program: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x88, 0x88, 0x8, [@datasec={0x6, 0x1, 0x0, 0xf, 0x3, [{0x3, 0x2, 0x8000002}], "8f54b7"}, @datasec={0x0, 0x15, 0x0, 0xf, 0x1, [{0x2, 0x2, 0x4}, {0xffffffff, 0x7, 0xec}, {0x4, 0x8, 0x2}, {0x3, 0x400, 0x8}, {0x3, 0x92, 0x2}, {0x4, 0xfffffffe, 0xfff}, {0x5, 0x7f, 0x81}, {0x4, 0xc, 0x7}], '@'}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x61]}}, 0x0, 0xa8, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}, 0x1, 0x0, 0x0, 0x400c000}, 0x0) sendmsg$NL80211_CMD_JOIN_OCB(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)={0x24, r3, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x971}]}, 0x24}, 0x1, 0x0, 0x0, 0x24004015}, 0x448d0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='pids.events\x00', 0x275a, 0x0) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='pids.events\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000000), 0x208e24b) sendmsg$NL80211_CMD_NEW_STATION(r5, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r3, 0x300, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x4048000) syz_80211_inject_frame(&(0x7f0000000280)=@device_b, &(0x7f0000000080)=ANY=[@ANYBLOB="88a8008ab55e5000080211170400ffffffffffffffffffffffff2400870516008c81"], 0x1e) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) syz_mount_image$minix(&(0x7f0000000040), &(0x7f0000000140)='./file1\x00', 0x42, &(0x7f0000000540)=ANY=[], 0xd, 0x1a4, &(0x7f0000000640)="$eJzs271u2lAUwPFj7GKgX7S0HapKRerQLsVAW6Ru7aNQcBGqaaKQBcRA8gJ5hrxfGKIsmULk648oBoNCAIP8/w3Y3HM/zgWudIRkAZBav6QsmmiScd98yBXPSlrSKQHYkql/vZkCSB/92ruWk04EwJZNfouq/S8uRy3Rs2FdENy58XEQz5gz9cPkROS94ce1nOSj9cW5yOdgvFaIDr9yWwph/GkknFXzf/kUrP9MnssLeSlFeSWvpeSv3w7Hv3to+TO7IQAAUkCTyrJ4TIcn6jUvf7uOXVU9I/58V73ceC12/qyK1xfG9Y/x+ZlqfKV14LQX7gPArMzK59+jh+d/PmPJ+QeQnP5g+K/pOPbRDtzk7uczNUU2uKi5C1ve3xtToi3GWmbOx4ZOZV7I/dGsc18j/2Bs9jMcR1vcajrJ79TwVtf9NPhfDEgB67h3aPUHw6/dXrNjd+z/9Wr1Z+PHt1qjbqnK3lpc3wPYX3dlQNKZAAAAAAAAAAAAAACAVb2Rt0mnAAAAAGBLlj4YJIbX8REPGCW9RwAAds5tAAAA//8YBw3V") openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) (async) r7 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents(r7, 0x0, 0x0) mkdirat(r6, &(0x7f0000000180)='./bus\x00', 0x0) (async) mkdirat(r6, &(0x7f0000000180)='./bus\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0/../file0/../file0\x00', 0x0, 0x0, 0x0) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,') (async) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,') [ 68.558213][ T5309] Bluetooth: hci0: command tx timeout [ 68.682293][ T56] ------------[ cut here ]------------ [ 68.684483][ T56] WARNING: CPU: 0 PID: 56 at net/mac80211/sta_info.c:756 sta_info_insert_rcu+0x322/0x1900 [ 68.688676][ T56] Modules linked in: [ 68.690338][ T56] CPU: 0 UID: 0 PID: 56 Comm: kworker/u4:4 Not tainted 6.14.0-syzkaller-11125-g609706855d90 #0 PREEMPT(full) [ 68.695142][ T56] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.699251][ T56] Workqueue: events_unbound cfg80211_wiphy_work [ 68.701497][ T56] RIP: 0010:sta_info_insert_rcu+0x322/0x1900 [ 68.703742][ T56] Code: 85 db 4c 8b 6c 24 28 0f 84 90 00 00 00 e8 66 24 16 f6 84 c0 0f 84 b4 00 00 00 e8 89 e4 30 f6 e9 0d 01 00 00 e8 7f e4 30 f6 90 <0f> 0b 90 41 be ea ff ff ff 4c 8b 6c 24 28 4c 89 ee e8 f8 cd ff ff [ 68.710740][ T56] RSP: 0018:ffffc9000104f920 EFLAGS: 00010293 [ 68.712969][ T56] RAX: ffffffff8b929891 RBX: 0000000000000001 RCX: ffff88801ecc2440 [ 68.715944][ T56] RDX: 0000000000000000 RSI: 000000000004ffff RDI: 0000000000000000 [ 68.719208][ T56] RBP: 000000000004ffff R08: ffffffff8b92981e R09: 1ffff1100a6202e6 [ 68.722169][ T56] R10: dffffc0000000000 R11: ffffed100a6202e7 R12: 000000000015ffff [ 68.725044][ T56] R13: 000000000000ffff R14: 000000000000feff R15: ffff888053100d80 [ 68.728261][ T56] FS: 0000000000000000(0000) GS:ffff88808c5b1000(0000) knlGS:0000000000000000 [ 68.731671][ T56] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.734061][ T56] CR2: 00007f1e30401f98 CR3: 000000003f052000 CR4: 0000000000352ef0 [ 68.736953][ T56] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.740199][ T56] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.742945][ T56] Call Trace: [ 68.744145][ T56] [ 68.745319][ T56] ? __pfx_minstrel_ht_rate_init+0x10/0x10 [ 68.747591][ T56] ? rate_control_rate_init+0x135/0x680 [ 68.749659][ T56] ieee80211_ocb_work+0x312/0x570 [ 68.751954][ T56] ? __pfx_ieee80211_ocb_work+0x10/0x10 [ 68.754272][ T56] ? ieee80211_iface_work+0x1035/0x1100 [ 68.756480][ T56] ? rcu_is_watching+0x15/0xb0 [ 68.758291][ T56] cfg80211_wiphy_work+0x2f0/0x490 [ 68.760145][ T56] ? process_scheduled_works+0x9cb/0x18e0 [ 68.762662][ T56] process_scheduled_works+0xac3/0x18e0 [ 68.764784][ T56] ? __pfx_process_scheduled_works+0x10/0x10 [ 68.767090][ T56] ? assign_work+0x367/0x3d0 [ 68.768959][ T56] worker_thread+0x870/0xd50 [ 68.770718][ T56] ? __kthread_parkme+0x1a8/0x200 [ 68.772485][ T56] ? __pfx_worker_thread+0x10/0x10 [ 68.774379][ T56] kthread+0x7b7/0x940 [ 68.775971][ T56] ? __pfx_worker_thread+0x10/0x10 [ 68.777772][ T56] ? __pfx_kthread+0x10/0x10 [ 68.779715][ T56] ? __pfx_kthread+0x10/0x10 [ 68.781595][ T56] ? __pfx_kthread+0x10/0x10 [ 68.783639][ T56] ? __pfx_kthread+0x10/0x10 [ 68.785308][ T56] ? _raw_spin_unlock_irq+0x23/0x50 [ 68.787292][ T56] ? lockdep_hardirqs_on+0x9d/0x150 [ 68.789463][ T56] ? __pfx_kthread+0x10/0x10 [ 68.791173][ T56] ret_from_fork+0x4b/0x80 [ 68.792800][ T56] ? __pfx_kthread+0x10/0x10 [ 68.794505][ T56] ret_from_fork_asm+0x1a/0x30 [ 68.796243][ T56] [ 68.797259][ T56] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 68.799812][ T56] CPU: 0 UID: 0 PID: 56 Comm: kworker/u4:4 Not tainted 6.14.0-syzkaller-11125-g609706855d90 #0 PREEMPT(full) [ 68.803755][ T56] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.807598][ T56] Workqueue: events_unbound cfg80211_wiphy_work [ 68.809825][ T56] Call Trace: [ 68.811085][ T56] [ 68.812287][ T56] dump_stack_lvl+0x241/0x360 [ 68.813936][ T56] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.815835][ T56] ? __pfx__printk+0x10/0x10 [ 68.817540][ T56] ? vscnprintf+0x5d/0x90 [ 68.819169][ T56] panic+0x349/0x880 [ 68.820728][ T56] ? __warn+0x174/0x4d0 [ 68.822421][ T56] ? __pfx_panic+0x10/0x10 [ 68.824227][ T56] ? ret_from_fork_asm+0x1a/0x30 [ 68.826082][ T56] __warn+0x344/0x4d0 [ 68.827655][ T56] ? sta_info_insert_rcu+0x322/0x1900 [ 68.829762][ T56] report_bug+0x2b3/0x500 [ 68.831519][ T56] ? sta_info_insert_rcu+0x322/0x1900 [ 68.833482][ T56] ? sta_info_insert_rcu+0x322/0x1900 [ 68.835322][ T56] ? sta_info_insert_rcu+0x324/0x1900 [ 68.837208][ T56] handle_bug+0x89/0x170 [ 68.838848][ T56] exc_invalid_op+0x1a/0x50 [ 68.840564][ T56] asm_exc_invalid_op+0x1a/0x20 [ 68.842397][ T56] RIP: 0010:sta_info_insert_rcu+0x322/0x1900 [ 68.844447][ T56] Code: 85 db 4c 8b 6c 24 28 0f 84 90 00 00 00 e8 66 24 16 f6 84 c0 0f 84 b4 00 00 00 e8 89 e4 30 f6 e9 0d 01 00 00 e8 7f e4 30 f6 90 <0f> 0b 90 41 be ea ff ff ff 4c 8b 6c 24 28 4c 89 ee e8 f8 cd ff ff [ 68.851573][ T56] RSP: 0018:ffffc9000104f920 EFLAGS: 00010293 [ 68.854345][ T56] RAX: ffffffff8b929891 RBX: 0000000000000001 RCX: ffff88801ecc2440 [ 68.857558][ T56] RDX: 0000000000000000 RSI: 000000000004ffff RDI: 0000000000000000 [ 68.860482][ T56] RBP: 000000000004ffff R08: ffffffff8b92981e R09: 1ffff1100a6202e6 [ 68.863398][ T56] R10: dffffc0000000000 R11: ffffed100a6202e7 R12: 000000000015ffff [ 68.866009][ T56] R13: 000000000000ffff R14: 000000000000feff R15: ffff888053100d80 [ 68.869124][ T56] ? sta_info_insert_rcu+0x2ae/0x1900 [ 68.871184][ T56] ? sta_info_insert_rcu+0x321/0x1900 [ 68.873430][ T56] ? __pfx_minstrel_ht_rate_init+0x10/0x10 [ 68.875949][ T56] ? rate_control_rate_init+0x135/0x680 [ 68.878077][ T56] ieee80211_ocb_work+0x312/0x570 [ 68.880055][ T56] ? __pfx_ieee80211_ocb_work+0x10/0x10 [ 68.882074][ T56] ? ieee80211_iface_work+0x1035/0x1100 [ 68.884065][ T56] ? rcu_is_watching+0x15/0xb0 [ 68.885861][ T56] cfg80211_wiphy_work+0x2f0/0x490 [ 68.887922][ T56] ? process_scheduled_works+0x9cb/0x18e0 [ 68.890174][ T56] process_scheduled_works+0xac3/0x18e0 [ 68.892249][ T56] ? __pfx_process_scheduled_works+0x10/0x10 [ 68.894483][ T56] ? assign_work+0x367/0x3d0 [ 68.896282][ T56] worker_thread+0x870/0xd50 [ 68.898106][ T56] ? __kthread_parkme+0x1a8/0x200 [ 68.900080][ T56] ? __pfx_worker_thread+0x10/0x10 [ 68.902094][ T56] kthread+0x7b7/0x940 [ 68.903758][ T56] ? __pfx_worker_thread+0x10/0x10 [ 68.905742][ T56] ? __pfx_kthread+0x10/0x10 [ 68.907522][ T56] ? __pfx_kthread+0x10/0x10 [ 68.909275][ T56] ? __pfx_kthread+0x10/0x10 [ 68.911123][ T56] ? __pfx_kthread+0x10/0x10 [ 68.912915][ T56] ? _raw_spin_unlock_irq+0x23/0x50 [ 68.914983][ T56] ? lockdep_hardirqs_on+0x9d/0x150 [ 68.916945][ T56] ? __pfx_kthread+0x10/0x10 [ 68.918774][ T56] ret_from_fork+0x4b/0x80 [ 68.920396][ T56] ? __pfx_kthread+0x10/0x10 [ 68.922056][ T56] ret_from_fork_asm+0x1a/0x30 [ 68.923862][ T56] [ 68.925154][ T56] Kernel Offset: disabled [ 68.926849][ T56] Rebooting in 86400 seconds..