program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="0800050003000000a178322e945426776f1e1c24bd1a6b29cbf68181a530042c6c3553271ba9f683be45a36c44aa9a5329e29c42df64805513ddb60a84797adfdf4c7ebd466e0eca52c73d9c8a06e83bf60ee73879cf3c58ad979403077900e0557e4664df7e35a29e5ce4c718c141a456fe89c42a5ccc7b38ea506f790b4c5a784e378995eb9ff0f6a4af3050f9227ff9c7d368bfaf6b75d26ddfddfedbb97c9536d87a80d53244c715c824fc9ae754fcb8628ba2f14ea4735da797a449b7b786f54dd8b40d1013666110e21a5a80e86ad4f73542a10fe99ce495b5"], 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x5c}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000079a0480000000000610448000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd8b, 0xffffffffffffffff}, 0x48) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r5, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000000)={0x3c, r6, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) ioctl$XFS_IOC_AG_GEOMETRY(r4, 0xc080583d, &(0x7f0000000580)={0x9, 0xfffffce1, 0xfffffcb3, 0x9, 0x9, 0x8, 0x3, 0x10}) sendmsg$NL80211_CMD_NEW_KEY(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000340)={0x58, r8, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x30, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee33908f8eef16f162471f4"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}]}]}, 0x58}}, 0x0) [ 92.576179][ T4655] Bluetooth: hci0: command tx timeout [ 92.678872][ T5326] ------------[ cut here ]------------ [ 92.681325][ T5326] !chanctx_conf [ 92.681352][ T5326] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x64a/0x6e0, CPU#0: syz.0.0/5326 [ 92.687479][ T5326] Modules linked in: [ 92.689242][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 92.692959][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 92.696870][ T5326] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 92.699592][ T5326] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 52 b0 a8 f6 90 0f 0b 90 eb e1 e8 47 b0 a8 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 92.706907][ T5326] RSP: 0018:ffffc9000e2befd8 EFLAGS: 00010287 [ 92.709215][ T5326] RAX: ffffffff8b1d0a49 RBX: ffff888012a54000 RCX: 0000000000100000 [ 92.712431][ T5326] RDX: ffffc9000efb2000 RSI: 0000000000000387 RDI: 0000000000000388 [ 92.715535][ T5326] RBP: 0000000000000000 R08: ffffffff8b1d0563 R09: ffffffff8e95cd60 [ 92.718635][ T5326] R10: dffffc0000000000 R11: ffffed100254a831 R12: 1ffff1100254a80a [ 92.721770][ T5326] R13: ffff888012c30f20 R14: 0000000000000001 R15: ffffffff8b1d0563 [ 92.724883][ T5326] FS: 00007ff0627816c0(0000) GS:ffff88808c885000(0000) knlGS:0000000000000000 [ 92.728231][ T5326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 92.730945][ T5326] CR2: 00007ff05ddd2f68 CR3: 0000000012ba4000 CR4: 0000000000352ef0 [ 92.734087][ T5326] Call Trace: [ 92.735427][ T5326] [ 92.736657][ T5326] rate_control_rate_init_all_links+0x109/0x1a0 [ 92.739017][ T5326] sta_apply_auth_flags+0x1c2/0x400 [ 92.741175][ T5326] sta_apply_parameters+0x1098/0x18a0 [ 92.743338][ T5326] ieee80211_add_station+0x3e6/0x710 [ 92.745406][ T5326] rdev_add_station+0xfc/0x290 [ 92.747242][ T5326] nl80211_new_station+0x1cab/0x2130 [ 92.749342][ T5326] ? __pfx_nl80211_new_station+0x10/0x10 [ 92.751681][ T5326] ? __rtnl_unlock+0xc8/0xf0 [ 92.753589][ T5326] genl_family_rcv_msg_doit+0x22a/0x330 [ 92.755763][ T5326] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 92.758212][ T5326] ? bpf_lsm_capable+0x9/0x20 [ 92.760049][ T5326] ? security_capable+0x7e/0x2c0 [ 92.762318][ T5326] genl_rcv_msg+0x61c/0x7a0 [ 92.764258][ T5326] ? __pfx_genl_rcv_msg+0x10/0x10 [ 92.766213][ T5326] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 92.768376][ T5326] ? __pfx_nl80211_new_station+0x10/0x10 [ 92.770711][ T5326] ? __pfx_nl80211_post_doit+0x10/0x10 [ 92.772864][ T5326] ? __pfx_ref_tracker_free+0x10/0x10 [ 92.774896][ T5326] ? __asan_memcpy+0x40/0x70 [ 92.776772][ T5326] ? __skb_clone+0x63/0x7a0 [ 92.778548][ T5326] netlink_rcv_skb+0x232/0x4b0 [ 92.780626][ T5326] ? __pfx_genl_rcv_msg+0x10/0x10 [ 92.782594][ T5326] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 92.784601][ T5326] ? down_read+0x270/0x2e0 [ 92.786317][ T5326] ? genl_rcv+0xd/0x40 [ 92.788078][ T5326] genl_rcv+0x28/0x40 [ 92.789661][ T5326] netlink_unicast+0x75c/0x8e0 [ 92.791681][ T5326] netlink_sendmsg+0x813/0xb40 [ 92.793632][ T5326] ? __pfx_netlink_sendmsg+0x10/0x10 [ 92.795688][ T5326] ? aa_sock_msg_perm+0xf1/0x1b0 [ 92.797565][ T5326] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 92.799512][ T5326] ____sys_sendmsg+0x972/0x9f0 [ 92.801677][ T5326] ? __might_fault+0xaf/0x130 [ 92.803592][ T5326] ? __pfx_____sys_sendmsg+0x10/0x10 [ 92.805751][ T5326] ? import_iovec+0x73/0xa0 [ 92.807538][ T5326] ___sys_sendmsg+0x2a5/0x360 [ 92.809489][ T5326] ? __lock_acquire+0x6b5/0x2cf0 [ 92.811540][ T5326] ? __pfx____sys_sendmsg+0x10/0x10 [ 92.813658][ T5326] ? futex_wait+0x2a2/0x390 [ 92.815453][ T5326] ? __fget_files+0x2a/0x420 [ 92.817403][ T5326] ? __fget_files+0x3a0/0x420 [ 92.819423][ T5326] __x64_sys_sendmsg+0x1bd/0x2a0 [ 92.822588][ T5326] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 92.824730][ T5326] ? rcu_is_watching+0x15/0xb0 [ 92.826624][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.829036][ T5326] do_syscall_64+0x15f/0xf80 [ 92.830988][ T5326] ? trace_irq_disable+0x3b/0x140 [ 92.833032][ T5326] ? clear_bhb_loop+0x40/0x90 [ 92.834857][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.837178][ T5326] RIP: 0033:0x7ff06199cdd9 [ 92.838935][ T5326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 92.846303][ T5326] RSP: 002b:00007ff062780fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 92.849282][ T5326] RAX: ffffffffffffffda RBX: 00007ff061c15fa0 RCX: 00007ff06199cdd9 [ 92.852169][ T5326] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000006 [ 92.854952][ T5326] RBP: 00007ff061a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 92.857983][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 92.861020][ T5326] R13: 00007ff061c16038 R14: 00007ff061c15fa0 R15: 00007fffc098e1b8 [ 92.864061][ T5326] [ 92.865341][ T5326] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 92.868282][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 92.871728][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 92.875481][ T5326] Call Trace: [ 92.876716][ T5326] [ 92.877847][ T5326] vpanic+0x56c/0xa60 [ 92.879355][ T5326] ? __pfx__printk+0x10/0x10 [ 92.881187][ T5326] ? __pfx_vpanic+0x10/0x10 [ 92.883188][ T5326] ? is_bpf_text_address+0x292/0x2b0 [ 92.885350][ T5326] ? is_bpf_text_address+0x26/0x2b0 [ 92.887311][ T5326] panic+0xc5/0xd0 [ 92.889030][ T5326] ? __pfx_panic+0x10/0x10 [ 92.891087][ T5326] __warn+0x315/0x4c0 [ 92.892819][ T5326] ? rate_control_rate_init+0x64a/0x6e0 [ 92.896023][ T5326] ? rate_control_rate_init+0x64a/0x6e0 [ 92.898512][ T5326] __report_bug+0x29a/0x540 [ 92.899922][ T5326] ? rate_control_rate_init+0x64a/0x6e0 [ 92.902122][ T5326] ? __pfx___report_bug+0x10/0x10 [ 92.904224][ T5326] ? __lock_acquire+0x6b5/0x2cf0 [ 92.906309][ T5326] ? __lock_acquire+0x6b5/0x2cf0 [ 92.908933][ T5326] ? rate_control_rate_init+0x64a/0x6e0 [ 92.912062][ T5326] report_bug+0x16a/0x220 [ 92.914516][ T5326] ? rate_control_rate_init+0x64a/0x6e0 [ 92.917910][ T5326] ? rate_control_rate_init+0x64c/0x6e0 [ 92.920879][ T5326] handle_bug+0x9c/0x200 [ 92.923335][ T5326] exc_invalid_op+0x1a/0x50 [ 92.925830][ T5326] asm_exc_invalid_op+0x1a/0x20 [ 92.928359][ T5326] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 92.932139][ T5326] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 52 b0 a8 f6 90 0f 0b 90 eb e1 e8 47 b0 a8 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 92.941984][ T5326] RSP: 0018:ffffc9000e2befd8 EFLAGS: 00010287 [ 92.945161][ T5326] RAX: ffffffff8b1d0a49 RBX: ffff888012a54000 RCX: 0000000000100000 [ 92.948723][ T5326] RDX: ffffc9000efb2000 RSI: 0000000000000387 RDI: 0000000000000388 [ 92.951896][ T5326] RBP: 0000000000000000 R08: ffffffff8b1d0563 R09: ffffffff8e95cd60 [ 92.954544][ T5326] R10: dffffc0000000000 R11: ffffed100254a831 R12: 1ffff1100254a80a [ 92.956942][ T5326] R13: ffff888012c30f20 R14: 0000000000000001 R15: ffffffff8b1d0563 [ 92.959763][ T5326] ? rate_control_rate_init+0x163/0x6e0 [ 92.961911][ T5326] ? rate_control_rate_init+0x163/0x6e0 [ 92.964002][ T5326] ? rate_control_rate_init+0x649/0x6e0 [ 92.965816][ T5326] ? rate_control_rate_init+0x649/0x6e0 [ 92.967853][ T5326] rate_control_rate_init_all_links+0x109/0x1a0 [ 92.970686][ T5326] sta_apply_auth_flags+0x1c2/0x400 [ 92.972954][ T5326] sta_apply_parameters+0x1098/0x18a0 [ 92.975501][ T5326] ieee80211_add_station+0x3e6/0x710 [ 92.977709][ T5326] rdev_add_station+0xfc/0x290 [ 92.979386][ T5326] nl80211_new_station+0x1cab/0x2130 [ 92.981461][ T5326] ? __pfx_nl80211_new_station+0x10/0x10 [ 92.983520][ T5326] ? __rtnl_unlock+0xc8/0xf0 [ 92.985241][ T5326] genl_family_rcv_msg_doit+0x22a/0x330 [ 92.987402][ T5326] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 92.989918][ T5326] ? bpf_lsm_capable+0x9/0x20 [ 92.991884][ T5326] ? security_capable+0x7e/0x2c0 [ 92.994024][ T5326] genl_rcv_msg+0x61c/0x7a0 [ 92.995807][ T5326] ? __pfx_genl_rcv_msg+0x10/0x10 [ 92.997847][ T5326] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 92.999850][ T5326] ? __pfx_nl80211_new_station+0x10/0x10 [ 93.002057][ T5326] ? __pfx_nl80211_post_doit+0x10/0x10 [ 93.004487][ T5326] ? __pfx_ref_tracker_free+0x10/0x10 [ 93.006669][ T5326] ? __asan_memcpy+0x40/0x70 [ 93.008412][ T5326] ? __skb_clone+0x63/0x7a0 [ 93.010232][ T5326] netlink_rcv_skb+0x232/0x4b0 [ 93.012206][ T5326] ? __pfx_genl_rcv_msg+0x10/0x10 [ 93.013959][ T5326] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 93.016026][ T5326] ? down_read+0x270/0x2e0 [ 93.017602][ T5326] ? genl_rcv+0xd/0x40 [ 93.019165][ T5326] genl_rcv+0x28/0x40 [ 93.020753][ T5326] netlink_unicast+0x75c/0x8e0 [ 93.022697][ T5326] netlink_sendmsg+0x813/0xb40 [ 93.024655][ T5326] ? __pfx_netlink_sendmsg+0x10/0x10 [ 93.026835][ T5326] ? aa_sock_msg_perm+0xf1/0x1b0 [ 93.028797][ T5326] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 93.031064][ T5326] ____sys_sendmsg+0x972/0x9f0 [ 93.033068][ T5326] ? __might_fault+0xaf/0x130 [ 93.034948][ T5326] ? __pfx_____sys_sendmsg+0x10/0x10 [ 93.037080][ T5326] ? import_iovec+0x73/0xa0 [ 93.038823][ T5326] ___sys_sendmsg+0x2a5/0x360 [ 93.041039][ T5326] ? __lock_acquire+0x6b5/0x2cf0 [ 93.043296][ T5326] ? __pfx____sys_sendmsg+0x10/0x10 [ 93.045535][ T5326] ? futex_wait+0x2a2/0x390 [ 93.047464][ T5326] ? __fget_files+0x2a/0x420 [ 93.049224][ T5326] ? __fget_files+0x3a0/0x420 [ 93.050740][ T5326] __x64_sys_sendmsg+0x1bd/0x2a0 [ 93.052361][ T5326] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 93.054410][ T5326] ? rcu_is_watching+0x15/0xb0 [ 93.056491][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.059179][ T5326] do_syscall_64+0x15f/0xf80 [ 93.061001][ T5326] ? trace_irq_disable+0x3b/0x140 [ 93.062722][ T5326] ? clear_bhb_loop+0x40/0x90 [ 93.064383][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.066441][ T5326] RIP: 0033:0x7ff06199cdd9 [ 93.068185][ T5326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 93.075950][ T5326] RSP: 002b:00007ff062780fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 93.079178][ T5326] RAX: ffffffffffffffda RBX: 00007ff061c15fa0 RCX: 00007ff06199cdd9 [ 93.082010][ T5326] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000006 [ 93.085322][ T5326] RBP: 00007ff061a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 93.088595][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 93.091704][ T5326] R13: 00007ff061c16038 R14: 00007ff061c15fa0 R15: 00007fffc098e1b8 [ 93.094864][ T5326] [ 93.096598][ T5326] Kernel Offset: disabled [ 93.098335][ T5326] Rebooting in 86400 seconds..