program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x64, r1, 0x5, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x30, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x72, 0x6}, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x64}}, 0x20000014) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x24}}, 0x4080) sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x28, r3, 0x200, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x2, 0xd}}}}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x28081}, 0x840) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) r11 = syz_genetlink_get_family_id$smc(&(0x7f0000000480), r8) sendmsg$SMC_PNETID_FLUSH(r8, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB="0054bae229c51318dc2adc5423626c971f3081337660ce848aba9a982bdea2c4330bea46ce4f740e54e41d3da41d9bfc3a3a0761ff449479816ad79a67d049f7aca92c5db6722aa2471a47fc5659edd0b8c1", @ANYRES16=r11, @ANYBLOB="000827bd7000fcdbdf2504000000050004000100000014000200766972745f77696669300000000000000900030073797a3200000000"], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x404c041) sendmsg$NL80211_CMD_NEW_STATION(r8, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000040)={0x3c, r9, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) r12 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r12, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) [ 75.349778][ T5293] Bluetooth: hci0: command tx timeout [ 75.563230][ T5313] ------------[ cut here ]------------ [ 75.565612][ T5313] !chanctx_conf [ 75.565623][ T5313] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x64a/0x6e0, CPU#0: syz.0.0/5313 [ 75.571831][ T5313] Modules linked in: [ 75.573650][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.577455][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 75.582082][ T5313] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 75.584806][ T5313] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 c2 da a4 f6 90 0f 0b 90 eb e1 e8 b7 da a4 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 75.593271][ T5313] RSP: 0018:ffffc9000f016f48 EFLAGS: 00010283 [ 75.596066][ T5313] RAX: ffffffff8b20c0b9 RBX: ffff888012354000 RCX: 0000000000100000 [ 75.599715][ T5313] RDX: ffffc90020001000 RSI: 000000000000039a RDI: 000000000000039b [ 75.603286][ T5313] RBP: 0000000000000000 R08: ffffffff8b20bbd3 R09: ffffffff8e7602e0 [ 75.606754][ T5313] R10: dffffc0000000000 R11: ffffed100246a831 R12: 1ffff1100246a80a [ 75.610564][ T5313] R13: ffff8880120e8e80 R14: 0000000000000001 R15: ffffffff8b20bbd3 [ 75.614234][ T5313] FS: 00007f4f2991a6c0(0000) GS:ffff88808ca59000(0000) knlGS:0000000000000000 [ 75.618189][ T5313] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.621283][ T5313] CR2: 0000200000001080 CR3: 00000000443c6000 CR4: 0000000000352ef0 [ 75.624900][ T5313] Call Trace: [ 75.626486][ T5313] [ 75.627854][ T5313] rate_control_rate_init_all_links+0x109/0x1a0 [ 75.630956][ T5313] sta_apply_auth_flags+0x1c2/0x400 [ 75.633331][ T5313] sta_apply_parameters+0xea9/0x1620 [ 75.635644][ T5313] ieee80211_add_station+0x424/0x6a0 [ 75.638067][ T5313] rdev_add_station+0xfc/0x2c0 [ 75.640358][ T5313] nl80211_new_station+0x1864/0x1d30 [ 75.642717][ T5313] ? trace_contention_end+0x3d/0x150 [ 75.645132][ T5313] ? __pfx_nl80211_new_station+0x10/0x10 [ 75.647688][ T5313] ? __rtnl_unlock+0xc8/0xf0 [ 75.649919][ T5313] ? nl80211_pre_doit+0x4f1/0x930 [ 75.652150][ T5313] genl_family_rcv_msg_doit+0x22a/0x330 [ 75.654591][ T5313] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 75.657281][ T5313] ? bpf_lsm_capable+0x9/0x20 [ 75.659318][ T5313] ? security_capable+0x7e/0x2c0 [ 75.661948][ T5313] genl_rcv_msg+0x61c/0x7a0 [ 75.663986][ T5313] ? __pfx_genl_rcv_msg+0x10/0x10 [ 75.666241][ T5313] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 75.668562][ T5313] ? __pfx_nl80211_new_station+0x10/0x10 [ 75.671237][ T5313] ? __pfx_nl80211_post_doit+0x10/0x10 [ 75.673766][ T5313] ? __lock_acquire+0x6b5/0x2cf0 [ 75.675888][ T5313] netlink_rcv_skb+0x232/0x4b0 [ 75.677845][ T5313] ? __pfx_genl_rcv_msg+0x10/0x10 [ 75.680025][ T5313] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 75.682153][ T5313] ? down_read+0x272/0x2e0 [ 75.683995][ T5313] ? genl_rcv+0xd/0x40 [ 75.685725][ T5313] genl_rcv+0x28/0x40 [ 75.687374][ T5313] netlink_unicast+0x80f/0x9b0 [ 75.689583][ T5313] ? __pfx_netlink_unicast+0x10/0x10 [ 75.691889][ T5313] ? netlink_sendmsg+0x650/0xb40 [ 75.694148][ T5313] ? skb_put+0x11b/0x210 [ 75.696077][ T5313] netlink_sendmsg+0x813/0xb40 [ 75.698234][ T5313] ? __pfx_netlink_sendmsg+0x10/0x10 [ 75.700815][ T5313] ? trace_sched_set_need_resched_tp+0x3e/0x160 [ 75.703641][ T5313] ? aa_sock_msg_perm+0xf1/0x1b0 [ 75.705920][ T5313] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 75.708250][ T5313] ? __pfx_netlink_sendmsg+0x10/0x10 [ 75.710873][ T5313] ____sys_sendmsg+0xa68/0xad0 [ 75.713103][ T5313] ? __pfx_____sys_sendmsg+0x10/0x10 [ 75.715435][ T5313] ? import_iovec+0x73/0xa0 [ 75.717432][ T5313] ___sys_sendmsg+0x2a5/0x360 [ 75.719709][ T5313] ? __pfx____sys_sendmsg+0x10/0x10 [ 75.722028][ T5313] ? futex_wake+0x4ac/0x580 [ 75.724048][ T5313] ? __fget_files+0x2a/0x420 [ 75.726161][ T5313] ? __fget_files+0x3a0/0x420 [ 75.728224][ T5313] __x64_sys_sendmsg+0x1bd/0x2a0 [ 75.730643][ T5313] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 75.733270][ T5313] ? rcu_is_watching+0x15/0xb0 [ 75.735463][ T5313] do_syscall_64+0x14d/0xf80 [ 75.737519][ T5313] ? trace_irq_disable+0x3b/0x150 [ 75.739934][ T5313] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.742674][ T5313] ? clear_bhb_loop+0x40/0x90 [ 75.744781][ T5313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.747346][ T5313] RIP: 0033:0x7f4f2899c799 [ 75.749317][ T5313] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 75.757808][ T5313] RSP: 002b:00007f4f2991a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 75.761669][ T5313] RAX: ffffffffffffffda RBX: 00007f4f28c15fa0 RCX: 00007f4f2899c799 [ 75.765151][ T5313] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000007 [ 75.768559][ T5313] RBP: 00007f4f28a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 75.772225][ T5313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.775673][ T5313] R13: 00007f4f28c16038 R14: 00007f4f28c15fa0 R15: 00007ffda112b808 [ 75.779212][ T5313] [ 75.780681][ T5313] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.783900][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.787847][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 75.792205][ T5313] Call Trace: [ 75.793734][ T5313] [ 75.795080][ T5313] vpanic+0x56c/0xa60 [ 75.796868][ T5313] ? __pfx__printk+0x10/0x10 [ 75.798920][ T5313] ? __pfx_vpanic+0x10/0x10 [ 75.800968][ T5313] ? is_bpf_text_address+0x292/0x2b0 [ 75.803308][ T5313] ? is_bpf_text_address+0x26/0x2b0 [ 75.805653][ T5313] panic+0xc5/0xd0 [ 75.807334][ T5313] ? __pfx_panic+0x10/0x10 [ 75.809350][ T5313] __warn+0x315/0x4f0 [ 75.811141][ T5313] ? rate_control_rate_init+0x64a/0x6e0 [ 75.813478][ T5313] ? rate_control_rate_init+0x64a/0x6e0 [ 75.815842][ T5313] __report_bug+0x29a/0x540 [ 75.817943][ T5313] ? lockdep_hardirqs_on+0x7a/0x110 [ 75.820291][ T5313] ? rate_control_rate_init+0x64a/0x6e0 [ 75.822774][ T5313] ? __pfx___report_bug+0x10/0x10 [ 75.824956][ T5313] ? __lock_acquire+0x6b5/0x2cf0 [ 75.827135][ T5313] ? __lock_acquire+0x6b5/0x2cf0 [ 75.829264][ T5313] ? rate_control_rate_init+0x64a/0x6e0 [ 75.831876][ T5313] report_bug+0x16a/0x220 [ 75.833824][ T5313] ? rate_control_rate_init+0x64a/0x6e0 [ 75.836216][ T5313] ? rate_control_rate_init+0x64c/0x6e0 [ 75.838721][ T5313] handle_bug+0x98/0x200 [ 75.840684][ T5313] exc_invalid_op+0x1a/0x50 [ 75.842709][ T5313] asm_exc_invalid_op+0x1a/0x20 [ 75.844848][ T5313] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 75.847566][ T5313] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 c2 da a4 f6 90 0f 0b 90 eb e1 e8 b7 da a4 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 75.855850][ T5313] RSP: 0018:ffffc9000f016f48 EFLAGS: 00010283 [ 75.858576][ T5313] RAX: ffffffff8b20c0b9 RBX: ffff888012354000 RCX: 0000000000100000 [ 75.862120][ T5313] RDX: ffffc90020001000 RSI: 000000000000039a RDI: 000000000000039b [ 75.865660][ T5313] RBP: 0000000000000000 R08: ffffffff8b20bbd3 R09: ffffffff8e7602e0 [ 75.869133][ T5313] R10: dffffc0000000000 R11: ffffed100246a831 R12: 1ffff1100246a80a [ 75.872567][ T5313] R13: ffff8880120e8e80 R14: 0000000000000001 R15: ffffffff8b20bbd3 [ 75.875980][ T5313] ? rate_control_rate_init+0x163/0x6e0 [ 75.878521][ T5313] ? rate_control_rate_init+0x163/0x6e0 [ 75.880979][ T5313] ? rate_control_rate_init+0x649/0x6e0 [ 75.883488][ T5313] ? rate_control_rate_init+0x649/0x6e0 [ 75.885955][ T5313] rate_control_rate_init_all_links+0x109/0x1a0 [ 75.888749][ T5313] sta_apply_auth_flags+0x1c2/0x400 [ 75.891103][ T5313] sta_apply_parameters+0xea9/0x1620 [ 75.893433][ T5313] ieee80211_add_station+0x424/0x6a0 [ 75.895733][ T5313] rdev_add_station+0xfc/0x2c0 [ 75.897852][ T5313] nl80211_new_station+0x1864/0x1d30 [ 75.900270][ T5313] ? trace_contention_end+0x3d/0x150 [ 75.902643][ T5313] ? __pfx_nl80211_new_station+0x10/0x10 [ 75.905147][ T5313] ? __rtnl_unlock+0xc8/0xf0 [ 75.907243][ T5313] ? nl80211_pre_doit+0x4f1/0x930 [ 75.909512][ T5313] genl_family_rcv_msg_doit+0x22a/0x330 [ 75.911712][ T5313] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 75.914305][ T5313] ? bpf_lsm_capable+0x9/0x20 [ 75.916408][ T5313] ? security_capable+0x7e/0x2c0 [ 75.918670][ T5313] genl_rcv_msg+0x61c/0x7a0 [ 75.920736][ T5313] ? __pfx_genl_rcv_msg+0x10/0x10 [ 75.922962][ T5313] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 75.925363][ T5313] ? __pfx_nl80211_new_station+0x10/0x10 [ 75.927852][ T5313] ? __pfx_nl80211_post_doit+0x10/0x10 [ 75.930374][ T5313] ? __lock_acquire+0x6b5/0x2cf0 [ 75.932550][ T5313] netlink_rcv_skb+0x232/0x4b0 [ 75.934702][ T5313] ? __pfx_genl_rcv_msg+0x10/0x10 [ 75.936910][ T5313] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 75.939070][ T5313] ? down_read+0x272/0x2e0 [ 75.940911][ T5313] ? genl_rcv+0xd/0x40 [ 75.942747][ T5313] genl_rcv+0x28/0x40 [ 75.944545][ T5313] netlink_unicast+0x80f/0x9b0 [ 75.946709][ T5313] ? __pfx_netlink_unicast+0x10/0x10 [ 75.948996][ T5313] ? netlink_sendmsg+0x650/0xb40 [ 75.951230][ T5313] ? skb_put+0x11b/0x210 [ 75.953117][ T5313] netlink_sendmsg+0x813/0xb40 [ 75.955251][ T5313] ? __pfx_netlink_sendmsg+0x10/0x10 [ 75.957569][ T5313] ? trace_sched_set_need_resched_tp+0x3e/0x160 [ 75.960435][ T5313] ? aa_sock_msg_perm+0xf1/0x1b0 [ 75.962669][ T5313] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 75.964966][ T5313] ? __pfx_netlink_sendmsg+0x10/0x10 [ 75.967298][ T5313] ____sys_sendmsg+0xa68/0xad0 [ 75.969436][ T5313] ? __pfx_____sys_sendmsg+0x10/0x10 [ 75.971799][ T5313] ? import_iovec+0x73/0xa0 [ 75.973869][ T5313] ___sys_sendmsg+0x2a5/0x360 [ 75.975977][ T5313] ? __pfx____sys_sendmsg+0x10/0x10 [ 75.978369][ T5313] ? futex_wake+0x4ac/0x580 [ 75.980454][ T5313] ? __fget_files+0x2a/0x420 [ 75.982504][ T5313] ? __fget_files+0x3a0/0x420 [ 75.984588][ T5313] __x64_sys_sendmsg+0x1bd/0x2a0 [ 75.986860][ T5313] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 75.989234][ T5313] ? rcu_is_watching+0x15/0xb0 [ 75.991394][ T5313] do_syscall_64+0x14d/0xf80 [ 75.993455][ T5313] ? trace_irq_disable+0x3b/0x150 [ 75.995554][ T5313] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.998171][ T5313] ? clear_bhb_loop+0x40/0x90 [ 76.000343][ T5313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.002964][ T5313] RIP: 0033:0x7f4f2899c799 [ 76.004953][ T5313] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 76.013290][ T5313] RSP: 002b:00007f4f2991a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.016925][ T5313] RAX: ffffffffffffffda RBX: 00007f4f28c15fa0 RCX: 00007f4f2899c799 [ 76.020555][ T5313] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000007 [ 76.023905][ T5313] RBP: 00007f4f28a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 76.027301][ T5313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.030690][ T5313] R13: 00007f4f28c16038 R14: 00007f4f28c15fa0 R15: 00007ffda112b808 [ 76.034127][ T5313] [ 76.035792][ T5313] Kernel Offset: disabled [ 76.037693][ T5313] Rebooting in 86400 seconds..