program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r3, 0x11, 0xb, &(0x7f0000000080)=0x9, 0x4) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0xd4, r1, 0x5, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x9, 0x6f}}}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x92, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x0, @void, @val={0x1, 0x8, [{0x18, 0x1}, {0x12}, {0x9}, {0x36}, {0x2, 0x1}, {0x2}, {0x6}, {0x2e, 0x1}]}, @void, @void, @void, @val={0x5, 0x5e, {0x8, 0xc, 0x8, "d2098dc58e68d66fd983f516a7fdf8e71b5b050867b05c91a813367e70fcbe502bb1a4b6576a6ca848c69c4ddf589322cd546bd87a85e5e508d66de8c9601b0fc5d5f2a2fd584443ceabe120847cba0fb5a4371895d4d07410ccbb"}}, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x400b}]}, 0xd4}}, 0x20000014) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') mkdir(&(0x7f0000000000)='./control\x00', 0x0) open$dir(&(0x7f00000002c0)='./control/file0\x00', 0x80040, 0x0) r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) mkdirat(r7, &(0x7f0000000100)='./control\x00', 0x0) getdents64(r7, &(0x7f0000fc4fbe)=""/80, 0x50) lseek(r7, 0x8, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r5, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000040)={0x3c, r6, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) r9 = socket(0x10, 0x3, 0x0) r10 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100707070000c00028008000100", @ANYRES32=r10, @ANYBLOB='\b\x00\n\x00', @ANYRES64=r9], 0x40}}, 0x0) ioctl$sock_inet_SIOCSARP(r9, 0x8955, &(0x7f0000000240)={{0x2, 0x4e21, @local}, {0x1, @local}, 0x30, {0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 'ip6gretap0\x00'}) close(0x4) r11 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r11, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) [ 76.273291][ T5299] Bluetooth: hci0: command tx timeout [ 76.361442][ T5319] ------------[ cut here ]------------ [ 76.364094][ T5319] WARNING: CPU: 0 PID: 5319 at net/mac80211/rate.c:53 rate_control_rate_init+0x64a/0x6e0 [ 76.368100][ T5319] Modules linked in: [ 76.369887][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.374314][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.379225][ T5319] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 76.381726][ T5319] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 02 f7 00 f7 90 0f 0b 90 eb e1 e8 f7 f6 00 f7 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 76.389507][ T5319] RSP: 0018:ffffc9000d316f60 EFLAGS: 00010287 [ 76.391905][ T5319] RAX: ffffffff8abf2c79 RBX: ffff8880334d8000 RCX: 0000000000100000 [ 76.395501][ T5319] RDX: ffffc9000e162000 RSI: 0000000000000358 RDI: 0000000000000359 [ 76.398885][ T5319] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8abf2793 [ 76.402187][ T5319] R10: dffffc0000000000 R11: ffffed100669b031 R12: 1ffff1100669b00a [ 76.406072][ T5319] R13: ffff88803f148e80 R14: 0000000000000001 R15: ffffffff8abf2793 [ 76.410233][ T5319] FS: 00007fe706c9d6c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000 [ 76.414198][ T5319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.416802][ T5319] CR2: 0000200000001080 CR3: 0000000042100000 CR4: 0000000000352ef0 [ 76.419918][ T5319] Call Trace: [ 76.421249][ T5319] [ 76.422547][ T5319] rate_control_rate_init_all_links+0x109/0x1a0 [ 76.425288][ T5319] sta_apply_auth_flags+0x1c2/0x400 [ 76.427634][ T5319] sta_apply_parameters+0xe27/0x1570 [ 76.429918][ T5319] ieee80211_add_station+0x424/0x6a0 [ 76.432072][ T5319] rdev_add_station+0x108/0x290 [ 76.434232][ T5319] nl80211_new_station+0x1755/0x1b70 [ 76.436425][ T5319] ? __pfx_nl80211_new_station+0x10/0x10 [ 76.438794][ T5319] ? netdev_run_todo+0xe1d/0xea0 [ 76.440923][ T5319] ? nl80211_pre_doit+0x4f1/0x930 [ 76.443260][ T5319] genl_family_rcv_msg_doit+0x215/0x300 [ 76.445673][ T5319] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 76.448273][ T5319] ? bpf_lsm_capable+0x9/0x20 [ 76.450387][ T5319] ? security_capable+0x7e/0x2e0 [ 76.452616][ T5319] genl_rcv_msg+0x60e/0x790 [ 76.454736][ T5319] ? __pfx_genl_rcv_msg+0x10/0x10 [ 76.457109][ T5319] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 76.459420][ T5319] ? __pfx_nl80211_new_station+0x10/0x10 [ 76.461772][ T5319] ? __pfx_nl80211_post_doit+0x10/0x10 [ 76.464114][ T5319] ? __asan_memcpy+0x40/0x70 [ 76.466159][ T5319] ? __pfx_ref_tracker_free+0x10/0x10 [ 76.468455][ T5319] netlink_rcv_skb+0x208/0x470 [ 76.470518][ T5319] ? __lock_acquire+0xab9/0xd20 [ 76.472678][ T5319] ? __pfx_genl_rcv_msg+0x10/0x10 [ 76.475100][ T5319] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 76.477522][ T5319] ? down_read+0x1ad/0x2e0 [ 76.479587][ T5319] genl_rcv+0x28/0x40 [ 76.481597][ T5319] netlink_unicast+0x82f/0x9e0 [ 76.483898][ T5319] ? __pfx_netlink_unicast+0x10/0x10 [ 76.486316][ T5319] ? netlink_sendmsg+0x642/0xb30 [ 76.488523][ T5319] ? skb_put+0x11b/0x210 [ 76.490446][ T5319] netlink_sendmsg+0x805/0xb30 [ 76.492457][ T5319] ? __pfx_netlink_sendmsg+0x10/0x10 [ 76.494930][ T5319] ? aa_sock_msg_perm+0xf1/0x1d0 [ 76.497078][ T5319] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 76.499478][ T5319] ? __pfx_netlink_sendmsg+0x10/0x10 [ 76.501775][ T5319] __sock_sendmsg+0x21c/0x270 [ 76.504151][ T5319] ____sys_sendmsg+0x505/0x830 [ 76.506259][ T5319] ? __pfx_____sys_sendmsg+0x10/0x10 [ 76.508568][ T5319] ? import_iovec+0x74/0xa0 [ 76.510517][ T5319] ___sys_sendmsg+0x21f/0x2a0 [ 76.512415][ T5319] ? __pfx____sys_sendmsg+0x10/0x10 [ 76.514643][ T5319] ? __fget_files+0x2a/0x420 [ 76.516502][ T5319] ? __fget_files+0x3a0/0x420 [ 76.518557][ T5319] __x64_sys_sendmsg+0x19b/0x260 [ 76.520736][ T5319] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 76.523281][ T5319] ? do_syscall_64+0xbe/0xfa0 [ 76.525363][ T5319] do_syscall_64+0xfa/0xfa0 [ 76.527368][ T5319] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.529583][ T5319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.532127][ T5319] ? clear_bhb_loop+0x60/0xb0 [ 76.534326][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.536896][ T5319] RIP: 0033:0x7fe705d8f6c9 [ 76.538922][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.547284][ T5319] RSP: 002b:00007fe706c9d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.550934][ T5319] RAX: ffffffffffffffda RBX: 00007fe705fe5fa0 RCX: 00007fe705d8f6c9 [ 76.554270][ T5319] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000008 [ 76.557448][ T5319] RBP: 00007fe705e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 76.560513][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.563603][ T5319] R13: 00007fe705fe6038 R14: 00007fe705fe5fa0 R15: 00007fff404223d8 [ 76.566754][ T5319] [ 76.568022][ T5319] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 76.571001][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.574775][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.579206][ T5319] Call Trace: [ 76.580622][ T5319] [ 76.581880][ T5319] dump_stack_lvl+0x99/0x250 [ 76.583936][ T5319] ? __asan_memcpy+0x40/0x70 [ 76.585922][ T5319] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.588082][ T5319] ? __pfx__printk+0x10/0x10 [ 76.590119][ T5319] vpanic+0x237/0x6d0 [ 76.591840][ T5319] ? __pfx_vpanic+0x10/0x10 [ 76.593831][ T5319] panic+0xb9/0xc0 [ 76.595512][ T5319] ? __pfx_panic+0x10/0x10 [ 76.597439][ T5319] __warn+0x31b/0x4b0 [ 76.599182][ T5319] ? rate_control_rate_init+0x64a/0x6e0 [ 76.601583][ T5319] ? rate_control_rate_init+0x64a/0x6e0 [ 76.603973][ T5319] report_bug+0x2be/0x4f0 [ 76.605748][ T5319] ? rate_control_rate_init+0x64a/0x6e0 [ 76.607960][ T5319] ? rate_control_rate_init+0x64a/0x6e0 [ 76.610655][ T5319] ? rate_control_rate_init+0x64c/0x6e0 [ 76.613061][ T5319] handle_bug+0x84/0x160 [ 76.614961][ T5319] exc_invalid_op+0x1a/0x50 [ 76.616904][ T5319] asm_exc_invalid_op+0x1a/0x20 [ 76.619032][ T5319] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 76.621623][ T5319] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 02 f7 00 f7 90 0f 0b 90 eb e1 e8 f7 f6 00 f7 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 76.629603][ T5319] RSP: 0018:ffffc9000d316f60 EFLAGS: 00010287 [ 76.632163][ T5319] RAX: ffffffff8abf2c79 RBX: ffff8880334d8000 RCX: 0000000000100000 [ 76.635568][ T5319] RDX: ffffc9000e162000 RSI: 0000000000000358 RDI: 0000000000000359 [ 76.638954][ T5319] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8abf2793 [ 76.642273][ T5319] R10: dffffc0000000000 R11: ffffed100669b031 R12: 1ffff1100669b00a [ 76.645705][ T5319] R13: ffff88803f148e80 R14: 0000000000000001 R15: ffffffff8abf2793 [ 76.649176][ T5319] ? rate_control_rate_init+0x163/0x6e0 [ 76.651674][ T5319] ? rate_control_rate_init+0x163/0x6e0 [ 76.654113][ T5319] ? rate_control_rate_init+0x649/0x6e0 [ 76.656575][ T5319] rate_control_rate_init_all_links+0x109/0x1a0 [ 76.659275][ T5319] sta_apply_auth_flags+0x1c2/0x400 [ 76.661633][ T5319] sta_apply_parameters+0xe27/0x1570 [ 76.663916][ T5319] ieee80211_add_station+0x424/0x6a0 [ 76.666239][ T5319] rdev_add_station+0x108/0x290 [ 76.668652][ T5319] nl80211_new_station+0x1755/0x1b70 [ 76.670961][ T5319] ? __pfx_nl80211_new_station+0x10/0x10 [ 76.673353][ T5319] ? netdev_run_todo+0xe1d/0xea0 [ 76.675553][ T5319] ? nl80211_pre_doit+0x4f1/0x930 [ 76.677773][ T5319] genl_family_rcv_msg_doit+0x215/0x300 [ 76.680202][ T5319] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 76.682919][ T5319] ? bpf_lsm_capable+0x9/0x20 [ 76.684970][ T5319] ? security_capable+0x7e/0x2e0 [ 76.687211][ T5319] genl_rcv_msg+0x60e/0x790 [ 76.689212][ T5319] ? __pfx_genl_rcv_msg+0x10/0x10 [ 76.691242][ T5319] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 76.693346][ T5319] ? __pfx_nl80211_new_station+0x10/0x10 [ 76.695687][ T5319] ? __pfx_nl80211_post_doit+0x10/0x10 [ 76.698046][ T5319] ? __asan_memcpy+0x40/0x70 [ 76.700085][ T5319] ? __pfx_ref_tracker_free+0x10/0x10 [ 76.702215][ T5319] netlink_rcv_skb+0x208/0x470 [ 76.704189][ T5319] ? __lock_acquire+0xab9/0xd20 [ 76.706049][ T5319] ? __pfx_genl_rcv_msg+0x10/0x10 [ 76.707999][ T5319] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 76.710054][ T5319] ? down_read+0x1ad/0x2e0 [ 76.711789][ T5319] genl_rcv+0x28/0x40 [ 76.713378][ T5319] netlink_unicast+0x82f/0x9e0 [ 76.715355][ T5319] ? __pfx_netlink_unicast+0x10/0x10 [ 76.717503][ T5319] ? netlink_sendmsg+0x642/0xb30 [ 76.719598][ T5319] ? skb_put+0x11b/0x210 [ 76.721414][ T5319] netlink_sendmsg+0x805/0xb30 [ 76.723440][ T5319] ? __pfx_netlink_sendmsg+0x10/0x10 [ 76.725812][ T5319] ? aa_sock_msg_perm+0xf1/0x1d0 [ 76.728007][ T5319] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 76.730418][ T5319] ? __pfx_netlink_sendmsg+0x10/0x10 [ 76.732661][ T5319] __sock_sendmsg+0x21c/0x270 [ 76.734654][ T5319] ____sys_sendmsg+0x505/0x830 [ 76.736697][ T5319] ? __pfx_____sys_sendmsg+0x10/0x10 [ 76.738819][ T5319] ? import_iovec+0x74/0xa0 [ 76.740872][ T5319] ___sys_sendmsg+0x21f/0x2a0 [ 76.743050][ T5319] ? __pfx____sys_sendmsg+0x10/0x10 [ 76.745648][ T5319] ? __fget_files+0x2a/0x420 [ 76.747579][ T5319] ? __fget_files+0x3a0/0x420 [ 76.749642][ T5319] __x64_sys_sendmsg+0x19b/0x260 [ 76.751711][ T5319] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 76.754109][ T5319] ? do_syscall_64+0xbe/0xfa0 [ 76.756175][ T5319] do_syscall_64+0xfa/0xfa0 [ 76.758453][ T5319] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.761230][ T5319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.763795][ T5319] ? clear_bhb_loop+0x60/0xb0 [ 76.765850][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.768405][ T5319] RIP: 0033:0x7fe705d8f6c9 [ 76.770384][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.778422][ T5319] RSP: 002b:00007fe706c9d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.781836][ T5319] RAX: ffffffffffffffda RBX: 00007fe705fe5fa0 RCX: 00007fe705d8f6c9 [ 76.785062][ T5319] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000008 [ 76.788406][ T5319] RBP: 00007fe705e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 76.791733][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.794982][ T5319] R13: 00007fe705fe6038 R14: 00007fe705fe5fa0 R15: 00007fff404223d8 [ 76.798060][ T5319] [ 76.799718][ T5319] Kernel Offset: disabled [ 76.801660][ T5319] Rebooting in 86400 seconds..