program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000480)={0x3c, r5, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) [ 108.855918][ T5298] Bluetooth: hci0: command tx timeout [ 108.940011][ T5335] ------------[ cut here ]------------ [ 108.942953][ T5335] !chanctx_conf [ 108.942964][ T5335] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x64a/0x6e0, CPU#0: syz.0.0/5335 [ 108.949263][ T5335] Modules linked in: [ 108.951205][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 108.957194][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 108.961864][ T5335] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 108.964651][ T5335] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 d2 9e a9 f6 90 0f 0b 90 eb e1 e8 c7 9e a9 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 108.972986][ T5335] RSP: 0018:ffffc9000621efd8 EFLAGS: 00010283 [ 108.977209][ T5335] RAX: ffffffff8b1c2849 RBX: ffff888012e38000 RCX: 0000000000100000 [ 108.980948][ T5335] RDX: ffffc90020001000 RSI: 0000000000000412 RDI: 0000000000000413 [ 108.984521][ T5335] RBP: 0000000000000000 R08: ffffffff8b1c2363 R09: ffffffff8e95cd20 [ 108.987856][ T5335] R10: dffffc0000000000 R11: ffffed10025c7031 R12: 1ffff110025c700a [ 108.991176][ T5335] R13: ffff88803fd20f20 R14: 0000000000000001 R15: ffffffff8b1c2363 [ 108.994614][ T5335] FS: 00007f406e9f56c0(0000) GS:ffff88808c894000(0000) knlGS:0000000000000000 [ 108.998395][ T5335] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.001238][ T5335] CR2: 00007f75391d0730 CR3: 000000000e469000 CR4: 0000000000352ef0 [ 109.004826][ T5335] Call Trace: [ 109.006292][ T5335] [ 109.007523][ T5335] rate_control_rate_init_all_links+0x109/0x1a0 [ 109.010228][ T5335] sta_apply_auth_flags+0x1c2/0x400 [ 109.012521][ T5335] sta_apply_parameters+0x10ac/0x18b0 [ 109.014883][ T5335] ieee80211_add_station+0x3e6/0x710 [ 109.017167][ T5335] rdev_add_station+0xfc/0x290 [ 109.019404][ T5335] nl80211_new_station+0x1cab/0x2130 [ 109.021797][ T5335] ? __pfx_nl80211_new_station+0x10/0x10 [ 109.024334][ T5335] ? __rtnl_unlock+0xc8/0xf0 [ 109.026318][ T5335] genl_family_rcv_msg_doit+0x22a/0x330 [ 109.028679][ T5335] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 109.031226][ T5335] ? bpf_lsm_capable+0x9/0x20 [ 109.033367][ T5335] ? security_capable+0x7e/0x2c0 [ 109.035516][ T5335] genl_rcv_msg+0x61c/0x7a0 [ 109.037504][ T5335] ? __pfx_genl_rcv_msg+0x10/0x10 [ 109.039594][ T5335] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 109.041896][ T5335] ? __pfx_nl80211_new_station+0x10/0x10 [ 109.044306][ T5335] ? __pfx_nl80211_post_doit+0x10/0x10 [ 109.046650][ T5335] ? __pfx_ref_tracker_free+0x10/0x10 [ 109.048921][ T5335] netlink_rcv_skb+0x232/0x4b0 [ 109.051127][ T5335] ? __pfx_genl_rcv_msg+0x10/0x10 [ 109.053325][ T5335] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 109.055600][ T5335] ? down_read+0x270/0x2e0 [ 109.057593][ T5335] ? genl_rcv+0xd/0x40 [ 109.059522][ T5335] genl_rcv+0x28/0x40 [ 109.061310][ T5335] netlink_unicast+0x75c/0x8e0 [ 109.063550][ T5335] netlink_sendmsg+0x813/0xb40 [ 109.065553][ T5335] ? __pfx_netlink_sendmsg+0x10/0x10 [ 109.067904][ T5335] ? aa_sock_msg_perm+0xf1/0x1b0 [ 109.070150][ T5335] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 109.072594][ T5335] ____sys_sendmsg+0x972/0x9f0 [ 109.074525][ T5335] ? __might_fault+0xaf/0x130 [ 109.076520][ T5335] ? __pfx_____sys_sendmsg+0x10/0x10 [ 109.078955][ T5335] ? import_iovec+0x73/0xa0 [ 109.080897][ T5335] ___sys_sendmsg+0x2a5/0x360 [ 109.083243][ T5335] ? __lock_acquire+0x6b5/0x2cf0 [ 109.085365][ T5335] ? __pfx____sys_sendmsg+0x10/0x10 [ 109.087989][ T5335] ? futex_wake+0x4ac/0x580 [ 109.090558][ T5335] ? __fget_files+0x2a/0x420 [ 109.093070][ T5335] ? __fget_files+0x3a0/0x420 [ 109.095002][ T5335] __x64_sys_sendmsg+0x1bd/0x2a0 [ 109.096967][ T5335] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 109.099258][ T5335] ? rcu_is_watching+0x15/0xb0 [ 109.101136][ T5335] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.103468][ T5335] do_syscall_64+0x174/0x580 [ 109.105692][ T5335] ? trace_irq_disable+0x3b/0x140 [ 109.107932][ T5335] ? clear_bhb_loop+0x40/0x90 [ 109.110072][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.112920][ T5335] RIP: 0033:0x7f407259ce59 [ 109.114811][ T5335] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 109.122696][ T5335] RSP: 002b:00007f406e9f4fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 109.125905][ T5335] RAX: ffffffffffffffda RBX: 00007f4072816090 RCX: 00007f407259ce59 [ 109.129773][ T5335] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000006 [ 109.133166][ T5335] RBP: 00007f4072632d6f R08: 0000000000000000 R09: 0000000000000000 [ 109.136222][ T5335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.139319][ T5335] R13: 00007f4072816128 R14: 00007f4072816090 R15: 00007fff6cd5d798 [ 109.143902][ T5335] [ 109.145349][ T5335] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 109.148771][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 109.152732][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 109.156788][ T5335] Call Trace: [ 109.158306][ T5335] [ 109.159641][ T5335] vpanic+0x56c/0xa60 [ 109.161281][ T5335] ? __pfx__printk+0x10/0x10 [ 109.163225][ T5335] ? __pfx_vpanic+0x10/0x10 [ 109.165290][ T5335] ? is_bpf_text_address+0x292/0x2b0 [ 109.167606][ T5335] ? is_bpf_text_address+0x26/0x2b0 [ 109.169976][ T5335] panic+0xc5/0xd0 [ 109.171598][ T5335] ? __pfx_panic+0x10/0x10 [ 109.173749][ T5335] __warn+0x315/0x4c0 [ 109.175657][ T5335] ? rate_control_rate_init+0x64a/0x6e0 [ 109.178390][ T5335] ? rate_control_rate_init+0x64a/0x6e0 [ 109.180866][ T5335] __report_bug+0x29a/0x540 [ 109.183039][ T5335] ? rate_control_rate_init+0x64a/0x6e0 [ 109.185392][ T5335] ? __pfx___report_bug+0x10/0x10 [ 109.187489][ T5335] ? __lock_acquire+0x6b5/0x2cf0 [ 109.189693][ T5335] ? __lock_acquire+0x6b5/0x2cf0 [ 109.192589][ T5335] ? rate_control_rate_init+0x64a/0x6e0 [ 109.194954][ T5335] report_bug+0x16a/0x220 [ 109.197086][ T5335] ? rate_control_rate_init+0x64a/0x6e0 [ 109.199392][ T5335] ? rate_control_rate_init+0x64c/0x6e0 [ 109.201614][ T5335] handle_bug+0x9c/0x200 [ 109.203394][ T5335] exc_invalid_op+0x1a/0x50 [ 109.205355][ T5335] asm_exc_invalid_op+0x1a/0x20 [ 109.207457][ T5335] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 109.210041][ T5335] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 d2 9e a9 f6 90 0f 0b 90 eb e1 e8 c7 9e a9 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 109.218293][ T5335] RSP: 0018:ffffc9000621efd8 EFLAGS: 00010283 [ 109.220903][ T5335] RAX: ffffffff8b1c2849 RBX: ffff888012e38000 RCX: 0000000000100000 [ 109.224153][ T5335] RDX: ffffc90020001000 RSI: 0000000000000412 RDI: 0000000000000413 [ 109.227581][ T5335] RBP: 0000000000000000 R08: ffffffff8b1c2363 R09: ffffffff8e95cd20 [ 109.231162][ T5335] R10: dffffc0000000000 R11: ffffed10025c7031 R12: 1ffff110025c700a [ 109.234791][ T5335] R13: ffff88803fd20f20 R14: 0000000000000001 R15: ffffffff8b1c2363 [ 109.238731][ T5335] ? rate_control_rate_init+0x163/0x6e0 [ 109.241170][ T5335] ? rate_control_rate_init+0x163/0x6e0 [ 109.243655][ T5335] ? rate_control_rate_init+0x649/0x6e0 [ 109.246103][ T5335] ? rate_control_rate_init+0x649/0x6e0 [ 109.248492][ T5335] rate_control_rate_init_all_links+0x109/0x1a0 [ 109.251181][ T5335] sta_apply_auth_flags+0x1c2/0x400 [ 109.253421][ T5335] sta_apply_parameters+0x10ac/0x18b0 [ 109.255698][ T5335] ieee80211_add_station+0x3e6/0x710 [ 109.257996][ T5335] rdev_add_station+0xfc/0x290 [ 109.260082][ T5335] nl80211_new_station+0x1cab/0x2130 [ 109.262372][ T5335] ? __pfx_nl80211_new_station+0x10/0x10 [ 109.264872][ T5335] ? __rtnl_unlock+0xc8/0xf0 [ 109.266977][ T5335] genl_family_rcv_msg_doit+0x22a/0x330 [ 109.269413][ T5335] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 109.272060][ T5335] ? bpf_lsm_capable+0x9/0x20 [ 109.274167][ T5335] ? security_capable+0x7e/0x2c0 [ 109.276386][ T5335] genl_rcv_msg+0x61c/0x7a0 [ 109.278499][ T5335] ? __pfx_genl_rcv_msg+0x10/0x10 [ 109.280618][ T5335] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 109.282982][ T5335] ? __pfx_nl80211_new_station+0x10/0x10 [ 109.285316][ T5335] ? __pfx_nl80211_post_doit+0x10/0x10 [ 109.287687][ T5335] ? __pfx_ref_tracker_free+0x10/0x10 [ 109.289938][ T5335] netlink_rcv_skb+0x232/0x4b0 [ 109.291985][ T5335] ? __pfx_genl_rcv_msg+0x10/0x10 [ 109.294076][ T5335] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 109.296318][ T5335] ? down_read+0x270/0x2e0 [ 109.298357][ T5335] ? genl_rcv+0xd/0x40 [ 109.300163][ T5335] genl_rcv+0x28/0x40 [ 109.301882][ T5335] netlink_unicast+0x75c/0x8e0 [ 109.303926][ T5335] netlink_sendmsg+0x813/0xb40 [ 109.306070][ T5335] ? __pfx_netlink_sendmsg+0x10/0x10 [ 109.308489][ T5335] ? aa_sock_msg_perm+0xf1/0x1b0 [ 109.310805][ T5335] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 109.313286][ T5335] ____sys_sendmsg+0x972/0x9f0 [ 109.315469][ T5335] ? __might_fault+0xaf/0x130 [ 109.317559][ T5335] ? __pfx_____sys_sendmsg+0x10/0x10 [ 109.319881][ T5335] ? import_iovec+0x73/0xa0 [ 109.321882][ T5335] ___sys_sendmsg+0x2a5/0x360 [ 109.323975][ T5335] ? __lock_acquire+0x6b5/0x2cf0 [ 109.326063][ T5335] ? __pfx____sys_sendmsg+0x10/0x10 [ 109.328323][ T5335] ? futex_wake+0x4ac/0x580 [ 109.330357][ T5335] ? __fget_files+0x2a/0x420 [ 109.332424][ T5335] ? __fget_files+0x3a0/0x420 [ 109.334556][ T5335] __x64_sys_sendmsg+0x1bd/0x2a0 [ 109.336620][ T5335] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 109.339040][ T5335] ? rcu_is_watching+0x15/0xb0 [ 109.341008][ T5335] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.343753][ T5335] do_syscall_64+0x174/0x580 [ 109.345798][ T5335] ? trace_irq_disable+0x3b/0x140 [ 109.348040][ T5335] ? clear_bhb_loop+0x40/0x90 [ 109.350293][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.353052][ T5335] RIP: 0033:0x7f407259ce59 [ 109.354957][ T5335] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 109.363132][ T5335] RSP: 002b:00007f406e9f4fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 109.366452][ T5335] RAX: ffffffffffffffda RBX: 00007f4072816090 RCX: 00007f407259ce59 [ 109.369622][ T5335] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000006 [ 109.372655][ T5335] RBP: 00007f4072632d6f R08: 0000000000000000 R09: 0000000000000000 [ 109.375848][ T5335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.379227][ T5335] R13: 00007f4072816128 R14: 00007f4072816090 R15: 00007fff6cd5d798 [ 109.382728][ T5335] [ 109.384513][ T5335] Kernel Offset: disabled [ 109.386558][ T5335] Rebooting in 86400 seconds..