program: timer_create(0x3, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{}, {0x0, 0x3938700}}, &(0x7f0000000080)) (async) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async) io_setup(0x5, &(0x7f0000000740)) (async) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) fallocate(r1, 0x20, 0x4000, 0x10000) io_setup(0x5, &(0x7f0000000040)=0x0) io_submit(r2, 0x0, &(0x7f0000000280)) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}, 0x1, 0x0, 0x0, 0x400c000}, 0x0) sendmsg$NL80211_CMD_JOIN_OCB(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)={0x24, r6, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x971}]}, 0x24}, 0x1, 0x0, 0x0, 0x24004015}, 0x448d0) (async) syz_80211_inject_frame(&(0x7f0000000280)=@device_b, &(0x7f0000000a80)=@data_frame={@a_msdu=@type00={{0x0, 0x2, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {}, @device_b, @broadcast, @from_mac=@broadcast, {0x4, 0x2}, "", @value={0x1, 0x0, 0x3}}, @random="daf8d179a2e34aacd4e9444834f055d3f3c7e1a4ec53649667ba64318541951e112454304496a5a5660724f0a722fff3a17f0aaf0e27e9adc1f6620e378dd029da2ab1141c651d3ca18aaecb5c649f7ed6cfe3f34e411edc5645f01b66a912d93ce6881eb681002593f6489b0350b6554d7c2594c3485a63d25a380ace253bcea77166a67086f0f6d83becfff3f5c0e9d173295f7c3b1cfa760b0393a9fb7661564fd7a96e77d2e1dbac4f15ae950c9906224dfa449debda4ee0d5c8a8aaeaba5e90cf69177ff48b1589d3e2e93195a388ddbe372481a3c07760d574dbd9602c232680e4647516774ee956649ee8d69cffedb210ec70b5fb546c47b1e110849989b84ecfc9591eccafaf640b68667a2437212b1300724e348f5c549e017a94ad915b6d78654f825ce8587b2253218f18f9d6a932439bf323e400c75fd15e4209b595446bd2c632daf49866185fdbf52b50bc0f59c3021b59fdd4d0117d99516be5d8f8b3009ecb8b196147acfb1efccb121f3aaba776fd6b33c8208028ee8c2aa40735f291d477f90d27c58e198688785ee08d5bb6b72922489d46c2b7fdb6e99afd57c0ee168f5a250ce0948a0710e871b6ea282a8cc6bcb70b91e82f7a848aaf0cc0ef62848f2d61dc204c870c3977da124f3f31c4f37ff5919c3baf5e5cc507116a453731b1990b3e604930e0b7588ac550b1327999ab30bd054d40a35cad4e5bb7ed96ed93174b5abc0c6756f30677c5e79d5027e22799360c06676ea3853dc217041b3d7324def69685295f054ef71df1eb85117b9212b605c7bc0a9260bbd40f782f4d66791ef044cf86210a6ccba89457002e91607e0bae450d25bfcf242236b13d0daeef42421c0502d26d4532c67de407653433457d92ccee913c0def674f7e424d1b647257b8c7a327e12eaaafb644197a8138f06f35fc1ce9b062a310f4a9c1d3f4caadf668a326567c8cb8"}, 0x2cb) r8 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) [ 70.115901][ T5300] Bluetooth: hci0: command tx timeout [ 70.218784][ T5316] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 70.223374][ T73] ------------[ cut here ]------------ [ 70.225445][ T73] WARNING: CPU: 0 PID: 73 at net/mac80211/sta_info.c:738 sta_info_insert_rcu+0x322/0x1900 [ 70.229304][ T73] Modules linked in: [ 70.230779][ T73] CPU: 0 UID: 0 PID: 73 Comm: kworker/u4:4 Not tainted 6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0 [ 70.235504][ T73] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.239415][ T73] Workqueue: events_unbound cfg80211_wiphy_work [ 70.241764][ T73] RIP: 0010:sta_info_insert_rcu+0x322/0x1900 [ 70.244227][ T73] Code: 85 db 4c 8b 6c 24 28 0f 84 90 00 00 00 e8 66 57 52 f6 84 c0 0f 84 b4 00 00 00 e8 a9 b9 6c f6 e9 0d 01 00 00 e8 9f b9 6c f6 90 <0f> 0b 90 41 be ea ff ff ff 4c 8b 6c 24 28 4c 89 ee e8 98 d0 ff ff [ 70.251275][ T73] RSP: 0018:ffffc9000104f9c0 EFLAGS: 00010293 [ 70.253649][ T73] RAX: ffffffff8b32c891 RBX: 0000000000000001 RCX: ffff88801f370000 [ 70.256555][ T73] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 70.259443][ T73] RBP: 00000000ffffffff R08: ffffffff8b32c81e R09: 1ffff11008676ae6 [ 70.262158][ T73] R10: dffffc0000000000 R11: ffffed1008676ae7 R12: 00000000ffeeffff [ 70.264982][ T73] R13: 000000000000ffff R14: 000000000000feff R15: ffff8880433b4d80 [ 70.267737][ T73] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 70.270991][ T73] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.273351][ T73] CR2: 00007f55d5d5efe0 CR3: 0000000042dca000 CR4: 0000000000352ef0 [ 70.276079][ T73] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.278798][ T73] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.281533][ T73] Call Trace: [ 70.282705][ T73] [ 70.283903][ T73] ? __warn+0x165/0x4d0 [ 70.285306][ T73] ? sta_info_insert_rcu+0x322/0x1900 [ 70.287181][ T73] ? report_bug+0x2b3/0x500 [ 70.288773][ T73] ? sta_info_insert_rcu+0x322/0x1900 [ 70.290586][ T73] ? handle_bug+0x60/0x90 [ 70.292086][ T73] ? exc_invalid_op+0x1a/0x50 [ 70.293825][ T73] ? asm_exc_invalid_op+0x1a/0x20 [ 70.295631][ T73] ? sta_info_insert_rcu+0x2ae/0x1900 [ 70.297488][ T73] ? sta_info_insert_rcu+0x321/0x1900 [ 70.299299][ T73] ? sta_info_insert_rcu+0x322/0x1900 [ 70.301114][ T73] ? __pfx_minstrel_ht_rate_init+0x10/0x10 [ 70.303283][ T73] ? rate_control_rate_init+0x135/0x680 [ 70.305139][ T73] ieee80211_ocb_work+0x301/0x560 [ 70.306811][ T73] ? __pfx_ieee80211_ocb_work+0x10/0x10 [ 70.308738][ T73] ? ieee80211_iface_work+0xe4f/0xf20 [ 70.310566][ T73] ? rcu_is_watching+0x15/0xb0 [ 70.312221][ T73] cfg80211_wiphy_work+0x2db/0x480 [ 70.314883][ T73] ? process_scheduled_works+0x976/0x1840 [ 70.316906][ T73] process_scheduled_works+0xa66/0x1840 [ 70.318889][ T73] ? __pfx_process_scheduled_works+0x10/0x10 [ 70.320986][ T73] ? assign_work+0x364/0x3d0 [ 70.322612][ T73] worker_thread+0x870/0xd30 [ 70.324328][ T73] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 70.326319][ T73] ? __kthread_parkme+0x169/0x1d0 [ 70.328097][ T73] ? __pfx_worker_thread+0x10/0x10 [ 70.329806][ T73] kthread+0x2f0/0x390 [ 70.331267][ T73] ? __pfx_worker_thread+0x10/0x10 [ 70.333215][ T73] ? __pfx_kthread+0x10/0x10 [ 70.334979][ T73] ret_from_fork+0x4b/0x80 [ 70.336551][ T73] ? __pfx_kthread+0x10/0x10 [ 70.338223][ T73] ret_from_fork_asm+0x1a/0x30 [ 70.339908][ T73] [ 70.341071][ T73] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 70.343697][ T73] CPU: 0 UID: 0 PID: 73 Comm: kworker/u4:4 Not tainted 6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0 [ 70.347399][ T73] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.351056][ T73] Workqueue: events_unbound cfg80211_wiphy_work [ 70.353190][ T73] Call Trace: [ 70.354440][ T73] [ 70.355498][ T73] dump_stack_lvl+0x241/0x360 [ 70.357121][ T73] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.358919][ T73] ? __pfx__printk+0x10/0x10 [ 70.360605][ T73] ? _printk+0xd5/0x120 [ 70.362083][ T73] ? __init_begin+0x41000/0x41000 [ 70.363919][ T73] ? vscnprintf+0x5d/0x90 [ 70.365449][ T73] panic+0x349/0x880 [ 70.366834][ T73] ? __warn+0x174/0x4d0 [ 70.368321][ T73] ? __pfx_panic+0x10/0x10 [ 70.369911][ T73] ? ret_from_fork_asm+0x1a/0x30 [ 70.371623][ T73] __warn+0x344/0x4d0 [ 70.373033][ T73] ? sta_info_insert_rcu+0x322/0x1900 [ 70.374830][ T73] report_bug+0x2b3/0x500 [ 70.376335][ T73] ? sta_info_insert_rcu+0x322/0x1900 [ 70.378324][ T73] handle_bug+0x60/0x90 [ 70.379807][ T73] exc_invalid_op+0x1a/0x50 [ 70.381392][ T73] asm_exc_invalid_op+0x1a/0x20 [ 70.383051][ T73] RIP: 0010:sta_info_insert_rcu+0x322/0x1900 [ 70.385124][ T73] Code: 85 db 4c 8b 6c 24 28 0f 84 90 00 00 00 e8 66 57 52 f6 84 c0 0f 84 b4 00 00 00 e8 a9 b9 6c f6 e9 0d 01 00 00 e8 9f b9 6c f6 90 <0f> 0b 90 41 be ea ff ff ff 4c 8b 6c 24 28 4c 89 ee e8 98 d0 ff ff [ 70.391832][ T73] RSP: 0018:ffffc9000104f9c0 EFLAGS: 00010293 [ 70.393934][ T73] RAX: ffffffff8b32c891 RBX: 0000000000000001 RCX: ffff88801f370000 [ 70.396756][ T73] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 70.399543][ T73] RBP: 00000000ffffffff R08: ffffffff8b32c81e R09: 1ffff11008676ae6 [ 70.402345][ T73] R10: dffffc0000000000 R11: ffffed1008676ae7 R12: 00000000ffeeffff [ 70.405093][ T73] R13: 000000000000ffff R14: 000000000000feff R15: ffff8880433b4d80 [ 70.407976][ T73] ? sta_info_insert_rcu+0x2ae/0x1900 [ 70.409808][ T73] ? sta_info_insert_rcu+0x321/0x1900 [ 70.411635][ T73] ? __pfx_minstrel_ht_rate_init+0x10/0x10 [ 70.413669][ T73] ? rate_control_rate_init+0x135/0x680 [ 70.415761][ T73] ieee80211_ocb_work+0x301/0x560 [ 70.417565][ T73] ? __pfx_ieee80211_ocb_work+0x10/0x10 [ 70.419496][ T73] ? ieee80211_iface_work+0xe4f/0xf20 [ 70.421411][ T73] ? rcu_is_watching+0x15/0xb0 [ 70.423177][ T73] cfg80211_wiphy_work+0x2db/0x480 [ 70.425136][ T73] ? process_scheduled_works+0x976/0x1840 [ 70.427266][ T73] process_scheduled_works+0xa66/0x1840 [ 70.429352][ T73] ? __pfx_process_scheduled_works+0x10/0x10 [ 70.431540][ T73] ? assign_work+0x364/0x3d0 [ 70.433267][ T73] worker_thread+0x870/0xd30 [ 70.434964][ T73] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 70.437201][ T73] ? __kthread_parkme+0x169/0x1d0 [ 70.438972][ T73] ? __pfx_worker_thread+0x10/0x10 [ 70.440858][ T73] kthread+0x2f0/0x390 [ 70.442354][ T73] ? __pfx_worker_thread+0x10/0x10 [ 70.444199][ T73] ? __pfx_kthread+0x10/0x10 [ 70.445939][ T73] ret_from_fork+0x4b/0x80 [ 70.447605][ T73] ? __pfx_kthread+0x10/0x10 [ 70.449191][ T73] ret_from_fork_asm+0x1a/0x30 [ 70.450967][ T73] [ 70.452261][ T73] Kernel Offset: disabled [ 70.453947][ T73] Rebooting in 86400 seconds..