program: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}, 0x1, 0x0, 0x0, 0x400c000}, 0x0) (async) sendmsg$NL80211_CMD_JOIN_OCB(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)={0x24, r4, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x971}]}, 0x24}, 0x1, 0x0, 0x0, 0x24004015}, 0x448d0) syz_80211_inject_frame(&(0x7f0000000140)=@device_b, &(0x7f0000000740)=@data_frame={@msdu=@type00={{0x0, 0x2, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x7}, @broadcast, @device_b, @from_mac=@broadcast, {0x6, 0x4}, "", @void, @value=@ver_80211n={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}}, @random="346d53e5adb1752a32ce6612cc7c1b266b013c0420f9bf1a160c230a7537e9a211336b156e7b0c67a5c734ec1a452e2edc821766541a5ae4ba6d94209971bda7872d7b2e2e228cc47308370b37e8bd6e4ffc4ee5d933a99ce577ba8d7a5b6c70d2af662e9a3dccdfbe645ba15e423ab62da27fe436eee3443a27328752e9f91169ee0582ddf13d428c9ef03e4e7cf5cc0ca86778550616f3aab4e30b9aeffc89183c050cafce47380379171be8373367d4254cbf757c2da1b3dc5fcb4ec6fe6c9751605bededa62f96f995d93d9db7b7a35f3ad1509099370ec1124782cd6d3956bc509e280601ceb52c66b8d8b427fa01dd78511f87193b43c93b5490fe6cefadede0232b7b5313faf64073c93094e76ef5893d0398aee2599068d2687744bee9c6fafb040df6bcf9ebc7ffc295d8d9567134dafdfd1d601450bc28f43d03927fa54bed5403a642fbc97acf393caf7247307e205f2c26cc024f34290c793258f26a397c6259437bca6eeffb890af4ff17d0d9c102dc26305c00034c4a3e4fb701bb5cac473f8de85e60d471ec6c0482df5f340c21da2deac82abab8049db986dbbb3aff8333c20f48252f41fad1fa2e93712a6c"}, 0x1d0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r6, 0x8004e500, &(0x7f0000000040)=r6) (async) sendmsg(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)="5500000018007f5f00fe01210400000a001200020028000000afbe4349cb6bf323130500000083de066a5900090000000000000000f2ff00d1cdfd8d000000000000eeffffff0000", 0x48}], 0x1, 0x0, 0x0, 0x7a000000}, 0x80) [ 68.298277][ T5307] Bluetooth: hci0: command tx timeout [ 68.382733][ T1038] ------------[ cut here ]------------ [ 68.385002][ T1038] WARNING: CPU: 0 PID: 1038 at net/mac80211/sta_info.c:756 sta_info_insert_rcu+0x322/0x1900 [ 68.391603][ T1038] Modules linked in: [ 68.393224][ T1038] CPU: 0 UID: 0 PID: 1038 Comm: kworker/u4:7 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 68.397480][ T1038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.401685][ T1038] Workqueue: events_unbound cfg80211_wiphy_work [ 68.404137][ T1038] RIP: 0010:sta_info_insert_rcu+0x322/0x1900 [ 68.406457][ T1038] Code: 85 db 4c 8b 6c 24 28 0f 84 90 00 00 00 e8 06 07 13 f6 84 c0 0f 84 b4 00 00 00 e8 d9 a7 2d f6 e9 0d 01 00 00 e8 cf a7 2d f6 90 <0f> 0b 90 41 be ea ff ff ff 4c 8b 6c 24 28 4c 89 ee e8 f8 cd ff ff [ 68.414560][ T1038] RSP: 0018:ffffc90002627920 EFLAGS: 00010293 [ 68.416895][ T1038] RAX: ffffffff8b95ad61 RBX: 0000000000000000 RCX: ffff888035c72440 [ 68.419907][ T1038] RDX: 0000000000000000 RSI: 0000000000110308 RDI: 0000000000000000 [ 68.422905][ T1038] RBP: 0000000000110308 R08: ffffffff8b95acee R09: 1ffff1100813eae6 [ 68.425821][ T1038] R10: dffffc0000000000 R11: ffffed100813eae7 R12: 0000000000000000 [ 68.428925][ T1038] R13: 0000000000000100 R14: 0000000000000000 R15: ffff8880409f4d80 [ 68.432040][ T1038] FS: 0000000000000000(0000) GS:ffff88808c593000(0000) knlGS:0000000000000000 [ 68.435487][ T1038] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.437878][ T1038] CR2: 00007f14b7d7d170 CR3: 0000000043a8a000 CR4: 0000000000352ef0 [ 68.440881][ T1038] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.444234][ T1038] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.447160][ T1038] Call Trace: [ 68.448541][ T1038] [ 68.449722][ T1038] ? __pfx_minstrel_ht_rate_init+0x10/0x10 [ 68.452158][ T1038] ? rate_control_rate_init+0x135/0x680 [ 68.454393][ T1038] ieee80211_ocb_work+0x312/0x570 [ 68.456518][ T1038] ? __pfx_ieee80211_ocb_work+0x10/0x10 [ 68.458649][ T1038] ? ieee80211_iface_work+0x1035/0x1100 [ 68.461222][ T1038] ? rcu_is_watching+0x15/0xb0 [ 68.463083][ T1038] cfg80211_wiphy_work+0x2f0/0x490 [ 68.465066][ T1038] ? process_scheduled_works+0x9cb/0x18e0 [ 68.467253][ T1038] process_scheduled_works+0xac3/0x18e0 [ 68.469347][ T1038] ? __pfx_process_scheduled_works+0x10/0x10 [ 68.471599][ T1038] ? assign_work+0x367/0x3d0 [ 68.477243][ T1038] worker_thread+0x870/0xd50 [ 68.478862][ T1038] ? __kthread_parkme+0x1a8/0x200 [ 68.481032][ T1038] ? __pfx_worker_thread+0x10/0x10 [ 68.482857][ T1038] kthread+0x7b7/0x940 [ 68.484443][ T1038] ? __pfx_worker_thread+0x10/0x10 [ 68.486353][ T1038] ? __pfx_kthread+0x10/0x10 [ 68.488141][ T1038] ? __pfx_kthread+0x10/0x10 [ 68.489834][ T1038] ? __pfx_kthread+0x10/0x10 [ 68.491760][ T1038] ? __pfx_kthread+0x10/0x10 [ 68.493552][ T1038] ? _raw_spin_unlock_irq+0x23/0x50 [ 68.495528][ T1038] ? lockdep_hardirqs_on+0x9d/0x150 [ 68.497505][ T1038] ? __pfx_kthread+0x10/0x10 [ 68.499296][ T1038] ret_from_fork+0x4b/0x80 [ 68.501127][ T1038] ? __pfx_kthread+0x10/0x10 [ 68.502903][ T1038] ret_from_fork_asm+0x1a/0x30 [ 68.504867][ T1038] [ 68.506138][ T1038] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 68.508823][ T1038] CPU: 0 UID: 0 PID: 1038 Comm: kworker/u4:7 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 68.513382][ T1038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.517402][ T1038] Workqueue: events_unbound cfg80211_wiphy_work [ 68.519782][ T1038] Call Trace: [ 68.521127][ T1038] [ 68.522350][ T1038] dump_stack_lvl+0x241/0x360 [ 68.524167][ T1038] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.526103][ T1038] ? __pfx__printk+0x10/0x10 [ 68.527902][ T1038] ? vscnprintf+0x5d/0x90 [ 68.529523][ T1038] panic+0x349/0x880 [ 68.531016][ T1038] ? __warn+0x174/0x4d0 [ 68.532647][ T1038] ? __pfx_panic+0x10/0x10 [ 68.534267][ T1038] ? ret_from_fork_asm+0x1a/0x30 [ 68.536156][ T1038] __warn+0x344/0x4d0 [ 68.537657][ T1038] ? sta_info_insert_rcu+0x322/0x1900 [ 68.539703][ T1038] report_bug+0x2b3/0x500 [ 68.541394][ T1038] ? sta_info_insert_rcu+0x322/0x1900 [ 68.543422][ T1038] ? sta_info_insert_rcu+0x322/0x1900 [ 68.545465][ T1038] ? sta_info_insert_rcu+0x324/0x1900 [ 68.547433][ T1038] handle_bug+0x89/0x170 [ 68.549038][ T1038] exc_invalid_op+0x1a/0x50 [ 68.550828][ T1038] asm_exc_invalid_op+0x1a/0x20 [ 68.552907][ T1038] RIP: 0010:sta_info_insert_rcu+0x322/0x1900 [ 68.555861][ T1038] Code: 85 db 4c 8b 6c 24 28 0f 84 90 00 00 00 e8 06 07 13 f6 84 c0 0f 84 b4 00 00 00 e8 d9 a7 2d f6 e9 0d 01 00 00 e8 cf a7 2d f6 90 <0f> 0b 90 41 be ea ff ff ff 4c 8b 6c 24 28 4c 89 ee e8 f8 cd ff ff [ 68.563615][ T1038] RSP: 0018:ffffc90002627920 EFLAGS: 00010293 [ 68.565964][ T1038] RAX: ffffffff8b95ad61 RBX: 0000000000000000 RCX: ffff888035c72440 [ 68.568945][ T1038] RDX: 0000000000000000 RSI: 0000000000110308 RDI: 0000000000000000 [ 68.571899][ T1038] RBP: 0000000000110308 R08: ffffffff8b95acee R09: 1ffff1100813eae6 [ 68.574796][ T1038] R10: dffffc0000000000 R11: ffffed100813eae7 R12: 0000000000000000 [ 68.577738][ T1038] R13: 0000000000000100 R14: 0000000000000000 R15: ffff8880409f4d80 [ 68.580954][ T1038] ? sta_info_insert_rcu+0x2ae/0x1900 [ 68.583027][ T1038] ? sta_info_insert_rcu+0x321/0x1900 [ 68.585086][ T1038] ? __pfx_minstrel_ht_rate_init+0x10/0x10 [ 68.587453][ T1038] ? rate_control_rate_init+0x135/0x680 [ 68.589540][ T1038] ieee80211_ocb_work+0x312/0x570 [ 68.591552][ T1038] ? __pfx_ieee80211_ocb_work+0x10/0x10 [ 68.593711][ T1038] ? ieee80211_iface_work+0x1035/0x1100 [ 68.595833][ T1038] ? rcu_is_watching+0x15/0xb0 [ 68.597601][ T1038] cfg80211_wiphy_work+0x2f0/0x490 [ 68.599517][ T1038] ? process_scheduled_works+0x9cb/0x18e0 [ 68.601640][ T1038] process_scheduled_works+0xac3/0x18e0 [ 68.603744][ T1038] ? __pfx_process_scheduled_works+0x10/0x10 [ 68.606040][ T1038] ? assign_work+0x367/0x3d0 [ 68.607775][ T1038] worker_thread+0x870/0xd50 [ 68.609475][ T1038] ? __kthread_parkme+0x1a8/0x200 [ 68.611376][ T1038] ? __pfx_worker_thread+0x10/0x10 [ 68.613463][ T1038] kthread+0x7b7/0x940 [ 68.614986][ T1038] ? __pfx_worker_thread+0x10/0x10 [ 68.616968][ T1038] ? __pfx_kthread+0x10/0x10 [ 68.618713][ T1038] ? __pfx_kthread+0x10/0x10 [ 68.620456][ T1038] ? __pfx_kthread+0x10/0x10 [ 68.622169][ T1038] ? __pfx_kthread+0x10/0x10 [ 68.623947][ T1038] ? _raw_spin_unlock_irq+0x23/0x50 [ 68.625906][ T1038] ? lockdep_hardirqs_on+0x9d/0x150 [ 68.627871][ T1038] ? __pfx_kthread+0x10/0x10 [ 68.629678][ T1038] ret_from_fork+0x4b/0x80 [ 68.631315][ T1038] ? __pfx_kthread+0x10/0x10 [ 68.633088][ T1038] ret_from_fork_asm+0x1a/0x30 [ 68.634974][ T1038] [ 68.636410][ T1038] Kernel Offset: disabled [ 68.638065][ T1038] Rebooting in 86400 seconds..