program: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_adj\x00') r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000003c0)={0x18, 0x69, 0x1, 0x0, 0x1, "", [@typed={0xfffffe80, 0x700, 0x0, 0x0, @binary="c9"}]}, 0x18}], 0x1}, 0x0) writev(r0, &(0x7f0000000600)=[{&(0x7f00000000c0)='1', 0x1}, {&(0x7f00000001c0)='\v', 0x1}], 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x8) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000001480)={0x70, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x31, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0x7, 0x20}}, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x70}}, 0x0) r5 = epoll_create(0x10000e8) r6 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r8 = fcntl$dupfd(r6, 0x0, r7) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r8, &(0x7f0000000240)) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) r10 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r10, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x2404c854) r11 = socket$kcm(0x10, 0x2, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sendmsg$inet(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000280)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f4080003000601000004000200110000", 0x5b}, {&(0x7f0000000680)='\'', 0x1}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r9, 0x84, 0x77, &(0x7f0000000180)={r12}, 0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r14 = socket$nl_generic(0x10, 0x3, 0x10) r15 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r13, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r14, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000000)={0x3c, r15, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r16}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1000}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) socket$kcm(0x10, 0x3, 0x0) [ 75.384580][ T4663] Bluetooth: hci0: command tx timeout [ 75.422413][ T5318] syz.0.0 (5318): /proc/5317/oom_adj is deprecated, please use /proc/5317/oom_score_adj instead. [ 75.544665][ T5319] ------------[ cut here ]------------ [ 75.547147][ T5319] WARNING: CPU: 0 PID: 5319 at net/mac80211/rate.c:53 rate_control_rate_init+0x64a/0x6e0 [ 75.551489][ T5319] Modules linked in: [ 75.553794][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 75.559146][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.564131][ T5319] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 75.566738][ T5319] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 02 92 f2 f6 90 0f 0b 90 eb e1 e8 f7 91 f2 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 75.575029][ T5319] RSP: 0018:ffffc9000d676fc8 EFLAGS: 00010283 [ 75.577636][ T5319] RAX: ffffffff8acd3e59 RBX: ffff888043988000 RCX: 0000000000100000 [ 75.580988][ T5319] RDX: ffffc9000ebc9000 RSI: 0000000000000345 RDI: 0000000000000346 [ 75.584367][ T5319] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 75.587603][ T5319] R10: 0000000000000000 R11: ffffffff8acd3973 R12: 1ffff1100873100a [ 75.590852][ T5319] R13: ffff888042b90e40 R14: 0000000000000001 R15: ffffffff8acd3973 [ 75.594232][ T5319] FS: 00007faafc0106c0(0000) GS:ffff88808d6cc000(0000) knlGS:0000000000000000 [ 75.597911][ T5319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.600829][ T5319] CR2: 00007faafc00efb8 CR3: 000000003c93d000 CR4: 0000000000352ef0 [ 75.604304][ T5319] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.607693][ T5319] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.611075][ T5319] Call Trace: [ 75.612688][ T5319] [ 75.613993][ T5319] rate_control_rate_init_all_links+0x109/0x1a0 [ 75.616546][ T5319] sta_apply_auth_flags+0x1c2/0x400 [ 75.618702][ T5319] sta_apply_parameters+0xde1/0x14e0 [ 75.621069][ T5319] ieee80211_add_station+0x424/0x6a0 [ 75.623551][ T5319] rdev_add_station+0x105/0x290 [ 75.625699][ T5319] nl80211_new_station+0x16b6/0x1ab0 [ 75.627929][ T5319] ? __pfx_nl80211_new_station+0x10/0x10 [ 75.630423][ T5319] ? netdev_run_todo+0xe1d/0xea0 [ 75.632824][ T5319] ? nl80211_pre_doit+0x4f1/0x930 [ 75.635066][ T5319] genl_family_rcv_msg_doit+0x212/0x300 [ 75.637671][ T5319] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 75.640278][ T5319] ? bpf_lsm_capable+0x9/0x20 [ 75.642596][ T5319] ? security_capable+0x7e/0x2e0 [ 75.644701][ T5319] genl_rcv_msg+0x60e/0x790 [ 75.646796][ T5319] ? __pfx_genl_rcv_msg+0x10/0x10 [ 75.649201][ T5319] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 75.651617][ T5319] ? __pfx_nl80211_new_station+0x10/0x10 [ 75.653998][ T5319] ? __pfx_nl80211_post_doit+0x10/0x10 [ 75.656268][ T5319] ? ref_tracker_free+0x63a/0x7d0 [ 75.658388][ T5319] ? __copy_skb_header+0xa7/0x550 [ 75.660672][ T5319] netlink_rcv_skb+0x219/0x490 [ 75.662888][ T5319] ? __pfx_genl_rcv_msg+0x10/0x10 [ 75.665057][ T5319] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 75.667349][ T5319] ? down_read+0x1ad/0x2e0 [ 75.669292][ T5319] genl_rcv+0x28/0x40 [ 75.671122][ T5319] netlink_unicast+0x758/0x8d0 [ 75.673454][ T5319] netlink_sendmsg+0x805/0xb30 [ 75.675448][ T5319] ? __pfx_netlink_sendmsg+0x10/0x10 [ 75.677669][ T5319] ? aa_sock_msg_perm+0x94/0x160 [ 75.679750][ T5319] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 75.682096][ T5319] ? __pfx_netlink_sendmsg+0x10/0x10 [ 75.684389][ T5319] __sock_sendmsg+0x219/0x270 [ 75.686510][ T5319] ____sys_sendmsg+0x505/0x830 [ 75.688582][ T5319] ? __pfx_____sys_sendmsg+0x10/0x10 [ 75.690948][ T5319] ? import_iovec+0x74/0xa0 [ 75.693090][ T5319] ___sys_sendmsg+0x21f/0x2a0 [ 75.695192][ T5319] ? __pfx____sys_sendmsg+0x10/0x10 [ 75.697501][ T5319] ? __fget_files+0x2a/0x420 [ 75.699594][ T5319] ? __fget_files+0x3a0/0x420 [ 75.701620][ T5319] __x64_sys_sendmsg+0x19b/0x260 [ 75.703729][ T5319] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 75.705935][ T5319] ? do_syscall_64+0xba/0x210 [ 75.707790][ T5319] do_syscall_64+0xf6/0x210 [ 75.709655][ T5319] ? clear_bhb_loop+0x45/0xa0 [ 75.711565][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.714042][ T5319] RIP: 0033:0x7faafb18e969 [ 75.715816][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.723827][ T5319] RSP: 002b:00007faafc010038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 75.727242][ T5319] RAX: ffffffffffffffda RBX: 00007faafb3b6080 RCX: 00007faafb18e969 [ 75.730599][ T5319] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 000000000000000f [ 75.734110][ T5319] RBP: 00007faafb210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 75.737595][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.741207][ T5319] R13: 0000000000000000 R14: 00007faafb3b6080 R15: 00007ffcb0249128 [ 75.744732][ T5319] [ 75.746212][ T5319] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.749465][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 75.754190][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.758429][ T5319] Call Trace: [ 75.759768][ T5319] [ 75.760971][ T5319] dump_stack_lvl+0x99/0x250 [ 75.762869][ T5319] ? __asan_memcpy+0x40/0x70 [ 75.764809][ T5319] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.767038][ T5319] ? __pfx__printk+0x10/0x10 [ 75.769183][ T5319] panic+0x2db/0x790 [ 75.770984][ T5319] ? __pfx_panic+0x10/0x10 [ 75.772990][ T5319] ? show_trace_log_lvl+0x4fb/0x550 [ 75.775332][ T5319] __warn+0x31b/0x4b0 [ 75.777097][ T5319] ? rate_control_rate_init+0x64a/0x6e0 [ 75.779488][ T5319] ? rate_control_rate_init+0x64a/0x6e0 [ 75.781802][ T5319] report_bug+0x2be/0x4f0 [ 75.783672][ T5319] ? rate_control_rate_init+0x64a/0x6e0 [ 75.786098][ T5319] ? rate_control_rate_init+0x64a/0x6e0 [ 75.788398][ T5319] ? rate_control_rate_init+0x64c/0x6e0 [ 75.790823][ T5319] handle_bug+0x84/0x160 [ 75.792681][ T5319] exc_invalid_op+0x1a/0x50 [ 75.794661][ T5319] asm_exc_invalid_op+0x1a/0x20 [ 75.796817][ T5319] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 75.799490][ T5319] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 02 92 f2 f6 90 0f 0b 90 eb e1 e8 f7 91 f2 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 75.807889][ T5319] RSP: 0018:ffffc9000d676fc8 EFLAGS: 00010283 [ 75.810631][ T5319] RAX: ffffffff8acd3e59 RBX: ffff888043988000 RCX: 0000000000100000 [ 75.814164][ T5319] RDX: ffffc9000ebc9000 RSI: 0000000000000345 RDI: 0000000000000346 [ 75.817584][ T5319] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 75.821048][ T5319] R10: 0000000000000000 R11: ffffffff8acd3973 R12: 1ffff1100873100a [ 75.824437][ T5319] R13: ffff888042b90e40 R14: 0000000000000001 R15: ffffffff8acd3973 [ 75.827851][ T5319] ? rate_control_rate_init+0x163/0x6e0 [ 75.830195][ T5319] ? rate_control_rate_init+0x163/0x6e0 [ 75.832418][ T5319] ? rate_control_rate_init+0x649/0x6e0 [ 75.834537][ T5319] ? rate_control_rate_init+0x649/0x6e0 [ 75.836887][ T5319] rate_control_rate_init_all_links+0x109/0x1a0 [ 75.839578][ T5319] sta_apply_auth_flags+0x1c2/0x400 [ 75.841871][ T5319] sta_apply_parameters+0xde1/0x14e0 [ 75.844047][ T5319] ieee80211_add_station+0x424/0x6a0 [ 75.846281][ T5319] rdev_add_station+0x105/0x290 [ 75.848338][ T5319] nl80211_new_station+0x16b6/0x1ab0 [ 75.850668][ T5319] ? __pfx_nl80211_new_station+0x10/0x10 [ 75.853060][ T5319] ? netdev_run_todo+0xe1d/0xea0 [ 75.855219][ T5319] ? nl80211_pre_doit+0x4f1/0x930 [ 75.857449][ T5319] genl_family_rcv_msg_doit+0x212/0x300 [ 75.859867][ T5319] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 75.862594][ T5319] ? bpf_lsm_capable+0x9/0x20 [ 75.864352][ T5319] ? security_capable+0x7e/0x2e0 [ 75.866429][ T5319] genl_rcv_msg+0x60e/0x790 [ 75.868457][ T5319] ? __pfx_genl_rcv_msg+0x10/0x10 [ 75.870665][ T5319] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 75.872939][ T5319] ? __pfx_nl80211_new_station+0x10/0x10 [ 75.875385][ T5319] ? __pfx_nl80211_post_doit+0x10/0x10 [ 75.877680][ T5319] ? ref_tracker_free+0x63a/0x7d0 [ 75.879964][ T5319] ? __copy_skb_header+0xa7/0x550 [ 75.882232][ T5319] netlink_rcv_skb+0x219/0x490 [ 75.884329][ T5319] ? __pfx_genl_rcv_msg+0x10/0x10 [ 75.886354][ T5319] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 75.888686][ T5319] ? down_read+0x1ad/0x2e0 [ 75.890717][ T5319] genl_rcv+0x28/0x40 [ 75.892522][ T5319] netlink_unicast+0x758/0x8d0 [ 75.894574][ T5319] netlink_sendmsg+0x805/0xb30 [ 75.896480][ T5319] ? __pfx_netlink_sendmsg+0x10/0x10 [ 75.898848][ T5319] ? aa_sock_msg_perm+0x94/0x160 [ 75.900998][ T5319] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 75.903282][ T5319] ? __pfx_netlink_sendmsg+0x10/0x10 [ 75.905527][ T5319] __sock_sendmsg+0x219/0x270 [ 75.907617][ T5319] ____sys_sendmsg+0x505/0x830 [ 75.909769][ T5319] ? __pfx_____sys_sendmsg+0x10/0x10 [ 75.912187][ T5319] ? import_iovec+0x74/0xa0 [ 75.913990][ T5319] ___sys_sendmsg+0x21f/0x2a0 [ 75.915569][ T5319] ? __pfx____sys_sendmsg+0x10/0x10 [ 75.917572][ T5319] ? __fget_files+0x2a/0x420 [ 75.919449][ T5319] ? __fget_files+0x3a0/0x420 [ 75.921520][ T5319] __x64_sys_sendmsg+0x19b/0x260 [ 75.923670][ T5319] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 75.926046][ T5319] ? do_syscall_64+0xba/0x210 [ 75.927910][ T5319] do_syscall_64+0xf6/0x210 [ 75.929629][ T5319] ? clear_bhb_loop+0x45/0xa0 [ 75.931618][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.934135][ T5319] RIP: 0033:0x7faafb18e969 [ 75.935984][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.943571][ T5319] RSP: 002b:00007faafc010038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 75.946935][ T5319] RAX: ffffffffffffffda RBX: 00007faafb3b6080 RCX: 00007faafb18e969 [ 75.950232][ T5319] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 000000000000000f [ 75.953364][ T5319] RBP: 00007faafb210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 75.956936][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.960439][ T5319] R13: 0000000000000000 R14: 00007faafb3b6080 R15: 00007ffcb0249128 [ 75.963891][ T5319] [ 75.966238][ T5319] Kernel Offset: disabled [ 75.968135][ T5319] Rebooting in 86400 seconds..