3: 0000000042b3e000 CR4: 0000000000352ef0 [ 74.391982][ T5324] Call Trace: [ 74.393784][ T5324] [ 74.395325][ T5324] rate_control_rate_init_all_links+0x109/0x1a0 [ 74.398232][ T5324] sta_apply_auth_flags+0x1c2/0x400 [ 74.400608][ T5324] sta_apply_parameters+0xe4b/0x15b0 [ 74.402914][ T5324] ieee80211_add_station+0x424/0x6a0 [ 74.405234][ T5324] rdev_add_station+0x108/0x290 [ 74.407362][ T5324] nl80211_new_station+0x1723/0x1b40 [ 74.409938][ T5324] ? __pfx_nl80211_new_station+0x10/0x10 [ 74.412651][ T5324] ? netdev_run_todo+0xe1d/0xea0 [ 74.415239][ T5324] ? nl80211_pre_doit+0x4f1/0x930 [ 74.417574][ T5324] genl_family_rcv_msg_doit+0x212/0x300 [ 74.420086][ T5324] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 74.422702][ T5324] ? bpf_lsm_capable+0x9/0x20 [ 74.424769][ T5324] ? security_capable+0x7e/0x2e0 [ 74.426958][ T5324] genl_rcv_msg+0x60e/0x790 [ 74.428996][ T5324] ? __pfx_genl_rcv_msg+0x10/0x10 [ 74.431634][ T5324] ? ref_tracker_free+0x63a/0x7d0 [ 74.434144][ T5324] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 74.436572][ T5324] ? __pfx_nl80211_new_station+0x10/0x10 [ 74.439013][ T5324] ? __pfx_nl80211_post_doit+0x10/0x10 [ 74.441479][ T5324] ? __pfx_ref_tracker_free+0x10/0x10 [ 74.443863][ T5324] netlink_rcv_skb+0x208/0x470 [ 74.446024][ T5324] ? __pfx_genl_rcv_msg+0x10/0x10 [ 74.448210][ T5324] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 74.450700][ T5324] ? down_read+0x1ad/0x2e0 [ 74.453129][ T5324] genl_rcv+0x28/0x40 [ 74.455315][ T5324] netlink_unicast+0x75b/0x8d0 [ 74.457935][ T5324] netlink_sendmsg+0x805/0xb30 [ 74.460239][ T5324] ? __pfx_netlink_sendmsg+0x10/0x10 [ 74.462595][ T5324] ? aa_sock_msg_perm+0x94/0x160 [ 74.464914][ T5324] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 74.467309][ T5324] ? __pfx_netlink_sendmsg+0x10/0x10 [ 74.469746][ T5324] __sock_sendmsg+0x21c/0x270 [ 74.471763][ T5324] ____sys_sendmsg+0x505/0x830 [ 74.473886][ T5324] ? __pfx_____sys_sendmsg+0x10/0x10 [ 74.476156][ T5324] ? import_iovec+0x74/0xa0 [ 74.478134][ T5324] ___sys_sendmsg+0x21f/0x2a0 [ 74.480293][ T5324] ? __pfx____sys_sendmsg+0x10/0x10 [ 74.482588][ T5324] ? __fget_files+0x2a/0x420 [ 74.484578][ T5324] ? __fget_files+0x3a0/0x420 [ 74.486623][ T5324] __x64_sys_sendmsg+0x19b/0x260 [ 74.488757][ T5324] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 74.491327][ T5324] ? rcu_is_watching+0x15/0xb0 [ 74.493369][ T5324] ? do_syscall_64+0xbe/0x3b0 [ 74.495460][ T5324] do_syscall_64+0xfa/0x3b0 [ 74.497715][ T5324] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.500609][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.503635][ T5324] ? clear_bhb_loop+0x60/0xb0 [ 74.505735][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.508279][ T5324] RIP: 0033:0x7fe67b78e929 [ 74.510333][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.518591][ T5324] RSP: 002b:00007fe67c515038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 74.522390][ T5324] RAX: ffffffffffffffda RBX: 00007fe67b9b5fa0 RCX: 00007fe67b78e929 [ 74.525923][ T5324] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000008 [ 74.529380][ T5324] RBP: 00007fe67b810b39 R08: 0000000000000000 R09: 0000000000000000 [ 74.532914][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.536485][ T5324] R13: 0000000000000000 R14: 00007fe67b9b5fa0 R15: 00007ffd46dfe8a8 [ 74.540056][ T5324] [ 74.541607][ T5324] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 74.544921][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 74.549931][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.554661][ T5324] Call Trace: [ 74.556137][ T5324] [ 74.557466][ T5324] dump_stack_lvl+0x99/0x250 [ 74.559556][ T5324] ? __asan_memcpy+0x40/0x70 [ 74.561669][ T5324] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.563991][ T5324] ? __pfx__printk+0x10/0x10 [ 74.566094][ T5324] panic+0x2db/0x790 [ 74.567796][ T5324] ? __pfx_panic+0x10/0x10 [ 74.569862][ T5324] __warn+0x31b/0x4b0 [ 74.571647][ T5324] ? rate_control_rate_init+0x64a/0x6e0 [ 74.574082][ T5324] ? rate_control_rate_init+0x64a/0x6e0 [ 74.576503][ T5324] report_bug+0x2be/0x4f0 [ 74.578368][ T5324] ? rate_control_rate_init+0x64a/0x6e0 [ 74.580788][ T5324] ? rate_control_rate_init+0x64a/0x6e0 [ 74.583298][ T5324] ? rate_control_rate_init+0x64c/0x6e0 [ 74.585833][ T5324] handle_bug+0x84/0x160 [ 74.587764][ T5324] exc_invalid_op+0x1a/0x50 [ 74.589825][ T5324] asm_exc_invalid_op+0x1a/0x20 [ 74.591956][ T5324] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 74.594698][ T5324] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 98 ee 8b 00 cc e8 92 6a e2 f6 90 0f 0b 90 eb e1 e8 87 6a e2 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 74.603197][ T5324] RSP: 0018:ffffc9000d506ff0 EFLAGS: 00010283 [ 74.606255][ T5324] RAX: ffffffff8adde419 RBX: ffff888043c0c000 RCX: 0000000000100000 [ 74.609666][ T5324] RDX: ffffc9000e08a000 RSI: 000000000000034b RDI: 000000000000034c [ 74.613058][ T5324] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8adddf33 [ 74.616453][ T5324] R10: dffffc0000000000 R11: ffffed1008781831 R12: 1ffff1100878180a [ 74.619876][ T5324] R13: ffff888000a80e40 R14: 0000000000000001 R15: ffffffff8adddf33 [ 74.624378][ T5324] ? rate_control_rate_init+0x163/0x6e0 [ 74.627277][ T5324] ? rate_control_rate_init+0x163/0x6e0 [ 74.630216][ T5324] ? rate_control_rate_init+0x649/0x6e0 [ 74.632796][ T5324] rate_control_rate_init_all_links+0x109/0x1a0 [ 74.635612][ T5324] sta_apply_auth_flags+0x1c2/0x400 [ 74.637928][ T5324] sta_apply_parameters+0xe4b/0x15b0 [ 74.640380][ T5324] ieee80211_add_station+0x424/0x6a0 [ 74.642771][ T5324] rdev_add_station+0x108/0x290 [ 74.645052][ T5324] nl80211_new_station+0x1723/0x1b40 [ 74.647582][ T5324] ? __pfx_nl80211_new_station+0x10/0x10 [ 74.650199][ T5324] ? netdev_run_todo+0xe1d/0xea0 [ 74.652264][ T5324] ? nl80211_pre_doit+0x4f1/0x930 [ 74.654437][ T5324] genl_family_rcv_msg_doit+0x212/0x300 [ 74.656800][ T5324] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 74.659407][ T5324] ? bpf_lsm_capable+0x9/0x20 [ 74.661372][ T5324] ? security_capable+0x7e/0x2e0 [ 74.663441][ T5324] genl_rcv_msg+0x60e/0x790 [ 74.665404][ T5324] ? __pfx_genl_rcv_msg+0x10/0x10 [ 74.667673][ T5324] ? ref_tracker_free+0x63a/0x7d0 [ 74.669857][ T5324] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 74.672452][ T5324] ? __pfx_nl80211_new_station+0x10/0x10 [ 74.675026][ T5324] ? __pfx_nl80211_post_doit+0x10/0x10 [ 74.677484][ T5324] ? __pfx_ref_tracker_free+0x10/0x10 [ 74.679982][ T5324] netlink_rcv_skb+0x208/0x470 [ 74.682122][ T5324] ? __pfx_genl_rcv_msg+0x10/0x10 [ 74.684388][ T5324] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 74.686967][ T5324] ? down_read+0x1ad/0x2e0 [ 74.689587][ T5324] genl_rcv+0x28/0x40 [ 74.691605][ T5324] netlink_unicast+0x75b/0x8d0 [ 74.694141][ T5324] netlink_sendmsg+0x805/0xb30 [ 74.696458][ T5324] ? __pfx_netlink_sendmsg+0x10/0x10 [ 74.699079][ T5324] ? aa_sock_msg_perm+0x94/0x160 [ 74.701619][ T5324] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 74.704197][ T5324] ? __pfx_netlink_sendmsg+0x10/0x10 [ 74.706562][ T5324] __sock_sendmsg+0x21c/0x270 [ 74.708656][ T5324] ____sys_sendmsg+0x505/0x830 [ 74.710768][ T5324] ? __pfx_____sys_sendmsg+0x10/0x10 [ 74.713188][ T5324] ? import_iovec+0x74/0xa0 [ 74.715208][ T5324] ___sys_sendmsg+0x21f/0x2a0 [ 74.717630][ T5324] ? __pfx____sys_sendmsg+0x10/0x10 [ 74.720298][ T5324] ? __fget_files+0x2a/0x420 [ 74.722483][ T5324] ? __fget_files+0x3a0/0x420 [ 74.724964][ T5324] __x64_sys_sendmsg+0x19b/0x260 [ 74.727264][ T5324] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 74.729410][ T5324] ? rcu_is_watching+0x15/0xb0 [ 74.731657][ T5324] ? do_syscall_64+0xbe/0x3b0 [ 74.733752][ T5324] do_syscall_64+0xfa/0x3b0 [ 74.735713][ T5324] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.738064][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.740877][ T5324] ? clear_bhb_loop+0x60/0xb0 [ 74.743671][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.746839][ T5324] RIP: 0033:0x7fe67b78e929 [ 74.748933][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.757523][ T5324] RSP: 002b:00007fe67c515038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 74.761280][ T5324] RAX: ffffffffffffffda RBX: 00007fe67b9b5fa0 RCX: 00007fe67b78e929 [ 74.764865][ T5324] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000008 [ 74.768521][ T5324] RBP: 00007fe67b810b39 R08: 0000000000000000 R09: 0000000000000000 [ 74.772285][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.775874][ T5324] R13: 0000000000000000 R14: 00007fe67b9b5fa0 R15: 00007ffd46dfe8a8 [ 74.779308][ T5324] [ 74.781159][ T5324] Kernel Offset: disabled [ 74.783347][ T5324] Rebooting in 86400 seconds..