program: r0 = openat$fb1(0xffffff9c, &(0x7f0000000000), 0x210800, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000180)='./bus\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000280)='./bus/file0\x00', 0x0) renameat2(r1, &(0x7f0000000240)='./bus/file0\x00', r2, &(0x7f00000001c0)='./file0\x00', 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0x74, r5, 0x5, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_HE_OBSS_PD={0x40, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0xa}, @NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET={0x5, 0x2, 0x11}, @NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0xc, 0x5, "ebc86b50b9104125"}, @NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET={0x5, 0x2, 0xe}, @NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET={0x5, 0x2, 0x7}]}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x74}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000014) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_STATION(r7, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000240)={0x48, r8, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0xe, 0x2}}]}, 0x48}, 0x1, 0x0, 0x0, 0xc0}, 0x0) sendmsg$NL80211_CMD_DEL_TX_TS(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r3, 0x400, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x6, 0x5b}}}}, [@NL80211_ATTR_TSID={0x5, 0xd2, 0x5}, @NL80211_ATTR_MAC={0xa}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc040}, 0x404c017) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000380)={0x3c0, 0x480, 0x3f, 0x280, 0x1, 0x0, 0x2, 0x0, {0x0, 0x0, 0x2}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x0, 0x3}) [ 68.457081][ T5281] Bluetooth: hci0: command tx timeout [ 68.520979][ T5318] netlink: 52 bytes leftover after parsing attributes in process `syz.0.0'. [ 68.531478][ T5318] ------------[ cut here ]------------ [ 68.534029][ T5318] !chanctx_conf [ 68.534040][ T5318] WARNING: net/mac80211/rate.c:51 at rate_control_rate_init+0x5a6/0x630, CPU#0: syz.0.0/5318 [ 68.540306][ T5318] Modules linked in: [ 68.542328][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 68.546090][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 68.550853][ T5318] RIP: 0010:rate_control_rate_init+0x5a6/0x630 [ 68.553696][ T5318] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 76 2e a5 f6 90 0f 0b 90 eb e1 e8 6b 2e a5 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 84 00 00 00 [ 68.562178][ T5318] RSP: 0018:ffffc9000ddf6fe0 EFLAGS: 00010283 [ 68.565135][ T5318] RAX: ffffffff8b210655 RBX: ffff888012aa0050 RCX: 0000000000100000 [ 68.569212][ T5318] RDX: ffffc9000ec1a000 RSI: 00000000000003ad RDI: 00000000000003ae [ 68.572636][ T5318] RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000 [ 68.576463][ T5318] R10: dffffc0000000000 R11: ffffed1002554031 R12: ffffffff8b2101c7 [ 68.580586][ T5318] R13: ffff8880425f0f40 R14: 0000000000000000 R15: 0000000000000000 [ 68.584687][ T5318] FS: 00007fc270c706c0(0000) GS:ffff88808c84f000(0000) knlGS:0000000000000000 [ 68.589590][ T5318] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.592958][ T5318] CR2: 00007fc26ffee6b8 CR3: 00000000379ed000 CR4: 0000000000352ef0 [ 68.597653][ T5318] Call Trace: [ 68.599449][ T5318] [ 68.600693][ T5318] rate_control_rate_init_all_links+0xf4/0x190 [ 68.603242][ T5318] sta_apply_auth_flags+0x1bc/0x430 [ 68.605501][ T5318] sta_apply_parameters+0x126d/0x1b10 [ 68.607835][ T5318] ieee80211_add_station+0x3de/0x700 [ 68.610291][ T5318] rdev_add_station+0xfc/0x290 [ 68.612862][ T5318] nl80211_new_station+0x1b4e/0x1fd0 [ 68.616041][ T5318] ? trace_contention_end+0x3d/0x140 [ 68.618495][ T5318] ? __pfx_nl80211_new_station+0x10/0x10 [ 68.621267][ T5318] ? __rtnl_unlock+0xc8/0xf0 [ 68.623318][ T5318] ? nl80211_pre_doit+0x53d/0x890 [ 68.625601][ T5318] genl_family_rcv_msg_doit+0x233/0x340 [ 68.628042][ T5318] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 68.631215][ T5318] ? bpf_lsm_capable+0x9/0x20 [ 68.633903][ T5318] ? security_capable+0x7e/0x2c0 [ 68.636537][ T5318] genl_rcv_msg+0x614/0x7a0 [ 68.638633][ T5318] ? __pfx_genl_rcv_msg+0x10/0x10 [ 68.640765][ T5318] ? ref_tracker_free+0x689/0x830 [ 68.642714][ T5318] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 68.644888][ T5318] ? __pfx_nl80211_new_station+0x10/0x10 [ 68.647937][ T5318] ? __pfx_nl80211_post_doit+0x10/0x10 [ 68.651226][ T5318] ? __pfx_ref_tracker_free+0x10/0x10 [ 68.653797][ T5318] ? __asan_memcpy+0x40/0x70 [ 68.656005][ T5318] ? __skb_clone+0x5c/0x6c0 [ 68.657876][ T5318] netlink_rcv_skb+0x226/0x4a0 [ 68.659923][ T5318] ? __pfx_genl_rcv_msg+0x10/0x10 [ 68.661948][ T5318] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 68.664025][ T5318] ? down_read+0x2be/0x330 [ 68.666034][ T5318] genl_rcv+0x28/0x40 [ 68.667796][ T5318] netlink_unicast+0x7bb/0x940 [ 68.671360][ T5318] netlink_sendmsg+0x813/0xb40 [ 68.673736][ T5318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 68.675795][ T5318] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 68.678269][ T5318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 68.680391][ T5318] sock_sendmsg_nosec+0x13a/0x180 [ 68.682415][ T5318] ____sys_sendmsg+0x54e/0x850 [ 68.684427][ T5318] ? __pfx_____sys_sendmsg+0x10/0x10 [ 68.687196][ T5318] ? lock_release+0x4b/0x3c0 [ 68.689755][ T5318] ? import_iovec+0x73/0xa0 [ 68.692158][ T5318] ___sys_sendmsg+0x2a5/0x360 [ 68.694559][ T5318] ? __pfx____sys_sendmsg+0x10/0x10 [ 68.696905][ T5318] ? futex_wake+0x51b/0x5f0 [ 68.698861][ T5318] ? __fget_files+0x2a/0x420 [ 68.700830][ T5318] ? __fget_files+0x3a2/0x420 [ 68.702711][ T5318] __x64_sys_sendmsg+0x1b1/0x290 [ 68.704733][ T5318] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 68.706987][ T5318] ? rcu_is_watching+0x15/0xb0 [ 68.709368][ T5318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.712749][ T5318] do_syscall_64+0x174/0x580 [ 68.714875][ T5318] ? trace_irq_disable+0x3b/0x140 [ 68.716964][ T5318] ? clear_bhb_loop+0x40/0x90 [ 68.719027][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.721582][ T5318] RIP: 0033:0x7fc26fd9ce59 [ 68.723670][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 68.732524][ T5318] RSP: 002b:00007fc270c6ffe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 68.735936][ T5318] RAX: ffffffffffffffda RBX: 00007fc270015fa0 RCX: 00007fc26fd9ce59 [ 68.739470][ T5318] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000006 [ 68.742934][ T5318] RBP: 00007fc26fe32e6f R08: 0000000000000000 R09: 0000000000000000 [ 68.746814][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.750841][ T5318] R13: 00007fc270016038 R14: 00007fc270015fa0 R15: 00007ffe0f9e3ef8 [ 68.754126][ T5318] [ 68.755429][ T5318] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 68.758437][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 68.762239][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 68.766630][ T5318] Call Trace: [ 68.768105][ T5318] [ 68.769467][ T5318] vpanic+0x56c/0xa60 [ 68.771437][ T5318] ? __pfx__printk+0x10/0x10 [ 68.773632][ T5318] ? __pfx_vpanic+0x10/0x10 [ 68.775584][ T5318] ? is_bpf_text_address+0x292/0x2b0 [ 68.777921][ T5318] ? is_bpf_text_address+0x26/0x2b0 [ 68.780195][ T5318] panic+0xc5/0xd0 [ 68.781731][ T5318] ? __pfx_panic+0x10/0x10 [ 68.783675][ T5318] __warn+0x315/0x4c0 [ 68.785715][ T5318] ? rate_control_rate_init+0x5a6/0x630 [ 68.788614][ T5318] ? rate_control_rate_init+0x5a6/0x630 [ 68.791242][ T5318] __report_bug+0x331/0x530 [ 68.793243][ T5318] ? rate_control_rate_init+0x5a6/0x630 [ 68.795312][ T5318] ? __pfx___report_bug+0x10/0x10 [ 68.797393][ T5318] ? lock_release+0x4b/0x3c0 [ 68.799400][ T5318] ? netlink_rcv_skb+0x226/0x4a0 [ 68.801496][ T5318] ? rate_control_rate_init+0x5a6/0x630 [ 68.804254][ T5318] report_bug+0x16a/0x220 [ 68.807306][ T5318] ? rate_control_rate_init+0x5a6/0x630 [ 68.810041][ T5318] ? rate_control_rate_init+0x5a8/0x630 [ 68.812512][ T5318] handle_bug+0x9c/0x200 [ 68.814423][ T5318] exc_invalid_op+0x1a/0x50 [ 68.816365][ T5318] asm_exc_invalid_op+0x1a/0x20 [ 68.818529][ T5318] RIP: 0010:rate_control_rate_init+0x5a6/0x630 [ 68.821692][ T5318] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 76 2e a5 f6 90 0f 0b 90 eb e1 e8 6b 2e a5 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 84 00 00 00 [ 68.830547][ T5318] RSP: 0018:ffffc9000ddf6fe0 EFLAGS: 00010283 [ 68.833197][ T5318] RAX: ffffffff8b210655 RBX: ffff888012aa0050 RCX: 0000000000100000 [ 68.836669][ T5318] RDX: ffffc9000ec1a000 RSI: 00000000000003ad RDI: 00000000000003ae [ 68.840557][ T5318] RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000 [ 68.844711][ T5318] R10: dffffc0000000000 R11: ffffed1002554031 R12: ffffffff8b2101c7 [ 68.847742][ T5318] R13: ffff8880425f0f40 R14: 0000000000000000 R15: 0000000000000000 [ 68.850569][ T5318] ? rate_control_rate_init+0x117/0x630 [ 68.852860][ T5318] ? rate_control_rate_init+0x5a5/0x630 [ 68.855275][ T5318] rate_control_rate_init_all_links+0xf4/0x190 [ 68.858225][ T5318] sta_apply_auth_flags+0x1bc/0x430 [ 68.861157][ T5318] sta_apply_parameters+0x126d/0x1b10 [ 68.864538][ T5318] ieee80211_add_station+0x3de/0x700 [ 68.867271][ T5318] rdev_add_station+0xfc/0x290 [ 68.869285][ T5318] nl80211_new_station+0x1b4e/0x1fd0 [ 68.871262][ T5318] ? trace_contention_end+0x3d/0x140 [ 68.873148][ T5318] ? __pfx_nl80211_new_station+0x10/0x10 [ 68.875227][ T5318] ? __rtnl_unlock+0xc8/0xf0 [ 68.876982][ T5318] ? nl80211_pre_doit+0x53d/0x890 [ 68.879160][ T5318] genl_family_rcv_msg_doit+0x233/0x340 [ 68.881685][ T5318] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 68.884620][ T5318] ? bpf_lsm_capable+0x9/0x20 [ 68.887308][ T5318] ? security_capable+0x7e/0x2c0 [ 68.890027][ T5318] genl_rcv_msg+0x614/0x7a0 [ 68.892264][ T5318] ? __pfx_genl_rcv_msg+0x10/0x10 [ 68.894513][ T5318] ? ref_tracker_free+0x689/0x830 [ 68.896733][ T5318] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 68.898919][ T5318] ? __pfx_nl80211_new_station+0x10/0x10 [ 68.901082][ T5318] ? __pfx_nl80211_post_doit+0x10/0x10 [ 68.903203][ T5318] ? __pfx_ref_tracker_free+0x10/0x10 [ 68.905340][ T5318] ? __asan_memcpy+0x40/0x70 [ 68.907381][ T5318] ? __skb_clone+0x5c/0x6c0 [ 68.909592][ T5318] netlink_rcv_skb+0x226/0x4a0 [ 68.912046][ T5318] ? __pfx_genl_rcv_msg+0x10/0x10 [ 68.914049][ T5318] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 68.916251][ T5318] ? down_read+0x2be/0x330 [ 68.918129][ T5318] genl_rcv+0x28/0x40 [ 68.919880][ T5318] netlink_unicast+0x7bb/0x940 [ 68.921966][ T5318] netlink_sendmsg+0x813/0xb40 [ 68.924346][ T5318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 68.927197][ T5318] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 68.930132][ T5318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 68.932415][ T5318] sock_sendmsg_nosec+0x13a/0x180 [ 68.934505][ T5318] ____sys_sendmsg+0x54e/0x850 [ 68.936718][ T5318] ? __pfx_____sys_sendmsg+0x10/0x10 [ 68.939061][ T5318] ? lock_release+0x4b/0x3c0 [ 68.941081][ T5318] ? import_iovec+0x73/0xa0 [ 68.943119][ T5318] ___sys_sendmsg+0x2a5/0x360 [ 68.945533][ T5318] ? __pfx____sys_sendmsg+0x10/0x10 [ 68.948261][ T5318] ? futex_wake+0x51b/0x5f0 [ 68.950505][ T5318] ? __fget_files+0x2a/0x420 [ 68.952762][ T5318] ? __fget_files+0x3a2/0x420 [ 68.955097][ T5318] __x64_sys_sendmsg+0x1b1/0x290 [ 68.957196][ T5318] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 68.959486][ T5318] ? rcu_is_watching+0x15/0xb0 [ 68.961676][ T5318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.964691][ T5318] do_syscall_64+0x174/0x580 [ 68.967173][ T5318] ? trace_irq_disable+0x3b/0x140 [ 68.969390][ T5318] ? clear_bhb_loop+0x40/0x90 [ 68.971446][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.974022][ T5318] RIP: 0033:0x7fc26fd9ce59 [ 68.975998][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 68.984875][ T5318] RSP: 002b:00007fc270c6ffe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 68.988642][ T5318] RAX: ffffffffffffffda RBX: 00007fc270015fa0 RCX: 00007fc26fd9ce59 [ 68.992175][ T5318] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000006 [ 68.996130][ T5318] RBP: 00007fc26fe32e6f R08: 0000000000000000 R09: 0000000000000000 [ 69.000248][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.003675][ T5318] R13: 00007fc270016038 R14: 00007fc270015fa0 R15: 00007ffe0f9e3ef8 [ 69.007157][ T5318] [ 69.008971][ T5318] Kernel Offset: disabled [ 69.011190][ T5318] Rebooting in 86400 seconds..