program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0xa4, r4, 0x5, 0x70bd2b, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4c, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x4000, 0x1, 0x7, 0x0, {0xa600000000000000, 0x3, 0x0, 0x3fe, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x9, 0x3}}, @val={0x72, 0x6}, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x38}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xf000}], @NL80211_ATTR_HE_BSS_COLOR={0x14, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_PARTIAL={0x4}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}, @NL80211_HE_BSS_COLOR_ATTR_PARTIAL={0x4}, @NL80211_HE_BSS_COLOR_ATTR_PARTIAL={0x4}]}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0xa4}}, 0x20000014) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r7, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000280)={0x3c, r8, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) [ 69.599997][ T5283] Bluetooth: hci0: command tx timeout [ 69.670812][ T5318] ------------[ cut here ]------------ [ 69.673320][ T5318] !chanctx_conf [ 69.673332][ T5318] WARNING: net/mac80211/rate.c:51 at rate_control_rate_init+0x5a6/0x630, CPU#0: syz.0.0/5318 [ 69.679810][ T5318] Modules linked in: [ 69.681878][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 69.687283][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 69.693266][ T5318] RIP: 0010:rate_control_rate_init+0x5a6/0x630 [ 69.696891][ T5318] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 76 2e a5 f6 90 0f 0b 90 eb e1 e8 6b 2e a5 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 84 00 00 00 [ 69.706912][ T5318] RSP: 0018:ffffc9000dbd6fe0 EFLAGS: 00010283 [ 69.710069][ T5318] RAX: ffffffff8b210655 RBX: ffff888012970050 RCX: 0000000000100000 [ 69.713288][ T5318] RDX: ffffc9000ee92000 RSI: 00000000000003a0 RDI: 00000000000003a1 [ 69.716606][ T5318] RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000 [ 69.719831][ T5318] R10: dffffc0000000000 R11: ffffed100252e031 R12: ffffffff8b2101c7 [ 69.723643][ T5318] R13: ffff88801fd10f40 R14: 0000000000000000 R15: 0000000000000000 [ 69.727983][ T5318] FS: 00007f3f275bc6c0(0000) GS:ffff88808c84f000(0000) knlGS:0000000000000000 [ 69.731893][ T5318] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.734961][ T5318] CR2: 00007f3f269ee6b8 CR3: 000000003393d000 CR4: 0000000000352ef0 [ 69.738944][ T5318] Call Trace: [ 69.740779][ T5318] [ 69.742321][ T5318] rate_control_rate_init_all_links+0xf4/0x190 [ 69.745097][ T5318] sta_apply_auth_flags+0x1bc/0x430 [ 69.747287][ T5318] sta_apply_parameters+0x126d/0x1b10 [ 69.749737][ T5318] ieee80211_add_station+0x3de/0x700 [ 69.752164][ T5318] rdev_add_station+0xfc/0x290 [ 69.754540][ T5318] nl80211_new_station+0x1b4e/0x1fd0 [ 69.757241][ T5318] ? trace_contention_end+0x3d/0x140 [ 69.759758][ T5318] ? __pfx_nl80211_new_station+0x10/0x10 [ 69.762342][ T5318] ? __rtnl_unlock+0xc8/0xf0 [ 69.764360][ T5318] ? nl80211_pre_doit+0x53d/0x890 [ 69.766954][ T5318] genl_family_rcv_msg_doit+0x233/0x340 [ 69.770108][ T5318] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 69.773186][ T5318] ? bpf_lsm_capable+0x9/0x20 [ 69.775350][ T5318] ? security_capable+0x7e/0x2c0 [ 69.777614][ T5318] genl_rcv_msg+0x614/0x7a0 [ 69.779472][ T5318] ? __pfx_genl_rcv_msg+0x10/0x10 [ 69.781589][ T5318] ? ref_tracker_free+0x689/0x830 [ 69.783924][ T5318] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 69.787211][ T5318] ? __pfx_nl80211_new_station+0x10/0x10 [ 69.790390][ T5318] ? __pfx_nl80211_post_doit+0x10/0x10 [ 69.792661][ T5318] ? __pfx_ref_tracker_free+0x10/0x10 [ 69.795065][ T5318] ? __asan_memcpy+0x40/0x70 [ 69.797100][ T5318] ? __skb_clone+0x5c/0x6c0 [ 69.798973][ T5318] netlink_rcv_skb+0x226/0x4a0 [ 69.800930][ T5318] ? __pfx_genl_rcv_msg+0x10/0x10 [ 69.803168][ T5318] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 69.806160][ T5318] ? down_read+0x2be/0x330 [ 69.808651][ T5318] genl_rcv+0x28/0x40 [ 69.810642][ T5318] netlink_unicast+0x7bb/0x940 [ 69.812516][ T5318] netlink_sendmsg+0x813/0xb40 [ 69.814460][ T5318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 69.816666][ T5318] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 69.819469][ T5318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 69.822010][ T5318] sock_sendmsg_nosec+0x13a/0x180 [ 69.824527][ T5318] ____sys_sendmsg+0x54e/0x850 [ 69.827065][ T5318] ? __pfx_____sys_sendmsg+0x10/0x10 [ 69.829562][ T5318] ? lock_release+0x4b/0x3c0 [ 69.831644][ T5318] ? import_iovec+0x73/0xa0 [ 69.833435][ T5318] ___sys_sendmsg+0x2a5/0x360 [ 69.835389][ T5318] ? __pfx____sys_sendmsg+0x10/0x10 [ 69.837448][ T5318] ? futex_wake+0x51b/0x5f0 [ 69.839403][ T5318] ? rcu_is_watching+0x15/0xb0 [ 69.841647][ T5318] ? __fget_files+0x2a/0x420 [ 69.843895][ T5318] ? __fget_files+0x3a2/0x420 [ 69.846148][ T5318] __x64_sys_sendmsg+0x1b1/0x290 [ 69.848273][ T5318] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 69.850718][ T5318] ? rcu_is_watching+0x15/0xb0 [ 69.853011][ T5318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.856241][ T5318] do_syscall_64+0x174/0x580 [ 69.858405][ T5318] ? trace_irq_disable+0x3b/0x140 [ 69.860625][ T5318] ? clear_bhb_loop+0x40/0x90 [ 69.862614][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.864809][ T5318] RIP: 0033:0x7f3f2679ce59 [ 69.866751][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 69.876885][ T5318] RSP: 002b:00007f3f275bbfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 69.880415][ T5318] RAX: ffffffffffffffda RBX: 00007f3f26a15fa0 RCX: 00007f3f2679ce59 [ 69.883685][ T5318] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000007 [ 69.886619][ T5318] RBP: 00007f3f26832e6f R08: 0000000000000000 R09: 0000000000000000 [ 69.889639][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.893259][ T5318] R13: 00007f3f26a16038 R14: 00007f3f26a15fa0 R15: 00007fff71a94f08 [ 69.896689][ T5318] [ 69.898149][ T5318] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 69.901176][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 69.905597][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 69.910039][ T5318] Call Trace: [ 69.911437][ T5318] [ 69.912700][ T5318] vpanic+0x56c/0xa60 [ 69.914484][ T5318] ? __pfx__printk+0x10/0x10 [ 69.916628][ T5318] ? __pfx_vpanic+0x10/0x10 [ 69.918663][ T5318] ? is_bpf_text_address+0x292/0x2b0 [ 69.921382][ T5318] ? is_bpf_text_address+0x26/0x2b0 [ 69.924212][ T5318] panic+0xc5/0xd0 [ 69.925846][ T5318] ? __pfx_panic+0x10/0x10 [ 69.927597][ T5318] __warn+0x315/0x4c0 [ 69.929206][ T5318] ? rate_control_rate_init+0x5a6/0x630 [ 69.931120][ T5318] ? rate_control_rate_init+0x5a6/0x630 [ 69.933032][ T5318] __report_bug+0x331/0x530 [ 69.934567][ T5318] ? rate_control_rate_init+0x5a6/0x630 [ 69.936433][ T5318] ? __pfx___report_bug+0x10/0x10 [ 69.938204][ T5318] ? lock_release+0x4b/0x3c0 [ 69.939896][ T5318] ? netlink_rcv_skb+0x226/0x4a0 [ 69.941580][ T5318] ? rate_control_rate_init+0x5a6/0x630 [ 69.944097][ T5318] report_bug+0x16a/0x220 [ 69.946436][ T5318] ? rate_control_rate_init+0x5a6/0x630 [ 69.949151][ T5318] ? rate_control_rate_init+0x5a8/0x630 [ 69.951594][ T5318] handle_bug+0x9c/0x200 [ 69.953394][ T5318] exc_invalid_op+0x1a/0x50 [ 69.955335][ T5318] asm_exc_invalid_op+0x1a/0x20 [ 69.957385][ T5318] RIP: 0010:rate_control_rate_init+0x5a6/0x630 [ 69.960173][ T5318] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 76 2e a5 f6 90 0f 0b 90 eb e1 e8 6b 2e a5 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 84 00 00 00 [ 69.970006][ T5318] RSP: 0018:ffffc9000dbd6fe0 EFLAGS: 00010283 [ 69.972590][ T5318] RAX: ffffffff8b210655 RBX: ffff888012970050 RCX: 0000000000100000 [ 69.975942][ T5318] RDX: ffffc9000ee92000 RSI: 00000000000003a0 RDI: 00000000000003a1 [ 69.979221][ T5318] RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000 [ 69.982695][ T5318] R10: dffffc0000000000 R11: ffffed100252e031 R12: ffffffff8b2101c7 [ 69.986350][ T5318] R13: ffff88801fd10f40 R14: 0000000000000000 R15: 0000000000000000 [ 69.989736][ T5318] ? rate_control_rate_init+0x117/0x630 [ 69.992217][ T5318] ? rate_control_rate_init+0x5a5/0x630 [ 69.994652][ T5318] rate_control_rate_init_all_links+0xf4/0x190 [ 69.997281][ T5318] sta_apply_auth_flags+0x1bc/0x430 [ 70.000025][ T5318] sta_apply_parameters+0x126d/0x1b10 [ 70.002904][ T5318] ieee80211_add_station+0x3de/0x700 [ 70.005612][ T5318] rdev_add_station+0xfc/0x290 [ 70.007848][ T5318] nl80211_new_station+0x1b4e/0x1fd0 [ 70.010291][ T5318] ? trace_contention_end+0x3d/0x140 [ 70.012620][ T5318] ? __pfx_nl80211_new_station+0x10/0x10 [ 70.015094][ T5318] ? __rtnl_unlock+0xc8/0xf0 [ 70.017333][ T5318] ? nl80211_pre_doit+0x53d/0x890 [ 70.019808][ T5318] genl_family_rcv_msg_doit+0x233/0x340 [ 70.022823][ T5318] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 70.025798][ T5318] ? bpf_lsm_capable+0x9/0x20 [ 70.027870][ T5318] ? security_capable+0x7e/0x2c0 [ 70.030120][ T5318] genl_rcv_msg+0x614/0x7a0 [ 70.032215][ T5318] ? __pfx_genl_rcv_msg+0x10/0x10 [ 70.034559][ T5318] ? ref_tracker_free+0x689/0x830 [ 70.037058][ T5318] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 70.039983][ T5318] ? __pfx_nl80211_new_station+0x10/0x10 [ 70.042864][ T5318] ? __pfx_nl80211_post_doit+0x10/0x10 [ 70.045220][ T5318] ? __pfx_ref_tracker_free+0x10/0x10 [ 70.047625][ T5318] ? __asan_memcpy+0x40/0x70 [ 70.049556][ T5318] ? __skb_clone+0x5c/0x6c0 [ 70.051672][ T5318] netlink_rcv_skb+0x226/0x4a0 [ 70.054159][ T5318] ? __pfx_genl_rcv_msg+0x10/0x10 [ 70.056831][ T5318] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 70.059362][ T5318] ? down_read+0x2be/0x330 [ 70.061512][ T5318] genl_rcv+0x28/0x40 [ 70.063327][ T5318] netlink_unicast+0x7bb/0x940 [ 70.065526][ T5318] netlink_sendmsg+0x813/0xb40 [ 70.067651][ T5318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 70.070187][ T5318] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 70.073136][ T5318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 70.075628][ T5318] sock_sendmsg_nosec+0x13a/0x180 [ 70.077858][ T5318] ____sys_sendmsg+0x54e/0x850 [ 70.080003][ T5318] ? __pfx_____sys_sendmsg+0x10/0x10 [ 70.082322][ T5318] ? lock_release+0x4b/0x3c0 [ 70.084490][ T5318] ? import_iovec+0x73/0xa0 [ 70.086715][ T5318] ___sys_sendmsg+0x2a5/0x360 [ 70.088940][ T5318] ? __pfx____sys_sendmsg+0x10/0x10 [ 70.091310][ T5318] ? futex_wake+0x51b/0x5f0 [ 70.093391][ T5318] ? rcu_is_watching+0x15/0xb0 [ 70.095563][ T5318] ? __fget_files+0x2a/0x420 [ 70.097641][ T5318] ? __fget_files+0x3a2/0x420 [ 70.099797][ T5318] __x64_sys_sendmsg+0x1b1/0x290 [ 70.102789][ T5318] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 70.105937][ T5318] ? rcu_is_watching+0x15/0xb0 [ 70.108080][ T5318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.110712][ T5318] do_syscall_64+0x174/0x580 [ 70.112796][ T5318] ? trace_irq_disable+0x3b/0x140 [ 70.115057][ T5318] ? clear_bhb_loop+0x40/0x90 [ 70.117198][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.119624][ T5318] RIP: 0033:0x7f3f2679ce59 [ 70.121271][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 70.130593][ T5318] RSP: 002b:00007f3f275bbfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 70.134263][ T5318] RAX: ffffffffffffffda RBX: 00007f3f26a15fa0 RCX: 00007f3f2679ce59 [ 70.137831][ T5318] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000007 [ 70.142259][ T5318] RBP: 00007f3f26832e6f R08: 0000000000000000 R09: 0000000000000000 [ 70.146658][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.150480][ T5318] R13: 00007f3f26a16038 R14: 00007f3f26a15fa0 R15: 00007fff71a94f08 [ 70.153961][ T5318] [ 70.155768][ T5318] Kernel Offset: disabled [ 70.158023][ T5318] Rebooting in 86400 seconds..