program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x5c}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000000)={0x40, r5, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x5, 0x13, [{0x3}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x0) [ 73.869779][ T5310] Bluetooth: hci0: command tx timeout [ 73.976623][ T5326] ------------[ cut here ]------------ [ 73.978822][ T5326] WARNING: CPU: 0 PID: 5326 at include/net/mac80211.h:7028 minstrel_ht_update_caps+0x44a/0x17e0 [ 73.982856][ T5326] Modules linked in: [ 73.984350][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00099-g7758b206117d #0 [ 73.988040][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 73.992039][ T5326] RIP: 0010:minstrel_ht_update_caps+0x44a/0x17e0 [ 73.994420][ T5326] Code: da e8 9a d7 9d f9 e9 24 ff ff ff e8 20 d8 3c f6 eb 17 e8 19 d8 3c f6 eb 14 e8 12 d8 3c f6 49 c1 fd 38 eb 0c e8 07 d8 3c f6 90 <0f> 0b 90 45 31 ed 49 bf 00 00 00 00 00 fc ff df 48 8b 3c 24 4c 8b [ 74.001216][ T5326] RSP: 0018:ffffc9000d1cef80 EFLAGS: 00010283 [ 74.003456][ T5326] RAX: ffffffff8b580259 RBX: 000000000000000c RCX: 0000000000040000 [ 74.006226][ T5326] RDX: ffffc9000d412000 RSI: 0000000000000391 RDI: 0000000000000392 [ 74.009260][ T5326] RBP: 0000000000000000 R08: ffffffff8b580175 R09: 0000000000000000 [ 74.012114][ T5326] R10: ffff888043154008 R11: ffffed100862ad49 R12: 1ffff1100861861c [ 74.014919][ T5326] R13: 0b00000000000000 R14: ffff8880430c30e0 R15: 0100000000000000 [ 74.017859][ T5326] FS: 00007f859b2566c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 74.020992][ T5326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.023470][ T5326] CR2: 0000000020001080 CR3: 00000000432de000 CR4: 0000000000352ef0 [ 74.026307][ T5326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.029152][ T5326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.032003][ T5326] Call Trace: [ 74.033364][ T5326] [ 74.034444][ T5326] ? __warn+0x168/0x4e0 [ 74.035952][ T5326] ? minstrel_ht_update_caps+0x44a/0x17e0 [ 74.037948][ T5326] ? report_bug+0x2b3/0x500 [ 74.039774][ T5326] ? minstrel_ht_update_caps+0x44a/0x17e0 [ 74.041827][ T5326] ? handle_bug+0x60/0x90 [ 74.043448][ T5326] ? exc_invalid_op+0x1a/0x50 [ 74.045237][ T5326] ? asm_exc_invalid_op+0x1a/0x20 [ 74.047066][ T5326] ? minstrel_ht_update_caps+0x365/0x17e0 [ 74.049037][ T5326] ? minstrel_ht_update_caps+0x449/0x17e0 [ 74.051261][ T5326] ? minstrel_ht_update_caps+0x44a/0x17e0 [ 74.053186][ T5326] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 74.055232][ T5326] ? __pfx_minstrel_ht_rate_init+0x10/0x10 [ 74.057474][ T5326] rate_control_rate_init+0x3cf/0x5f0 [ 74.059572][ T5326] ? rate_control_rate_init+0xe3/0x5f0 [ 74.061599][ T5326] sta_apply_auth_flags+0x1b6/0x410 [ 74.063571][ T5326] sta_apply_parameters+0xe23/0x1550 [ 74.065662][ T5326] ieee80211_add_station+0x3da/0x630 [ 74.067571][ T5326] rdev_add_station+0x11b/0x2b0 [ 74.069442][ T5326] nl80211_new_station+0x1d53/0x2550 [ 74.071531][ T5326] ? __pfx_nl80211_new_station+0x10/0x10 [ 74.073722][ T5326] ? netdev_run_todo+0xf88/0x1000 [ 74.075728][ T5326] genl_rcv_msg+0xb14/0xec0 [ 74.077511][ T5326] ? mark_lock+0x9a/0x360 [ 74.079073][ T5326] ? __pfx_genl_rcv_msg+0x10/0x10 [ 74.080956][ T5326] ? __pfx_lock_acquire+0x10/0x10 [ 74.082874][ T5326] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 74.084718][ T5326] ? __pfx_nl80211_new_station+0x10/0x10 [ 74.086624][ T5326] ? __pfx_nl80211_post_doit+0x10/0x10 [ 74.088548][ T5326] ? __pfx___might_resched+0x10/0x10 [ 74.090526][ T5326] netlink_rcv_skb+0x1e3/0x430 [ 74.092347][ T5326] ? __pfx_genl_rcv_msg+0x10/0x10 [ 74.094307][ T5326] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 74.096382][ T5326] ? __netlink_deliver_tap+0x77e/0x7c0 [ 74.098522][ T5326] genl_rcv+0x28/0x40 [ 74.100234][ T5326] netlink_unicast+0x7f6/0x990 [ 74.102138][ T5326] ? __pfx_netlink_unicast+0x10/0x10 [ 74.104233][ T5326] ? __virt_addr_valid+0x183/0x530 [ 74.106246][ T5326] ? __check_object_size+0x48e/0x900 [ 74.108329][ T5326] netlink_sendmsg+0x8e4/0xcb0 [ 74.110488][ T5326] ? __pfx_netlink_sendmsg+0x10/0x10 [ 74.112486][ T5326] ? aa_sock_msg_perm+0x91/0x160 [ 74.114498][ T5326] ? __pfx_netlink_sendmsg+0x10/0x10 [ 74.116603][ T5326] __sock_sendmsg+0x221/0x270 [ 74.118455][ T5326] ____sys_sendmsg+0x52a/0x7e0 [ 74.120462][ T5326] ? __pfx_____sys_sendmsg+0x10/0x10 [ 74.122536][ T5326] __sys_sendmsg+0x292/0x380 [ 74.124331][ T5326] ? __pfx___sys_sendmsg+0x10/0x10 [ 74.126377][ T5326] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 74.128812][ T5326] ? do_syscall_64+0x100/0x230 [ 74.130772][ T5326] ? do_syscall_64+0xb6/0x230 [ 74.132600][ T5326] do_syscall_64+0xf3/0x230 [ 74.134237][ T5326] ? clear_bhb_loop+0x35/0x90 [ 74.136030][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.138203][ T5326] RIP: 0033:0x7f859a37e719 [ 74.140033][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.147269][ T5326] RSP: 002b:00007f859b256038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 74.150511][ T5326] RAX: ffffffffffffffda RBX: 00007f859a535f80 RCX: 00007f859a37e719 [ 74.153425][ T5326] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000006 [ 74.156243][ T5326] RBP: 00007f859a3f139e R08: 0000000000000000 R09: 0000000000000000 [ 74.158969][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.161917][ T5326] R13: 0000000000000000 R14: 00007f859a535f80 R15: 00007fff6125fb68 [ 74.164687][ T5326] [ 74.165765][ T5326] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 74.168383][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00099-g7758b206117d #0 [ 74.171849][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.175699][ T5326] Call Trace: [ 74.176994][ T5326] [ 74.178184][ T5326] dump_stack_lvl+0x241/0x360 [ 74.179992][ T5326] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.181867][ T5326] ? __pfx__printk+0x10/0x10 [ 74.183620][ T5326] ? vscnprintf+0x5d/0x90 [ 74.185236][ T5326] panic+0x349/0x880 [ 74.186794][ T5326] ? __warn+0x177/0x4e0 [ 74.188398][ T5326] ? __pfx_panic+0x10/0x10 [ 74.190082][ T5326] __warn+0x34b/0x4e0 [ 74.191481][ T5326] ? minstrel_ht_update_caps+0x44a/0x17e0 [ 74.193618][ T5326] report_bug+0x2b3/0x500 [ 74.195317][ T5326] ? minstrel_ht_update_caps+0x44a/0x17e0 [ 74.197491][ T5326] handle_bug+0x60/0x90 [ 74.199057][ T5326] exc_invalid_op+0x1a/0x50 [ 74.200762][ T5326] asm_exc_invalid_op+0x1a/0x20 [ 74.202615][ T5326] RIP: 0010:minstrel_ht_update_caps+0x44a/0x17e0 [ 74.205325][ T5326] Code: da e8 9a d7 9d f9 e9 24 ff ff ff e8 20 d8 3c f6 eb 17 e8 19 d8 3c f6 eb 14 e8 12 d8 3c f6 49 c1 fd 38 eb 0c e8 07 d8 3c f6 90 <0f> 0b 90 45 31 ed 49 bf 00 00 00 00 00 fc ff df 48 8b 3c 24 4c 8b [ 74.212496][ T5326] RSP: 0018:ffffc9000d1cef80 EFLAGS: 00010283 [ 74.214722][ T5326] RAX: ffffffff8b580259 RBX: 000000000000000c RCX: 0000000000040000 [ 74.217469][ T5326] RDX: ffffc9000d412000 RSI: 0000000000000391 RDI: 0000000000000392 [ 74.219977][ T5326] RBP: 0000000000000000 R08: ffffffff8b580175 R09: 0000000000000000 [ 74.222393][ T5326] R10: ffff888043154008 R11: ffffed100862ad49 R12: 1ffff1100861861c [ 74.224974][ T5326] R13: 0b00000000000000 R14: ffff8880430c30e0 R15: 0100000000000000 [ 74.227548][ T5326] ? minstrel_ht_update_caps+0x365/0x17e0 [ 74.229263][ T5326] ? minstrel_ht_update_caps+0x449/0x17e0 [ 74.231425][ T5326] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 74.233504][ T5326] ? __pfx_minstrel_ht_rate_init+0x10/0x10 [ 74.235819][ T5326] rate_control_rate_init+0x3cf/0x5f0 [ 74.237914][ T5326] ? rate_control_rate_init+0xe3/0x5f0 [ 74.240053][ T5326] sta_apply_auth_flags+0x1b6/0x410 [ 74.242059][ T5326] sta_apply_parameters+0xe23/0x1550 [ 74.244061][ T5326] ieee80211_add_station+0x3da/0x630 [ 74.245998][ T5326] rdev_add_station+0x11b/0x2b0 [ 74.247752][ T5326] nl80211_new_station+0x1d53/0x2550 [ 74.249496][ T5326] ? __pfx_nl80211_new_station+0x10/0x10 [ 74.251395][ T5326] ? netdev_run_todo+0xf88/0x1000 [ 74.253295][ T5326] genl_rcv_msg+0xb14/0xec0 [ 74.254812][ T5326] ? mark_lock+0x9a/0x360 [ 74.256231][ T5326] ? __pfx_genl_rcv_msg+0x10/0x10 [ 74.257849][ T5326] ? __pfx_lock_acquire+0x10/0x10 [ 74.259561][ T5326] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 74.261340][ T5326] ? __pfx_nl80211_new_station+0x10/0x10 [ 74.263204][ T5326] ? __pfx_nl80211_post_doit+0x10/0x10 [ 74.264953][ T5326] ? __pfx___might_resched+0x10/0x10 [ 74.266813][ T5326] netlink_rcv_skb+0x1e3/0x430 [ 74.268435][ T5326] ? __pfx_genl_rcv_msg+0x10/0x10 [ 74.270238][ T5326] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 74.272202][ T5326] ? __netlink_deliver_tap+0x77e/0x7c0 [ 74.274188][ T5326] genl_rcv+0x28/0x40 [ 74.275741][ T5326] netlink_unicast+0x7f6/0x990 [ 74.277513][ T5326] ? __pfx_netlink_unicast+0x10/0x10 [ 74.279364][ T5326] ? __virt_addr_valid+0x183/0x530 [ 74.281049][ T5326] ? __check_object_size+0x48e/0x900 [ 74.283011][ T5326] netlink_sendmsg+0x8e4/0xcb0 [ 74.284748][ T5326] ? __pfx_netlink_sendmsg+0x10/0x10 [ 74.286629][ T5326] ? aa_sock_msg_perm+0x91/0x160 [ 74.288365][ T5326] ? __pfx_netlink_sendmsg+0x10/0x10 [ 74.290278][ T5326] __sock_sendmsg+0x221/0x270 [ 74.292100][ T5326] ____sys_sendmsg+0x52a/0x7e0 [ 74.293936][ T5326] ? __pfx_____sys_sendmsg+0x10/0x10 [ 74.295946][ T5326] __sys_sendmsg+0x292/0x380 [ 74.297728][ T5326] ? __pfx___sys_sendmsg+0x10/0x10 [ 74.299645][ T5326] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 74.301938][ T5326] ? do_syscall_64+0x100/0x230 [ 74.303690][ T5326] ? do_syscall_64+0xb6/0x230 [ 74.305331][ T5326] do_syscall_64+0xf3/0x230 [ 74.307134][ T5326] ? clear_bhb_loop+0x35/0x90 [ 74.308943][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.310807][ T5326] RIP: 0033:0x7f859a37e719 [ 74.312358][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.319007][ T5326] RSP: 002b:00007f859b256038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 74.321782][ T5326] RAX: ffffffffffffffda RBX: 00007f859a535f80 RCX: 00007f859a37e719 [ 74.324579][ T5326] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000006 [ 74.327271][ T5326] RBP: 00007f859a3f139e R08: 0000000000000000 R09: 0000000000000000 [ 74.330177][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.333173][ T5326] R13: 0000000000000000 R14: 00007f859a535f80 R15: 00007fff6125fb68 [ 74.336275][ T5326] [ 74.337668][ T5326] Kernel Offset: disabled [ 74.339416][ T5326] Rebooting in 86400 seconds..