program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x68, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x31, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x71, 0x7, {0x1, 0x1, 0x0, 0x1, 0x2, 0x9, 0x3}}, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x68}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000440)={0x44, r5, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0xa, 0x13, [{0x5}, {0x0, 0x1}, {0x9}, {0x36}, {0x22}, {0x1b, 0x1}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x40c5}, 0x0) [ 58.781929][ T5325] ------------[ cut here ]------------ [ 58.784226][ T5325] WARNING: CPU: 0 PID: 5325 at include/net/mac80211.h:7028 minstrel_ht_update_caps+0x44a/0x17e0 [ 58.788229][ T5325] Modules linked in: [ 58.789775][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.12.0-rc7-syzkaller-00189-ge8bdb3c8be08 #0 [ 58.793704][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.797789][ T5325] RIP: 0010:minstrel_ht_update_caps+0x44a/0x17e0 [ 58.800161][ T5325] Code: da e8 aa a8 9d f9 e9 24 ff ff ff e8 e0 50 3c f6 eb 17 e8 d9 50 3c f6 eb 14 e8 d2 50 3c f6 49 c1 fd 38 eb 0c e8 c7 50 3c f6 90 <0f> 0b 90 45 31 ed 49 bf 00 00 00 00 00 fc ff df 48 8b 3c 24 4c 8b [ 58.807293][ T5325] RSP: 0018:ffffc9000d1eef80 EFLAGS: 00010287 [ 58.809585][ T5325] RAX: ffffffff8b589949 RBX: 000000000000000c RCX: 0000000000040000 [ 58.812491][ T5325] RDX: ffffc9000da21000 RSI: 000000000000040e RDI: 000000000000040f [ 58.815476][ T5325] RBP: 0000000000000000 R08: ffffffff8b589865 R09: 0000000000000000 [ 58.818488][ T5325] R10: ffff8880502dc008 R11: ffffed100a05bd49 R12: 1ffff1100893d61c [ 58.821320][ T5325] R13: 0b00000000000000 R14: ffff8880449eb0e0 R15: 0100000000000000 [ 58.824556][ T5325] FS: 00007f5f02c4d6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 58.827936][ T5325] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.830346][ T5325] CR2: 0000000020001080 CR3: 00000000500b2000 CR4: 0000000000352ef0 [ 58.833144][ T5325] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.836113][ T5325] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.838980][ T5325] Call Trace: [ 58.840268][ T5325] [ 58.841422][ T5325] ? __warn+0x168/0x4e0 [ 58.842944][ T5325] ? minstrel_ht_update_caps+0x44a/0x17e0 [ 58.845149][ T5325] ? report_bug+0x2b3/0x500 [ 58.846843][ T5325] ? minstrel_ht_update_caps+0x44a/0x17e0 [ 58.848955][ T5325] ? handle_bug+0x60/0x90 [ 58.850564][ T5325] ? exc_invalid_op+0x1a/0x50 [ 58.852332][ T5325] ? asm_exc_invalid_op+0x1a/0x20 [ 58.854337][ T5325] ? minstrel_ht_update_caps+0x365/0x17e0 [ 58.856485][ T5325] ? minstrel_ht_update_caps+0x449/0x17e0 [ 58.858682][ T5325] ? minstrel_ht_update_caps+0x44a/0x17e0 [ 58.860858][ T5325] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 58.862842][ T5325] ? __pfx_minstrel_ht_rate_init+0x10/0x10 [ 58.865108][ T5325] rate_control_rate_init+0x3cf/0x5f0 [ 58.867158][ T5325] ? rate_control_rate_init+0xe3/0x5f0 [ 58.869127][ T5325] sta_apply_auth_flags+0x1b6/0x410 [ 58.870989][ T5325] sta_apply_parameters+0xe23/0x1550 [ 58.872873][ T5325] ieee80211_add_station+0x3da/0x630 [ 58.874840][ T5325] rdev_add_station+0x11b/0x2b0 [ 58.876721][ T5325] nl80211_new_station+0x1d53/0x2550 [ 58.878780][ T5325] ? __pfx_nl80211_new_station+0x10/0x10 [ 58.880914][ T5325] ? netdev_run_todo+0xf88/0x1000 [ 58.882802][ T5325] genl_rcv_msg+0xb14/0xec0 [ 58.884474][ T5325] ? mark_lock+0x9a/0x360 [ 58.886026][ T5325] ? __pfx_genl_rcv_msg+0x10/0x10 [ 58.887889][ T5325] ? __pfx_lock_acquire+0x10/0x10 [ 58.889737][ T5325] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 58.891796][ T5325] ? __pfx_nl80211_new_station+0x10/0x10 [ 58.893895][ T5325] ? __pfx_nl80211_post_doit+0x10/0x10 [ 58.895991][ T5325] ? __pfx___might_resched+0x10/0x10 [ 58.898041][ T5325] netlink_rcv_skb+0x1e3/0x430 [ 58.899729][ T5325] ? __pfx_genl_rcv_msg+0x10/0x10 [ 58.901558][ T5325] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 58.903682][ T5325] ? __netlink_deliver_tap+0x77e/0x7c0 [ 58.905714][ T5325] genl_rcv+0x28/0x40 [ 58.907244][ T5325] netlink_unicast+0x7f6/0x990 [ 58.909034][ T5325] ? __pfx_netlink_unicast+0x10/0x10 [ 58.911046][ T5325] ? __virt_addr_valid+0x183/0x530 [ 58.912922][ T5325] ? __check_object_size+0x48e/0x900 [ 58.914928][ T5325] netlink_sendmsg+0x8e4/0xcb0 [ 58.916749][ T5325] ? __pfx_netlink_sendmsg+0x10/0x10 [ 58.918791][ T5325] ? aa_sock_msg_perm+0x91/0x160 [ 58.920825][ T5325] ? __pfx_netlink_sendmsg+0x10/0x10 [ 58.922703][ T5325] __sock_sendmsg+0x221/0x270 [ 58.924550][ T5325] ____sys_sendmsg+0x52a/0x7e0 [ 58.926371][ T5325] ? __pfx_____sys_sendmsg+0x10/0x10 [ 58.928447][ T5325] __sys_sendmsg+0x292/0x380 [ 58.930041][ T5325] ? __pfx___sys_sendmsg+0x10/0x10 [ 58.932014][ T5325] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 58.934506][ T5325] ? do_syscall_64+0x100/0x230 [ 58.936369][ T5325] ? do_syscall_64+0xb6/0x230 [ 58.938144][ T5325] do_syscall_64+0xf3/0x230 [ 58.939855][ T5325] ? clear_bhb_loop+0x35/0x90 [ 58.941574][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.943764][ T5325] RIP: 0033:0x7f5f01d7e719 [ 58.945484][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.952636][ T5325] RSP: 002b:00007f5f02c4d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.955836][ T5325] RAX: ffffffffffffffda RBX: 00007f5f01f35f80 RCX: 00007f5f01d7e719 [ 58.958665][ T5325] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000006 [ 58.961622][ T5325] RBP: 00007f5f01df175e R08: 0000000000000000 R09: 0000000000000000 [ 58.964659][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 58.967545][ T5325] R13: 0000000000000000 R14: 00007f5f01f35f80 R15: 00007ffedb5ecb78 [ 58.970568][ T5325] [ 58.971800][ T5325] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 58.974592][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.12.0-rc7-syzkaller-00189-ge8bdb3c8be08 #0 [ 58.978409][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.982327][ T5325] Call Trace: [ 58.983624][ T5325] [ 58.984772][ T5325] dump_stack_lvl+0x241/0x360 [ 58.986677][ T5325] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.988515][ T5325] ? __pfx__printk+0x10/0x10 [ 58.990281][ T5325] ? vscnprintf+0x5d/0x90 [ 58.991933][ T5325] panic+0x349/0x880 [ 58.993413][ T5325] ? __warn+0x177/0x4e0 [ 58.995012][ T5325] ? __pfx_panic+0x10/0x10 [ 58.996797][ T5325] __warn+0x34b/0x4e0 [ 58.998142][ T5325] ? minstrel_ht_update_caps+0x44a/0x17e0 [ 59.000328][ T5325] report_bug+0x2b3/0x500 [ 59.002030][ T5325] ? minstrel_ht_update_caps+0x44a/0x17e0 [ 59.004217][ T5325] handle_bug+0x60/0x90 [ 59.005713][ T5325] exc_invalid_op+0x1a/0x50 [ 59.007465][ T5325] asm_exc_invalid_op+0x1a/0x20 [ 59.009336][ T5325] RIP: 0010:minstrel_ht_update_caps+0x44a/0x17e0 [ 59.011517][ T5325] Code: da e8 aa a8 9d f9 e9 24 ff ff ff e8 e0 50 3c f6 eb 17 e8 d9 50 3c f6 eb 14 e8 d2 50 3c f6 49 c1 fd 38 eb 0c e8 c7 50 3c f6 90 <0f> 0b 90 45 31 ed 49 bf 00 00 00 00 00 fc ff df 48 8b 3c 24 4c 8b [ 59.018595][ T5325] RSP: 0018:ffffc9000d1eef80 EFLAGS: 00010287 [ 59.020758][ T5325] RAX: ffffffff8b589949 RBX: 000000000000000c RCX: 0000000000040000 [ 59.023655][ T5325] RDX: ffffc9000da21000 RSI: 000000000000040e RDI: 000000000000040f [ 59.026593][ T5325] RBP: 0000000000000000 R08: ffffffff8b589865 R09: 0000000000000000 [ 59.029548][ T5325] R10: ffff8880502dc008 R11: ffffed100a05bd49 R12: 1ffff1100893d61c [ 59.032447][ T5325] R13: 0b00000000000000 R14: ffff8880449eb0e0 R15: 0100000000000000 [ 59.035362][ T5325] ? minstrel_ht_update_caps+0x365/0x17e0 [ 59.037638][ T5325] ? minstrel_ht_update_caps+0x449/0x17e0 [ 59.039825][ T5325] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 59.041845][ T5325] ? __pfx_minstrel_ht_rate_init+0x10/0x10 [ 59.043984][ T5325] rate_control_rate_init+0x3cf/0x5f0 [ 59.045971][ T5325] ? rate_control_rate_init+0xe3/0x5f0 [ 59.047956][ T5325] sta_apply_auth_flags+0x1b6/0x410 [ 59.049910][ T5325] sta_apply_parameters+0xe23/0x1550 [ 59.051905][ T5325] ieee80211_add_station+0x3da/0x630 [ 59.053866][ T5325] rdev_add_station+0x11b/0x2b0 [ 59.055702][ T5325] nl80211_new_station+0x1d53/0x2550 [ 59.057720][ T5325] ? __pfx_nl80211_new_station+0x10/0x10 [ 59.059895][ T5325] ? netdev_run_todo+0xf88/0x1000 [ 59.061861][ T5325] genl_rcv_msg+0xb14/0xec0 [ 59.063618][ T5325] ? mark_lock+0x9a/0x360 [ 59.065295][ T5325] ? __pfx_genl_rcv_msg+0x10/0x10 [ 59.067127][ T5325] ? __pfx_lock_acquire+0x10/0x10 [ 59.068815][ T5325] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 59.070619][ T5325] ? __pfx_nl80211_new_station+0x10/0x10 [ 59.072518][ T5325] ? __pfx_nl80211_post_doit+0x10/0x10 [ 59.074380][ T5325] ? __pfx___might_resched+0x10/0x10 [ 59.076066][ T5325] netlink_rcv_skb+0x1e3/0x430 [ 59.077814][ T5325] ? __pfx_genl_rcv_msg+0x10/0x10 [ 59.079607][ T5325] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 59.081396][ T5325] ? __netlink_deliver_tap+0x77e/0x7c0 [ 59.083366][ T5325] genl_rcv+0x28/0x40 [ 59.084875][ T5325] netlink_unicast+0x7f6/0x990 [ 59.086707][ T5325] ? __pfx_netlink_unicast+0x10/0x10 [ 59.088640][ T5325] ? __virt_addr_valid+0x183/0x530 [ 59.090584][ T5325] ? __check_object_size+0x48e/0x900 [ 59.092886][ T5325] netlink_sendmsg+0x8e4/0xcb0 [ 59.094719][ T5325] ? __pfx_netlink_sendmsg+0x10/0x10 [ 59.096756][ T5325] ? aa_sock_msg_perm+0x91/0x160 [ 59.098636][ T5325] ? __pfx_netlink_sendmsg+0x10/0x10 [ 59.100646][ T5325] __sock_sendmsg+0x221/0x270 [ 59.102389][ T5325] ____sys_sendmsg+0x52a/0x7e0 [ 59.104204][ T5325] ? __pfx_____sys_sendmsg+0x10/0x10 [ 59.106086][ T5325] __sys_sendmsg+0x292/0x380 [ 59.107906][ T5325] ? __pfx___sys_sendmsg+0x10/0x10 [ 59.109855][ T5325] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.112142][ T5325] ? do_syscall_64+0x100/0x230 [ 59.113945][ T5325] ? do_syscall_64+0xb6/0x230 [ 59.115733][ T5325] do_syscall_64+0xf3/0x230 [ 59.117415][ T5325] ? clear_bhb_loop+0x35/0x90 [ 59.119161][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.121388][ T5325] RIP: 0033:0x7f5f01d7e719 [ 59.123068][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.129808][ T5325] RSP: 002b:00007f5f02c4d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.132616][ T5325] RAX: ffffffffffffffda RBX: 00007f5f01f35f80 RCX: 00007f5f01d7e719 [ 59.135135][ T5325] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000006 [ 59.137797][ T5325] RBP: 00007f5f01df175e R08: 0000000000000000 R09: 0000000000000000 [ 59.140509][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.143246][ T5325] R13: 0000000000000000 R14: 00007f5f01f35f80 R15: 00007ffedb5ecb78 [ 59.146178][ T5325] [ 59.147530][ T5325] Kernel Offset: disabled [ 59.149202][ T5325] Rebooting in 86400 seconds..