program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x94, r1, 0x5, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x7fffffff, 0x38}}}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4c, 0xe, {{{}, {}, @device_a, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @val={0x3, 0x0, 0x99}, @void, @void, @void, @void, @void, @void, @val={0x2d, 0xffffffffffffff02, {0x1, 0x1, 0x7, 0x0, {0xa600000000000000, 0x2, 0x0, 0x3fe, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x9, 0x3}}, @val={0x72, 0x6}, @val={0x71, 0x0, {0x1, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0xc6, 0x8}}, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}], @NL80211_ATTR_HE_OBSS_PD={0x0, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x0, 0x3, 0x7}, @NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0x0, 0x5, "08f82fd66092f81f"}, @NL80211_HE_OBSS_PD_ATTR_SR_CTRL={0x0, 0x6, 0x24}, @NL80211_HE_OBSS_PD_ATTR_SR_CTRL={0x0, 0x6, 0x4}, @NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0x0, 0x5, "20a7f0ce50315595"}, @NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET={0x0, 0x1, 0xb}, @NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP={0x0, 0x4, "0000000003001b00"}, @NL80211_HE_OBSS_PD_ATTR_SR_CTRL={0x0, 0x6, 0x9}, @NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x0, 0x3, 0x5}, @NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP={0x0, 0x4, "c6aa5b261c1b72d5"}]}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x94}}, 0x20000014) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r7, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000280)={0x3c, r8, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) [ 98.804100][ T4645] Bluetooth: hci0: command tx timeout [ 98.872315][ T5316] ------------[ cut here ]------------ [ 98.875236][ T5316] !chanctx_conf [ 98.875251][ T5316] WARNING: net/mac80211/rate.c:51 at rate_control_rate_init+0x5a6/0x630, CPU#0: syz.0.0/5316 [ 98.881704][ T5316] Modules linked in: [ 98.883438][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 98.887194][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 98.891968][ T5316] RIP: 0010:rate_control_rate_init+0x5a6/0x630 [ 98.895149][ T5316] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 7c 24 91 00 cc e8 66 91 a7 f6 90 0f 0b 90 eb e1 e8 5b 91 a7 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 84 00 00 00 [ 98.902937][ T5316] RSP: 0018:ffffc90005947000 EFLAGS: 00010283 [ 98.906170][ T5316] RAX: ffffffff8b1ea035 RBX: ffff888012ad8050 RCX: 0000000000100000 [ 98.909883][ T5316] RDX: ffffc9000f58a000 RSI: 0000000000000382 RDI: 0000000000000383 [ 98.913515][ T5316] RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000 [ 98.916858][ T5316] R10: dffffc0000000000 R11: ffffed100255b031 R12: ffffffff8b1e9ba7 [ 98.920666][ T5316] R13: ffff888036b40f40 R14: 0000000000000000 R15: 0000000000000000 [ 98.925114][ T5316] FS: 00007fd2ca1196c0(0000) GS:ffff88808c85e000(0000) knlGS:0000000000000000 [ 98.928734][ T5316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 98.931439][ T5316] CR2: 00007fd2c93ee6b8 CR3: 000000004391a000 CR4: 0000000000352ef0 [ 98.934907][ T5316] Call Trace: [ 98.936394][ T5316] [ 98.937810][ T5316] rate_control_rate_init_all_links+0xf4/0x190 [ 98.940731][ T5316] sta_apply_auth_flags+0x1bc/0x430 [ 98.943624][ T5316] sta_apply_parameters+0x126d/0x1b10 [ 98.945894][ T5316] ieee80211_add_station+0x3de/0x700 [ 98.948123][ T5316] rdev_add_station+0xfc/0x290 [ 98.950200][ T5316] nl80211_new_station+0x1b4e/0x1fd0 [ 98.952732][ T5316] ? trace_contention_end+0x3d/0x140 [ 98.955493][ T5316] ? __pfx_nl80211_new_station+0x10/0x10 [ 98.958267][ T5316] ? __rtnl_unlock+0xc8/0xf0 [ 98.960413][ T5316] ? nl80211_pre_doit+0x53d/0x890 [ 98.962614][ T5316] genl_family_rcv_msg_doit+0x233/0x340 [ 98.965250][ T5316] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 98.968283][ T5316] ? bpf_lsm_capable+0x9/0x20 [ 98.970842][ T5316] ? security_capable+0x7e/0x2c0 [ 98.973420][ T5316] genl_rcv_msg+0x614/0x7a0 [ 98.975470][ T5316] ? __pfx_genl_rcv_msg+0x10/0x10 [ 98.977654][ T5316] ? ref_tracker_free+0x689/0x830 [ 98.979812][ T5316] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 98.982141][ T5316] ? __pfx_nl80211_new_station+0x10/0x10 [ 98.984862][ T5316] ? __pfx_nl80211_post_doit+0x10/0x10 [ 98.987453][ T5316] ? __pfx_ref_tracker_free+0x10/0x10 [ 98.990126][ T5316] ? __asan_memcpy+0x40/0x70 [ 98.992283][ T5316] ? __skb_clone+0x5c/0x6c0 [ 98.994450][ T5316] netlink_rcv_skb+0x226/0x4a0 [ 98.996466][ T5316] ? __pfx_genl_rcv_msg+0x10/0x10 [ 98.998587][ T5316] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 99.000906][ T5316] ? down_read+0x2be/0x330 [ 99.003207][ T5316] genl_rcv+0x28/0x40 [ 99.005337][ T5316] netlink_unicast+0x7bb/0x940 [ 99.007736][ T5316] netlink_sendmsg+0x813/0xb40 [ 99.009881][ T5316] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.012077][ T5316] ? futex_unqueue+0x22/0x240 [ 99.014219][ T5316] ? aa_sock_msg_perm+0xf1/0x1b0 [ 99.016519][ T5316] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 99.019633][ T5316] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.022389][ T5316] ____sys_sendmsg+0x9b9/0xa20 [ 99.024665][ T5316] ? __pfx_____sys_sendmsg+0x10/0x10 [ 99.026902][ T5316] ? lock_release+0x4b/0x3c0 [ 99.028913][ T5316] ? import_iovec+0x73/0xa0 [ 99.030940][ T5316] ___sys_sendmsg+0x2a5/0x360 [ 99.033214][ T5316] ? __pfx____sys_sendmsg+0x10/0x10 [ 99.035474][ T5316] ? futex_wait+0x2a2/0x390 [ 99.037410][ T5316] ? __fget_files+0x2a/0x420 [ 99.039336][ T5316] ? __fget_files+0x3a2/0x420 [ 99.041288][ T5316] __x64_sys_sendmsg+0x1b1/0x290 [ 99.043814][ T5316] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 99.046696][ T5316] ? rcu_is_watching+0x15/0xb0 [ 99.049528][ T5316] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.052115][ T5316] do_syscall_64+0x174/0x580 [ 99.054358][ T5316] ? trace_irq_disable+0x3b/0x140 [ 99.056483][ T5316] ? clear_bhb_loop+0x40/0x90 [ 99.058742][ T5316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.061355][ T5316] RIP: 0033:0x7fd2c919ce59 [ 99.063475][ T5316] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 99.073332][ T5316] RSP: 002b:00007fd2ca118fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 99.076847][ T5316] RAX: ffffffffffffffda RBX: 00007fd2c9415fa0 RCX: 00007fd2c919ce59 [ 99.080511][ T5316] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000007 [ 99.084490][ T5316] RBP: 00007fd2c9232e6f R08: 0000000000000000 R09: 0000000000000000 [ 99.088204][ T5316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 99.091758][ T5316] R13: 00007fd2c9416038 R14: 00007fd2c9415fa0 R15: 00007ffd5efbccb8 [ 99.095982][ T5316] [ 99.097709][ T5316] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 99.100989][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 99.104797][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 99.109697][ T5316] Call Trace: [ 99.111275][ T5316] [ 99.112599][ T5316] vpanic+0x56c/0xa60 [ 99.114337][ T5316] ? __pfx__printk+0x10/0x10 [ 99.116262][ T5316] ? __pfx_vpanic+0x10/0x10 [ 99.118297][ T5316] ? is_bpf_text_address+0x292/0x2b0 [ 99.121040][ T5316] ? is_bpf_text_address+0x26/0x2b0 [ 99.123784][ T5316] panic+0xc5/0xd0 [ 99.125513][ T5316] ? __pfx_panic+0x10/0x10 [ 99.127471][ T5316] __warn+0x315/0x4c0 [ 99.129312][ T5316] ? rate_control_rate_init+0x5a6/0x630 [ 99.131701][ T5316] ? rate_control_rate_init+0x5a6/0x630 [ 99.133992][ T5316] __report_bug+0x331/0x530 [ 99.136073][ T5316] ? rate_control_rate_init+0x5a6/0x630 [ 99.138939][ T5316] ? __pfx___report_bug+0x10/0x10 [ 99.141344][ T5316] ? irqentry_exit+0x218/0x8f0 [ 99.143435][ T5316] ? trace_irq_disable+0x3b/0x140 [ 99.145579][ T5316] ? rate_control_rate_init+0x5a8/0x630 [ 99.147947][ T5316] ? rate_control_rate_init+0x5a6/0x630 [ 99.150241][ T5316] report_bug+0x16a/0x220 [ 99.152282][ T5316] ? rate_control_rate_init+0x5a6/0x630 [ 99.155295][ T5316] ? rate_control_rate_init+0x5a8/0x630 [ 99.157891][ T5316] handle_bug+0x9c/0x200 [ 99.159694][ T5316] exc_invalid_op+0x1a/0x50 [ 99.161660][ T5316] asm_exc_invalid_op+0x1a/0x20 [ 99.163916][ T5316] RIP: 0010:rate_control_rate_init+0x5a6/0x630 [ 99.166789][ T5316] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 7c 24 91 00 cc e8 66 91 a7 f6 90 0f 0b 90 eb e1 e8 5b 91 a7 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 84 00 00 00 [ 99.175220][ T5316] RSP: 0018:ffffc90005947000 EFLAGS: 00010283 [ 99.177788][ T5316] RAX: ffffffff8b1ea035 RBX: ffff888012ad8050 RCX: 0000000000100000 [ 99.181321][ T5316] RDX: ffffc9000f58a000 RSI: 0000000000000382 RDI: 0000000000000383 [ 99.185227][ T5316] RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000 [ 99.188732][ T5316] R10: dffffc0000000000 R11: ffffed100255b031 R12: ffffffff8b1e9ba7 [ 99.192137][ T5316] R13: ffff888036b40f40 R14: 0000000000000000 R15: 0000000000000000 [ 99.195960][ T5316] ? rate_control_rate_init+0x117/0x630 [ 99.198757][ T5316] ? rate_control_rate_init+0x5a5/0x630 [ 99.201151][ T5316] rate_control_rate_init_all_links+0xf4/0x190 [ 99.203641][ T5316] sta_apply_auth_flags+0x1bc/0x430 [ 99.205821][ T5316] sta_apply_parameters+0x126d/0x1b10 [ 99.208049][ T5316] ieee80211_add_station+0x3de/0x700 [ 99.210267][ T5316] rdev_add_station+0xfc/0x290 [ 99.212439][ T5316] nl80211_new_station+0x1b4e/0x1fd0 [ 99.215394][ T5316] ? trace_contention_end+0x3d/0x140 [ 99.217974][ T5316] ? __pfx_nl80211_new_station+0x10/0x10 [ 99.220454][ T5316] ? __rtnl_unlock+0xc8/0xf0 [ 99.222474][ T5316] ? nl80211_pre_doit+0x53d/0x890 [ 99.224664][ T5316] genl_family_rcv_msg_doit+0x233/0x340 [ 99.226980][ T5316] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 99.229850][ T5316] ? bpf_lsm_capable+0x9/0x20 [ 99.232643][ T5316] ? security_capable+0x7e/0x2c0 [ 99.234839][ T5316] genl_rcv_msg+0x614/0x7a0 [ 99.236592][ T5316] ? __pfx_genl_rcv_msg+0x10/0x10 [ 99.238617][ T5316] ? ref_tracker_free+0x689/0x830 [ 99.240565][ T5316] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 99.242694][ T5316] ? __pfx_nl80211_new_station+0x10/0x10 [ 99.245570][ T5316] ? __pfx_nl80211_post_doit+0x10/0x10 [ 99.248422][ T5316] ? __pfx_ref_tracker_free+0x10/0x10 [ 99.250849][ T5316] ? __asan_memcpy+0x40/0x70 [ 99.252923][ T5316] ? __skb_clone+0x5c/0x6c0 [ 99.254713][ T5316] netlink_rcv_skb+0x226/0x4a0 [ 99.256811][ T5316] ? __pfx_genl_rcv_msg+0x10/0x10 [ 99.259260][ T5316] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 99.261841][ T5316] ? down_read+0x2be/0x330 [ 99.263898][ T5316] genl_rcv+0x28/0x40 [ 99.265549][ T5316] netlink_unicast+0x7bb/0x940 [ 99.267594][ T5316] netlink_sendmsg+0x813/0xb40 [ 99.269717][ T5316] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.272247][ T5316] ? futex_unqueue+0x22/0x240 [ 99.274748][ T5316] ? aa_sock_msg_perm+0xf1/0x1b0 [ 99.276916][ T5316] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 99.279201][ T5316] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.281509][ T5316] ____sys_sendmsg+0x9b9/0xa20 [ 99.283844][ T5316] ? __pfx_____sys_sendmsg+0x10/0x10 [ 99.286362][ T5316] ? lock_release+0x4b/0x3c0 [ 99.288658][ T5316] ? import_iovec+0x73/0xa0 [ 99.290697][ T5316] ___sys_sendmsg+0x2a5/0x360 [ 99.292781][ T5316] ? __pfx____sys_sendmsg+0x10/0x10 [ 99.295274][ T5316] ? futex_wait+0x2a2/0x390 [ 99.297590][ T5316] ? __fget_files+0x2a/0x420 [ 99.299811][ T5316] ? __fget_files+0x3a2/0x420 [ 99.301916][ T5316] __x64_sys_sendmsg+0x1b1/0x290 [ 99.304237][ T5316] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 99.306812][ T5316] ? rcu_is_watching+0x15/0xb0 [ 99.309242][ T5316] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.311941][ T5316] do_syscall_64+0x174/0x580 [ 99.313994][ T5316] ? trace_irq_disable+0x3b/0x140 [ 99.316273][ T5316] ? clear_bhb_loop+0x40/0x90 [ 99.318627][ T5316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.321582][ T5316] RIP: 0033:0x7fd2c919ce59 [ 99.323589][ T5316] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 99.331718][ T5316] RSP: 002b:00007fd2ca118fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 99.335951][ T5316] RAX: ffffffffffffffda RBX: 00007fd2c9415fa0 RCX: 00007fd2c919ce59 [ 99.339428][ T5316] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000007 [ 99.342796][ T5316] RBP: 00007fd2c9232e6f R08: 0000000000000000 R09: 0000000000000000 [ 99.346788][ T5316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 99.350520][ T5316] R13: 00007fd2c9416038 R14: 00007fd2c9415fa0 R15: 00007ffd5efbccb8 [ 99.353973][ T5316] [ 99.355734][ T5316] Kernel Offset: disabled [ 99.357845][ T5316] Rebooting in 86400 seconds..