program: r0 = socket$inet_sctp(0x2, 0x1, 0x84) unshare(0x22020600) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0x6c, r3, 0x5, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x35, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @random=0x8, 0x1, @void, @void, @void, @void, @void, @void, @val={0x25, 0x3, {0x1, 0xb1, 0x9}}, @val={0x2a, 0x0, {0x0, 0x0, 0x1}}, @void, @void, @val={0x72, 0x6}, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0xffffffffffffffc6, 0x26, @random=0x16c1}], @NL80211_ATTR_BEACON_INTERVAL={0x11}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x6c}}, 0x20000014) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r10 = openat$cgroup_int(r9, &(0x7f0000000600)='pids.max\x00', 0x2, 0x0) write$cgroup_int(r10, &(0x7f00000008c0)=0x100000001, 0x12) sendmsg$NL80211_CMD_NEW_STATION(r6, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000040)={0x3c, r7, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) r11 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r11, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) splice(r1, 0x0, r1, 0x0, 0x1, 0x7) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'lblcr\x00', 0x1, 0x4, 0x8}, 0x2c) r12 = socket$kcm(0xa, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @loopback, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10003, 0x1cb, 0x12d61, 0x12d5b}}, 0x44) sendmsg$sock(r12, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) [ 85.086700][ T5304] Bluetooth: hci0: command tx timeout [ 85.313505][ T5328] ------------[ cut here ]------------ [ 85.316223][ T5328] !chanctx_conf [ 85.316232][ T5328] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x64a/0x6e0, CPU#0: syz.0.0/5328 [ 85.322379][ T5328] Modules linked in: [ 85.324184][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.328006][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.332115][ T5328] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 85.334732][ T5328] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 f2 9b b8 f6 90 0f 0b 90 eb e1 e8 e7 9b b8 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 85.343208][ T5328] RSP: 0018:ffffc9000c2b6f60 EFLAGS: 00010287 [ 85.345891][ T5328] RAX: ffffffff8b0beb09 RBX: ffff8880326fc000 RCX: 0000000000100000 [ 85.349141][ T5328] RDX: ffffc90020b72000 RSI: 0000000000000377 RDI: 0000000000000378 [ 85.352548][ T5328] RBP: 0000000000000000 R08: ffffffff8b0be623 R09: ffffffff8e55a360 [ 85.355870][ T5328] R10: dffffc0000000000 R11: ffffed10064df831 R12: 1ffff110064df80a [ 85.359266][ T5328] R13: ffff888012860e80 R14: 0000000000000001 R15: ffffffff8b0be623 [ 85.362836][ T5328] FS: 00007ff9aa0f96c0(0000) GS:ffff88808ccea000(0000) knlGS:0000000000000000 [ 85.366861][ T5328] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.369523][ T5328] CR2: 0000200000001080 CR3: 000000001f97b000 CR4: 0000000000352ef0 [ 85.372936][ T5328] Call Trace: [ 85.374413][ T5328] [ 85.375761][ T5328] rate_control_rate_init_all_links+0x109/0x1a0 [ 85.378631][ T5328] sta_apply_auth_flags+0x1c2/0x400 [ 85.381081][ T5328] sta_apply_parameters+0xe27/0x1570 [ 85.383323][ T5328] ieee80211_add_station+0x424/0x6a0 [ 85.385561][ T5328] rdev_add_station+0xfc/0x270 [ 85.387613][ T5328] nl80211_new_station+0x1860/0x1c70 [ 85.389857][ T5328] ? __pfx_nl80211_new_station+0x10/0x10 [ 85.392250][ T5328] ? netdev_run_todo+0xd5c/0xde0 [ 85.394127][ T5328] ? nl80211_pre_doit+0x4f1/0x930 [ 85.396726][ T5328] genl_family_rcv_msg_doit+0x22a/0x330 [ 85.399110][ T5328] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 85.401829][ T5328] ? bpf_lsm_capable+0x9/0x20 [ 85.403946][ T5328] ? security_capable+0x7e/0x2c0 [ 85.406434][ T5328] genl_rcv_msg+0x61c/0x7a0 [ 85.408348][ T5328] ? __pfx_genl_rcv_msg+0x10/0x10 [ 85.410517][ T5328] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 85.412952][ T5328] ? __pfx_nl80211_new_station+0x10/0x10 [ 85.415343][ T5328] ? __pfx_nl80211_post_doit+0x10/0x10 [ 85.417959][ T5328] ? __pfx_ref_tracker_free+0x10/0x10 [ 85.420244][ T5328] ? __skb_clone+0x63/0x7a0 [ 85.422161][ T5328] netlink_rcv_skb+0x232/0x4b0 [ 85.423930][ T5328] ? __pfx_genl_rcv_msg+0x10/0x10 [ 85.426049][ T5328] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 85.428471][ T5328] ? genl_rcv+0x19/0x40 [ 85.430797][ T5328] ? down_read+0x272/0x2e0 [ 85.432951][ T5328] ? genl_rcv+0xd/0x40 [ 85.434828][ T5328] genl_rcv+0x28/0x40 [ 85.436743][ T5328] netlink_unicast+0x80f/0x9b0 [ 85.438985][ T5328] ? __pfx_netlink_unicast+0x10/0x10 [ 85.441355][ T5328] ? __alloc_skb+0x193/0x390 [ 85.443376][ T5328] ? netlink_sendmsg+0x650/0xb40 [ 85.445505][ T5328] ? skb_put+0x11b/0x210 [ 85.447413][ T5328] netlink_sendmsg+0x813/0xb40 [ 85.449715][ T5328] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.452210][ T5328] ? aa_sock_msg_perm+0xf1/0x1b0 [ 85.454394][ T5328] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 85.456877][ T5328] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.459121][ T5328] ____sys_sendmsg+0xa68/0xad0 [ 85.461281][ T5328] ? __might_fault+0xaf/0x130 [ 85.463403][ T5328] ? __pfx_____sys_sendmsg+0x10/0x10 [ 85.465745][ T5328] ? import_iovec+0x73/0xa0 [ 85.467903][ T5328] ___sys_sendmsg+0x2a5/0x360 [ 85.469881][ T5328] ? try_to_wake_up+0x82a/0x1380 [ 85.472098][ T5328] ? __pfx____sys_sendmsg+0x10/0x10 [ 85.474474][ T5328] ? futex_wake+0x4ac/0x580 [ 85.476635][ T5328] ? sb_end_write+0xe9/0x1c0 [ 85.478706][ T5328] ? __pfx_vfs_write+0x10/0x10 [ 85.480776][ T5328] __x64_sys_sendmsg+0x1bd/0x2a0 [ 85.482960][ T5328] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 85.485295][ T5328] ? rcu_is_watching+0x15/0xb0 [ 85.487487][ T5328] do_syscall_64+0xe2/0xf80 [ 85.489525][ T5328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.492278][ T5328] ? trace_irq_disable+0x37/0x100 [ 85.494582][ T5328] ? clear_bhb_loop+0x60/0xb0 [ 85.496858][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.499375][ T5328] RIP: 0033:0x7ff9a919aeb9 [ 85.501391][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.509612][ T5328] RSP: 002b:00007ff9aa0f9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.513325][ T5328] RAX: ffffffffffffffda RBX: 00007ff9a9415fa0 RCX: 00007ff9a919aeb9 [ 85.516980][ T5328] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000008 [ 85.520485][ T5328] RBP: 00007ff9a9208c1f R08: 0000000000000000 R09: 0000000000000000 [ 85.523925][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.527539][ T5328] R13: 00007ff9a9416038 R14: 00007ff9a9415fa0 R15: 00007ffe86b6baa8 [ 85.531103][ T5328] [ 85.532550][ T5328] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.535781][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.539742][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.544170][ T5328] Call Trace: [ 85.545687][ T5328] [ 85.547035][ T5328] vpanic+0x1e0/0x670 [ 85.548846][ T5328] panic+0xc5/0xd0 [ 85.550453][ T5328] ? __pfx_panic+0x10/0x10 [ 85.552324][ T5328] __warn+0x315/0x4a0 [ 85.553966][ T5328] ? rate_control_rate_init+0x64a/0x6e0 [ 85.556139][ T5328] ? rate_control_rate_init+0x64a/0x6e0 [ 85.558312][ T5328] __report_bug+0x29a/0x540 [ 85.560088][ T5328] ? lockdep_hardirqs_on+0x7a/0x110 [ 85.562169][ T5328] ? rate_control_rate_init+0x64a/0x6e0 [ 85.564311][ T5328] ? __pfx___report_bug+0x10/0x10 [ 85.566270][ T5328] ? __lock_acquire+0x6b5/0x2cf0 [ 85.568251][ T5328] ? __lock_acquire+0x6b5/0x2cf0 [ 85.570375][ T5328] ? rate_control_rate_init+0x64a/0x6e0 [ 85.572861][ T5328] report_bug+0x16a/0x220 [ 85.574774][ T5328] ? rate_control_rate_init+0x64a/0x6e0 [ 85.577187][ T5328] ? rate_control_rate_init+0x64c/0x6e0 [ 85.579586][ T5328] handle_bug+0x98/0x200 [ 85.581578][ T5328] exc_invalid_op+0x1a/0x50 [ 85.583648][ T5328] asm_exc_invalid_op+0x1a/0x20 [ 85.585881][ T5328] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 85.588628][ T5328] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 f2 9b b8 f6 90 0f 0b 90 eb e1 e8 e7 9b b8 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 85.596925][ T5328] RSP: 0018:ffffc9000c2b6f60 EFLAGS: 00010287 [ 85.599638][ T5328] RAX: ffffffff8b0beb09 RBX: ffff8880326fc000 RCX: 0000000000100000 [ 85.603245][ T5328] RDX: ffffc90020b72000 RSI: 0000000000000377 RDI: 0000000000000378 [ 85.606738][ T5328] RBP: 0000000000000000 R08: ffffffff8b0be623 R09: ffffffff8e55a360 [ 85.610328][ T5328] R10: dffffc0000000000 R11: ffffed10064df831 R12: 1ffff110064df80a [ 85.613886][ T5328] R13: ffff888012860e80 R14: 0000000000000001 R15: ffffffff8b0be623 [ 85.617399][ T5328] ? rate_control_rate_init+0x163/0x6e0 [ 85.619826][ T5328] ? rate_control_rate_init+0x163/0x6e0 [ 85.622351][ T5328] ? rate_control_rate_init+0x649/0x6e0 [ 85.624894][ T5328] rate_control_rate_init_all_links+0x109/0x1a0 [ 85.627646][ T5328] sta_apply_auth_flags+0x1c2/0x400 [ 85.629978][ T5328] sta_apply_parameters+0xe27/0x1570 [ 85.632359][ T5328] ieee80211_add_station+0x424/0x6a0 [ 85.634799][ T5328] rdev_add_station+0xfc/0x270 [ 85.637069][ T5328] nl80211_new_station+0x1860/0x1c70 [ 85.639474][ T5328] ? __pfx_nl80211_new_station+0x10/0x10 [ 85.642090][ T5328] ? netdev_run_todo+0xd5c/0xde0 [ 85.644372][ T5328] ? nl80211_pre_doit+0x4f1/0x930 [ 85.646690][ T5328] genl_family_rcv_msg_doit+0x22a/0x330 [ 85.649111][ T5328] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 85.651928][ T5328] ? bpf_lsm_capable+0x9/0x20 [ 85.654082][ T5328] ? security_capable+0x7e/0x2c0 [ 85.656329][ T5328] genl_rcv_msg+0x61c/0x7a0 [ 85.658387][ T5328] ? __pfx_genl_rcv_msg+0x10/0x10 [ 85.660650][ T5328] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 85.662995][ T5328] ? __pfx_nl80211_new_station+0x10/0x10 [ 85.665505][ T5328] ? __pfx_nl80211_post_doit+0x10/0x10 [ 85.667952][ T5328] ? __pfx_ref_tracker_free+0x10/0x10 [ 85.670317][ T5328] ? __skb_clone+0x63/0x7a0 [ 85.672344][ T5328] netlink_rcv_skb+0x232/0x4b0 [ 85.674446][ T5328] ? __pfx_genl_rcv_msg+0x10/0x10 [ 85.676534][ T5328] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 85.678816][ T5328] ? genl_rcv+0x19/0x40 [ 85.680694][ T5328] ? down_read+0x272/0x2e0 [ 85.682678][ T5328] ? genl_rcv+0xd/0x40 [ 85.684538][ T5328] genl_rcv+0x28/0x40 [ 85.686326][ T5328] netlink_unicast+0x80f/0x9b0 [ 85.688431][ T5328] ? __pfx_netlink_unicast+0x10/0x10 [ 85.690709][ T5328] ? __alloc_skb+0x193/0x390 [ 85.692826][ T5328] ? netlink_sendmsg+0x650/0xb40 [ 85.695038][ T5328] ? skb_put+0x11b/0x210 [ 85.696948][ T5328] netlink_sendmsg+0x813/0xb40 [ 85.699073][ T5328] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.701638][ T5328] ? aa_sock_msg_perm+0xf1/0x1b0 [ 85.703909][ T5328] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 85.706105][ T5328] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.708246][ T5328] ____sys_sendmsg+0xa68/0xad0 [ 85.710209][ T5328] ? __might_fault+0xaf/0x130 [ 85.712181][ T5328] ? __pfx_____sys_sendmsg+0x10/0x10 [ 85.714371][ T5328] ? import_iovec+0x73/0xa0 [ 85.716257][ T5328] ___sys_sendmsg+0x2a5/0x360 [ 85.718165][ T5328] ? try_to_wake_up+0x82a/0x1380 [ 85.720330][ T5328] ? __pfx____sys_sendmsg+0x10/0x10 [ 85.722724][ T5328] ? futex_wake+0x4ac/0x580 [ 85.724810][ T5328] ? sb_end_write+0xe9/0x1c0 [ 85.726943][ T5328] ? __pfx_vfs_write+0x10/0x10 [ 85.729140][ T5328] __x64_sys_sendmsg+0x1bd/0x2a0 [ 85.731392][ T5328] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 85.733858][ T5328] ? rcu_is_watching+0x15/0xb0 [ 85.735970][ T5328] do_syscall_64+0xe2/0xf80 [ 85.738051][ T5328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.740716][ T5328] ? trace_irq_disable+0x37/0x100 [ 85.742886][ T5328] ? clear_bhb_loop+0x60/0xb0 [ 85.744957][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.747570][ T5328] RIP: 0033:0x7ff9a919aeb9 [ 85.749585][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.758117][ T5328] RSP: 002b:00007ff9aa0f9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.761870][ T5328] RAX: ffffffffffffffda RBX: 00007ff9a9415fa0 RCX: 00007ff9a919aeb9 [ 85.765387][ T5328] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000008 [ 85.768790][ T5328] RBP: 00007ff9a9208c1f R08: 0000000000000000 R09: 0000000000000000 [ 85.772358][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.775958][ T5328] R13: 00007ff9a9416038 R14: 00007ff9a9415fa0 R15: 00007ffe86b6baa8 [ 85.779459][ T5328] [ 85.781243][ T5328] Kernel Offset: disabled [ 85.783259][ T5328] Rebooting in 86400 seconds..